From 5a7bd07dd6f27c5e2ee7cc3d353a0bb725751983 Mon Sep 17 00:00:00 2001 From: Sofia Boldyreva Date: Mon, 3 Feb 2025 10:50:16 +0100 Subject: [PATCH] Initial commit --- config.yaml | 126 + files/0001-Add-AlmaLinux-8-support.patch | 26347 +++++++++++++++++++++ 2 files changed, 26473 insertions(+) create mode 100644 config.yaml create mode 100644 files/0001-Add-AlmaLinux-8-support.patch diff --git a/config.yaml b/config.yaml new file mode 100644 index 0000000..619022c --- /dev/null +++ b/config.yaml @@ -0,0 +1,126 @@ +actions: + - replace: + - target: "spec" + find: | + %if ( %{defined rhel} && (! %{defined centos}) ) + %package rule-playbooks + Summary: Ansible playbooks per each rule. + Group: System Environment/Base + Requires: %{name} = %{version}-%{release} + + %description rule-playbooks + The %{name}-rule-playbooks package contains individual ansible playbooks per rule. + %endif + replace: | + %package rule-playbooks + Summary: Ansible playbooks per each rule. + Group: System Environment/Base + Requires: %{name} = %{version}-%{release} + + %description rule-playbooks + The %{name}-rule-playbooks package contains individual ansible playbooks per rule. + count: 1 + - target: "spec" + find: | + %cmake \ + -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE \ + -DSSG_PRODUCT_RHEL7:BOOLEAN=TRUE \ + -DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE \ + -DSSG_PRODUCT_FIREFOX:BOOLEAN=TRUE \ + -DSSG_PRODUCT_JRE:BOOLEAN=TRUE \ + %if %{defined centos} + -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \ + %else + -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF \ + %endif + -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF \ + %if ( %{defined rhel} && (! %{defined centos}) ) + -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON \ + %endif + replace: | + %cmake \ + -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE \ + -DSSG_PRODUCT_RHEL7:BOOLEAN=FALSE \ + -DSSG_PRODUCT_RHEL8:BOOLEAN=FALSE \ + -DSSG_PRODUCT_ALMALINUX8:BOOLEAN=TRUE \ + -DSSG_PRODUCT_FIREFOX:BOOLEAN=TRUE \ + -DSSG_PRODUCT_JRE:BOOLEAN=TRUE \ + -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF \ + -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF \ + -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON \ + count: 1 + - target: "spec" + find: | + # Manually install pre-built rhel6 content + cp -r %{_builddir}/%{_static_rhel6_content}/usr %{buildroot} + cp -r %{_builddir}/%{_static_rhel6_content}/tables %{buildroot}%{_docdir}/%{name} + cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name} + + # Manually install pre-built rhel7 content + cp -r %{_builddir}/%{_static_rhel7_content}/usr %{buildroot} + cp -r %{_builddir}/%{_static_rhel7_content}/tables %{buildroot}%{_docdir}/%{name} + cp -r %{_builddir}/%{_static_rhel7_content}/guides %{buildroot}%{_docdir}/%{name} + + # create symlinks for ssg--ds-1.2.xml to ssg--ds.xml + # this is for backward compatibility + ln -s ssg-rhel8-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-rhel8-ds-1.2.xml + ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefox-ds-1.2.xml + replace: | + # Manually install pre-built rhel6 content + # Disabled on AlmaLinux + # cp -r %{_builddir}/%{_static_rhel6_content}/usr %{buildroot} + # cp -r %{_builddir}/%{_static_rhel6_content}/tables %{buildroot}%{_docdir}/%{name} + # cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name} + + # Manually install pre-built rhel7 content + # Disabled on AlmaLinux + # cp -r %{_builddir}/%{_static_rhel7_content}/usr %{buildroot} + # cp -r %{_builddir}/%{_static_rhel7_content}/tables %{buildroot}%{_docdir}/%{name} + # cp -r %{_builddir}/%{_static_rhel7_content}/guides %{buildroot}%{_docdir}/%{name} + + # create symlinks for ssg--ds-1.2.xml to ssg--ds.xml + # this is for backward compatibility + ln -s ssg-almalinux8-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-almalinux8-ds-1.2.xml + ln -s ssg-firefox-ds.xml %{buildroot}%{_datadir}/xml/scap/ssg/content/ssg-firefox-ds-1.2.xml + count: 1 + - target: "spec" + find: | + %if ( %{defined rhel} && (! %{defined centos}) ) + %exclude %{_datadir}/%{name}/ansible/rule_playbooks + %endif + + %files doc + %doc %{_docdir}/%{name}/guides/*.html + %doc %{_docdir}/%{name}/tables/*.html + + %if ( %{defined rhel} && (! %{defined centos}) ) + %files rule-playbooks + %defattr(-,root,root,-) + %{_datadir}/%{name}/ansible/rule_playbooks + %endif + replace: | + %exclude %{_datadir}/%{name}/ansible/rule_playbooks + + %files doc + %doc %{_docdir}/%{name}/guides/*.html + %doc %{_docdir}/%{name}/tables/*.html + + %files rule-playbooks + %defattr(-,root,root,-) + %{_datadir}/%{name}/ansible/rule_playbooks + count: 1 + + - modify_release: + - suffix: ".alma.1" + enabled: true + + - changelog_entry: + - name: "Andrei Lukoshko" + email: "alukoshko@almalinux.org" + line: + - "Add AlmaLinux support" + + - add_files: + - type: "patch" + name: "0001-Add-AlmaLinux-8-support.patch" + number: 1001 diff --git a/files/0001-Add-AlmaLinux-8-support.patch b/files/0001-Add-AlmaLinux-8-support.patch new file mode 100644 index 0000000..8ba27a1 --- /dev/null +++ b/files/0001-Add-AlmaLinux-8-support.patch @@ -0,0 +1,26347 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 59e3de4d5..d7b8c0c58 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -87,6 +87,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui + # project. Note that the example product is always disabled unless explicitly asked for. + option(SSG_PRODUCT_ALINUX2 "If enabled, the Alibaba Cloud Linux 2 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_ALINUX3 "If enabled, the Alibaba Cloud Linux 3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) ++option(SSG_PRODUCT_ALMALINUX8 "If enabled, the AlmaLinux 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_ANOLIS8 "If enabled, the Anolis OS 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_ANOLIS23 "If enabled, the Anolis OS 23 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) +@@ -317,6 +318,7 @@ message(STATUS " ") + message(STATUS "Products:") + message(STATUS "Alibaba Cloud Linux 2: ${SSG_PRODUCT_ALINUX2}") + message(STATUS "Alibaba Cloud Linux 3: ${SSG_PRODUCT_ALINUX3}") ++message(STATUS "AlmaLinux 8: ${SSG_PRODUCT_ALMALINUX8}") + message(STATUS "Anolis OS 8: ${SSG_PRODUCT_ANOLIS8}") + message(STATUS "Anolis OS 23: ${SSG_PRODUCT_ANOLIS23}") + message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}") +@@ -382,6 +384,9 @@ endif() + if(SSG_PRODUCT_ALINUX3) + add_subdirectory("products/alinux3" "alinux3") + endif() ++if(SSG_PRODUCT_ALMALINUX8) ++ add_subdirectory("products/almalinux8" "almalinux8") ++endif() + if(SSG_PRODUCT_ANOLIS8) + add_subdirectory("products/anolis8" "anolis8") + endif() +diff --git a/build_product b/build_product +index 8685fffc6..6677ccd71 100755 +--- a/build_product ++++ b/build_product +@@ -359,6 +359,7 @@ all_cmake_products=( + AL2023 + ALINUX2 + ALINUX3 ++ ALMALINUX8 + ANOLIS8 + ANOLIS23 + CHROMIUM +diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake +index 65c96459a..d51b8ce22 100644 +--- a/cmake/SSGCommon.cmake ++++ b/cmake/SSGCommon.cmake +@@ -777,7 +777,7 @@ macro(ssg_build_product PRODUCT) + ssg_render_policies_for_product(${PRODUCT}) + add_dependencies(render-policies ${PRODUCT}-render-policies) + +- if(SSG_BUILD_DISA_DELTA_FILES AND "${PRODUCT}" MATCHES "rhel(7|8)") ++ if(SSG_BUILD_DISA_DELTA_FILES AND "${PRODUCT}" MATCHES "almalinux8") + ssg_build_disa_delta(${PRODUCT} "stig") + add_dependencies(${PRODUCT} generate-ssg-delta-${PRODUCT}-stig) + endif() +diff --git a/components/rpm.yml b/components/rpm.yml +index f32f248ad..8a05dca3f 100644 +--- a/components/rpm.yml ++++ b/components/rpm.yml +@@ -9,6 +9,7 @@ rules: + - dnf-automatic_apply_updates + - dnf-automatic_security_updates_only + - ensure_GPG_keys_are_configured ++- ensure_almalinux_gpgkey_installed + - ensure_fedora_gpgkey_installed + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_local_packages +diff --git a/controls/anssi.yml b/controls/anssi.yml +index a03a06d56..0ef44c461 100644 +--- a/controls/anssi.yml ++++ b/controls/anssi.yml +@@ -1244,7 +1244,7 @@ controls: + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_local_packages +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_oracle_gpgkey_installed + + - id: R60 +@@ -1363,16 +1363,13 @@ controls: + When authentication takes place through a remote application (network), + the authentication protocol used by PAM must be secure (flow encryption, + remote server authentication, anti-replay mechanisms, ...). +- {{% if "rhel" in product or "ol" in families %}} + notes: |- + In {{{ full_name }}} systems, remote authentication is handled through sssd service. + PAM delegates requests for remote authentication to this service through a + local Unix socket. The sssd service can use IPA, AD or LDAP as a remote + database containing information required for authentication. In case IPA or AD is configured through a documented way, the connection is secured by default. In case LDAP is configured manually, there are several configuration options which should be chedked. +- {{% if product in ["rhel8"] %}} + An allternative solution is to use nss-pam-ldapd package. + In case this package is used, we make sure that SSL is turned on and certificate is configured. +- {{% endif %}} + status: automated + rules: + - package_sssd_installed +@@ -1380,16 +1377,10 @@ controls: + - sssd_enable_pam_services + - sssd_ldap_configure_tls_reqcert + - sssd_ldap_start_tls +- {{% if product in ["rhel8","ol8"] %}} + - ldap_client_start_tls + - ldap_client_tls_cacertpath +- {{% endif %}} + related_rules: + - package_sssd-ipa_installed +- {{% else %}} +- notes: We cannot automate securing of remote PAM authentication in a general way. +- status: manual +- {{% endif %}} + + - id: R68 + title: Protecting stored passwords +@@ -1419,20 +1410,14 @@ controls: + When the user databases are stored on a remote network service, NSS must + be configured to establish a secure link that allows, at minimum, to + authenticate the server and protect the communication channel. +- {{% if "rhel" in product or "ol" in families %}} + notes: |- + A nsswitch service connecting to remote database is provided by sssd. This is checked in requirement R67. + Another such service is winbind which is by default configured to connect + securely to Samba domains. + Other relevant services are NIS and Hesiod. These should not be used. + status: automated +- {{% if product in ["rhel8","ol8"] %}} + rules: + - no_nis_in_nsswitch +- {{% endif %}} +- {{% else %}} +- status: pending +- {{% endif %}} + + + - id: R70 +diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml +index 825328bc2..f8f2e295a 100644 +--- a/controls/cis_rhel10.yml ++++ b/controls/cis_rhel10.yml +@@ -365,7 +365,7 @@ controls: + - l1_workstation + status: manual + related_rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + + - id: 1.2.1.2 + title: Ensure gpgcheck is globally activated (Automated) +diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml +index 95b94d22f..1840be10e 100644 +--- a/controls/cis_rhel8.yml ++++ b/controls/cis_rhel8.yml +@@ -353,7 +353,7 @@ controls: + - l1_workstation + status: manual + related_rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + + - id: 1.2.2 + title: Ensure gpgcheck is globally activated (Automated) +diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml +index 9004c8426..916505823 100644 +--- a/controls/cis_rhel9.yml ++++ b/controls/cis_rhel9.yml +@@ -360,7 +360,7 @@ controls: + - l1_workstation + status: manual + related_rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + + - id: 1.2.1.2 + title: Ensure gpgcheck is globally activated (Automated) +diff --git a/controls/e8.yml b/controls/e8.yml +index 49a58ef29..ebbffc918 100644 +--- a/controls/e8.yml ++++ b/controls/e8.yml +@@ -23,7 +23,7 @@ controls: + - service_avahi-daemon_disabled + - package_squid_removed + - service_squid_disabled +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_globally_activated +diff --git a/controls/hipaa.yml b/controls/hipaa.yml +index 3de4d53c2..8e5d4f27d 100644 +--- a/controls/hipaa.yml ++++ b/controls/hipaa.yml +@@ -163,7 +163,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + status: automated + +@@ -1377,7 +1377,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + status: automated + +@@ -1407,7 +1407,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + status: automated + +@@ -1426,7 +1426,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + status: automated + +@@ -1699,7 +1699,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + status: automated + +diff --git a/controls/ospp.yml b/controls/ospp.yml +index 8e3f400ed..4d724aa2b 100644 +--- a/controls/ospp.yml ++++ b/controls/ospp.yml +@@ -448,7 +448,7 @@ controls: + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + status: automated + + - id: FPT_TUD_EXT.2 +@@ -462,7 +462,7 @@ controls: + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + status: automated + + - id: FPT_TST_EXT.1 +diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml +index 17b688dfa..23bbc421c 100644 +--- a/controls/pcidss_4.yml ++++ b/controls/pcidss_4.yml +@@ -1554,7 +1554,7 @@ controls: + - base + status: automated + rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_never_disabled +diff --git a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml +index dbec9fe45..c237f1be4 100644 +--- a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml ++++ b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml +@@ -21,5 +21,8 @@ controls: + {{% if 'ol' in product %}} + - ensure_oracle_gpgkey_installed + {{% endif %}} ++ {{% if 'almalinux' in product %}} ++ - ensure_almalinux_gpgkey_installed ++ {{% endif %}} + + status: automated +diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml +index b7197b06a..aa351548c 100644 +--- a/controls/stig_rhel9.yml ++++ b/controls/stig_rhel9.yml +@@ -377,7 +377,7 @@ controls: + - medium + title: RHEL 9 must ensure cryptographic verification of vendor software packages. + rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + status: automated + + - id: RHEL-09-214015 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml +index e6bebd450..f7e5aafe7 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml +@@ -58,7 +58,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 + stigid@ol7: OL07-00-030410 + stigid@ol8: OL08-00-030490 +- stigid@rhel8: RHEL-08-030490 ++ stigid@almalinux8: RHEL-08-030490 + stigid@sle12: SLES-12-020460 + stigid@sle15: SLES-15-030290 + stigid@ubuntu2004: UBTU-20-010152 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml +index cf3b21bf6..206da499d 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml +@@ -58,7 +58,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 + stigid@ol7: OL07-00-030370 + stigid@ol8: OL08-00-030480 +- stigid@rhel8: RHEL-08-030480 ++ stigid@almalinux8: RHEL-08-030480 + stigid@sle12: SLES-12-020420 + stigid@sle15: SLES-15-030250 + stigid@ubuntu2004: UBTU-20-010148 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml +index a7f46731e..5fc3d44ca 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 + stigid@ol7: OL07-00-030410 + stigid@ol8: OL08-00-030490 +- stigid@rhel8: RHEL-08-030490 ++ stigid@almalinux8: RHEL-08-030490 + stigid@sle12: SLES-12-020460 + stigid@sle15: SLES-15-030290 + stigid@ubuntu2004: UBTU-20-010152 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml +index b3364fc80..1b969719b 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 + stigid@ol7: OL07-00-030410 + stigid@ol8: OL08-00-030490 +- stigid@rhel8: RHEL-08-030490 ++ stigid@almalinux8: RHEL-08-030490 + stigid@sle12: SLES-12-020460 + stigid@sle15: SLES-15-030290 + stigid@ubuntu2004: UBTU-20-010152 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml +index 7c5693c16..4f573385c 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml +@@ -58,7 +58,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 + stigid@ol7: OL07-00-030370 + stigid@ol8: OL08-00-030480 +- stigid@rhel8: RHEL-08-030480 ++ stigid@almalinux8: RHEL-08-030480 + stigid@sle12: SLES-12-020420 + stigid@sle15: SLES-15-030250 + stigid@ubuntu2004: UBTU-20-010148 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml +index 737e93b2c..55c76bd4b 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 + stigid@ol7: OL07-00-030370 + stigid@ol8: OL08-00-030480 +- stigid@rhel8: RHEL-08-030480 ++ stigid@almalinux8: RHEL-08-030480 + stigid@sle12: SLES-12-020420 + stigid@sle15: SLES-15-030250 + stigid@ubuntu2004: UBTU-20-010148 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +index 2f100463b..798dcb4e1 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +@@ -73,7 +73,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000468-GPOS-00212,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000499-CTR-001255 + stigid@ol7: OL07-00-030440 + stigid@ol8: OL08-00-030200 +- stigid@rhel8: RHEL-08-030200 ++ stigid@almalinux8: RHEL-08-030200 + stigid@sle12: SLES-12-020370 + stigid@sle15: SLES-15-030190 + stigid@ubuntu2004: UBTU-20-010147 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +index d61618227..57509f135 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +@@ -67,7 +67,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000466-GPOS-00210,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 + stigid@ol7: OL07-00-030440 + stigid@ol8: OL08-00-030200 +- stigid@rhel8: RHEL-08-030200 ++ stigid@almalinux8: RHEL-08-030200 + stigid@sle12: SLES-12-020370 + stigid@sle15: SLES-15-030190 + stigid@ubuntu2004: UBTU-20-010144 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml +index 9ea9c6dae..ea9541036 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml +@@ -59,7 +59,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 + stigid@ol7: OL07-00-030370 + stigid@ol8: OL08-00-030480 +- stigid@rhel8: RHEL-08-030480 ++ stigid@almalinux8: RHEL-08-030480 + stigid@sle12: SLES-12-020420 + stigid@sle15: SLES-15-030250 + stigid@ubuntu2004: UBTU-20-010148 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml +index 680e67380..9467cfde6 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml +@@ -72,7 +72,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 + stigid@ol7: OL07-00-030440 + stigid@ol8: OL08-00-030200 +- stigid@rhel8: RHEL-08-030200 ++ stigid@almalinux8: RHEL-08-030200 + stigid@sle12: SLES-12-020370 + stigid@sle15: SLES-15-030190 + stigid@ubuntu2004: UBTU-20-010146 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +index ec9986acf..c070d926b 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +@@ -67,7 +67,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000466-GPOS-00210,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 + stigid@ol7: OL07-00-030440 + stigid@ol8: OL08-00-030200 +- stigid@rhel8: RHEL-08-030200 ++ stigid@almalinux8: RHEL-08-030200 + stigid@sle12: SLES-12-020370 + stigid@sle15: SLES-15-030190 + stigid@ubuntu2004: UBTU-20-010143 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +index c9f5d6167..cb0fcc0d4 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +@@ -71,7 +71,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000064-GPOS-00033,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 + stigid@ol7: OL07-00-030440 + stigid@ol8: OL08-00-030200 +- stigid@rhel8: RHEL-08-030200 ++ stigid@almalinux8: RHEL-08-030200 + stigid@sle12: SLES-12-020370 + stigid@sle15: SLES-15-030190 + stigid@ubuntu2004: UBTU-20-010145 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +index 23641d310..74e0f6661 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +@@ -67,7 +67,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000466-GPOS-00210,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-APP-000091-CTR-000160,SRG-APP-000492-CTR-001220,SRG-APP-000493-CTR-001225,SRG-APP-000494-CTR-001230,SRG-APP-000500-CTR-001260,SRG-APP-000507-CTR-001295,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030440 + stigid@ol8: OL08-00-030200 +- stigid@rhel8: RHEL-08-030200 ++ stigid@almalinux8: RHEL-08-030200 + stigid@sle12: SLES-12-020370 + stigid@sle15: SLES-15-030190 + stigid@ubuntu2004: UBTU-20-010142 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml +index 122e7f039..42e04c66d 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml +@@ -39,7 +39,7 @@ references: + nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a) + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 + stigid@ol8: OL08-00-030570 +- stigid@rhel8: RHEL-08-030570 ++ stigid@almalinux8: RHEL-08-030570 + stigid@sle12: SLES-12-020620 + stigid@sle15: SLES-15-030440 + stigid@ubuntu2004: UBTU-20-010168 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml +index 2709c0194..34972cd3a 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml +@@ -38,7 +38,7 @@ references: + nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a) + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 + stigid@ol8: OL08-00-030330 +- stigid@rhel8: RHEL-08-030330 ++ stigid@almalinux8: RHEL-08-030330 + stigid@sle12: SLES-12-020610 + stigid@sle15: SLES-15-030430 + stigid@ubuntu2004: UBTU-20-010167 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +index cf9c4a921..b5e598077 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +@@ -59,7 +59,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000463-GPOS-00207,SRG-OS-000465-GPOS-00209,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 + stigid@ol7: OL07-00-030580 + stigid@ol8: OL08-00-030260 +- stigid@rhel8: RHEL-08-030260 ++ stigid@almalinux8: RHEL-08-030260 + stigid@sle12: SLES-12-020630 + stigid@sle15: SLES-15-030450 + stigid@ubuntu2004: UBTU-20-010165 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml +index 4f82ad52f..286057025 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000463-GPOS-00207,SRG-OS-000465-GPOS-00209,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250 + stigid@ol7: OL07-00-030560 + stigid@ol8: OL08-00-030313 +- stigid@rhel8: RHEL-08-030313 ++ stigid@almalinux8: RHEL-08-030313 + + {{{ ocil_fix_srg_privileged_command("semanage", "/usr/sbin/", "privileged-unix-update") }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml +index 0a50c48a2..0afecada6 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml +@@ -46,7 +46,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000463-GPOS-00207,SRG-OS-000465-GPOS-00209,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250 + stigid@ol7: OL07-00-030590 + stigid@ol8: OL08-00-030314 +- stigid@rhel8: RHEL-08-030314 ++ stigid@almalinux8: RHEL-08-030314 + + {{{ ocil_fix_srg_privileged_command("setfiles", "/usr/sbin/", "privileged-unix-update") }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml +index c518e6d67..b9cd3277f 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000463-GPOS-00207,SRG-OS-000465-GPOS-00209,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250 + stigid@ol7: OL07-00-030570 + stigid@ol8: OL08-00-030316 +- stigid@rhel8: RHEL-08-030316 ++ stigid@almalinux8: RHEL-08-030316 + + {{{ ocil_fix_srg_privileged_command("setsebool", "/usr/sbin/", "privileged") }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh +index 53e61fb25..e9a0edcde 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # Perform the remediation for the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml +index 34a2c9e89..fa6cf8dbb 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml +@@ -53,7 +53,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 + stigid@ol7: OL07-00-030910 + stigid@ol8: OL08-00-030361 +- stigid@rhel8: RHEL-08-030361 ++ stigid@almalinux8: RHEL-08-030361 + stigid@ubuntu2004: UBTU-20-010267 + stigid@ubuntu2204: UBTU-22-654185 + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml +index effea5c05..4e2e5346e 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml +@@ -50,7 +50,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 + stigid@ol7: OL07-00-030910 + stigid@ol8: OL08-00-030361 +- stigid@rhel8: RHEL-08-030361 ++ stigid@almalinux8: RHEL-08-030361 + stigid@ubuntu2004: UBTU-20-010267 + stigid@ubuntu2204: UBTU-22-654185 + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml +index ab5a8cff6..8b6d610da 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml +@@ -49,7 +49,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 + stigid@ol7: OL07-00-030910 + stigid@ol8: OL08-00-030361 +- stigid@rhel8: RHEL-08-030361 ++ stigid@almalinux8: RHEL-08-030361 + stigid@ubuntu2004: UBTU-20-010267 + stigid@ubuntu2204: UBTU-22-654185 + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml +index dd8371ba2..adb014c81 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml +@@ -53,7 +53,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 + stigid@ol7: OL07-00-030910 + stigid@ol8: OL08-00-030361 +- stigid@rhel8: RHEL-08-030361 ++ stigid@almalinux8: RHEL-08-030361 + stigid@ubuntu2004: UBTU-20-010267 + stigid@ubuntu2204: UBTU-22-654185 + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml +index f871dd645..21236561c 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml +@@ -50,7 +50,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 + stigid@ol7: OL07-00-030910 + stigid@ol8: OL08-00-030361 +- stigid@rhel8: RHEL-08-030361 ++ stigid@almalinux8: RHEL-08-030361 + stigid@ubuntu2004: UBTU-20-010267 + stigid@ubuntu2204: UBTU-22-654185 + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh +index 8a48783f6..b846f8113 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # Perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +index 1146fe8fd..f3d479376 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +@@ -62,7 +62,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030510 + stigid@ol8: OL08-00-030420 +- stigid@rhel8: RHEL-08-030420 ++ stigid@almalinux8: RHEL-08-030420 + stigid@sle12: SLES-12-020490 + stigid@sle15: SLES-15-030150 + stigid@ubuntu2004: UBTU-20-010155 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +index 401a76aa7..105d9a69a 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +@@ -62,7 +62,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030510 + stigid@ol8: OL08-00-030420 +- stigid@rhel8: RHEL-08-030420 ++ stigid@almalinux8: RHEL-08-030420 + stigid@sle12: SLES-12-020490 + stigid@sle15: SLES-15-030150 + stigid@ubuntu2004: UBTU-20-010155 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +index d40e5cecc..74615a3e2 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +@@ -66,7 +66,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030510 + stigid@ol8: OL08-00-030420 +- stigid@rhel8: RHEL-08-030420 ++ stigid@almalinux8: RHEL-08-030420 + stigid@sle12: SLES-12-020490 + stigid@sle15: SLES-15-030150 + stigid@ubuntu2004: UBTU-20-010155 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +index 86297fe41..3d17494ac 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030510 + stigid@ol8: OL08-00-030420 +- stigid@rhel8: RHEL-08-030420 ++ stigid@almalinux8: RHEL-08-030420 + stigid@sle12: SLES-12-020490 + stigid@sle15: SLES-15-030150 + stigid@ubuntu2004: UBTU-20-010155 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh +index c1352ae38..31de43746 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh +index c1352ae38..31de43746 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh +index c944fb9e6..b506644af 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh +index c1352ae38..31de43746 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh +index c1352ae38..31de43746 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh +index c944fb9e6..b506644af 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +index 5f27a832e..d04e00dac 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +@@ -62,7 +62,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030510 + stigid@ol8: OL08-00-030420 +- stigid@rhel8: RHEL-08-030420 ++ stigid@almalinux8: RHEL-08-030420 + stigid@sle12: SLES-12-020490 + stigid@sle15: SLES-15-030150 + stigid@ubuntu2004: UBTU-20-010155 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh +index c1352ae38..31de43746 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh +index c1352ae38..31de43746 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh +index c944fb9e6..b506644af 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +index 5671f0af5..5570dc4c6 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +@@ -61,7 +61,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030510 + stigid@ol8: OL08-00-030420 +- stigid@rhel8: RHEL-08-030420 ++ stigid@almalinux8: RHEL-08-030420 + stigid@sle12: SLES-12-020490 + stigid@sle15: SLES-15-030150 + stigid@ubuntu2004: UBTU-20-010155 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml +index 590a5ff6b..5ceb15d9b 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml +index bdf3015c4..658327033 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml +index 1ee266d25..a32ed4e88 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian + # reboot = false + # complexity = low + # disruption = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml +index 7c8e520c1..e5c1d9d93 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +index 1fc076fe8..8513b30b5 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222,SRG-APP-000495-CTR-001235,SRG-APP-000504-CTR-001280 + stigid@ol7: OL07-00-030830 + stigid@ol8: OL08-00-030390 +- stigid@rhel8: RHEL-08-030390 ++ stigid@almalinux8: RHEL-08-030390 + stigid@sle12: SLES-12-020730 + stigid@sle15: SLES-15-030520 + stigid@ubuntu2004: UBTU-20-010181 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh +index 1bf2449b4..ddf95ef93 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_ubuntu ++# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ubuntu + # packages = audit + + rm -f /etc/audit/rules.d/* +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml +index 6d545f87c..613960cbc 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian + # reboot = false + # complexity = low + # disruption = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml +index 639d76a21..7f4d463d6 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +index 2756d56fa..a260684e6 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +@@ -54,7 +54,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222,SRG-APP-000495-CTR-001235,SRG-APP-000504-CTR-001280 + stigid@ol7: OL07-00-030820 + stigid@ol8: OL08-00-030360 +- stigid@rhel8: RHEL-08-030360 ++ stigid@almalinux8: RHEL-08-030360 + stigid@sle12: SLES-12-020740 + stigid@sle15: SLES-15-030530 + stigid@ubuntu2004: UBTU-20-010179 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/missing_auid_filter.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/missing_auid_filter.fail.sh +index 548015d2a..f785aab0c 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/missing_auid_filter.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/missing_auid_filter.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_ubuntu ++# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ubuntu + # packages = audit + + rm -f /etc/audit/rules.d/* +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml +index 73a9f1dff..6daf2c30b 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian + # reboot = false + # complexity = low + # disruption = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml +index 083a612a0..3228b89b7 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +index aa51a41ce..2e6874034 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +@@ -54,7 +54,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222,SRG-APP-000495-CTR-001235,SRG-APP-000504-CTR-001280 + stigid@ol7: OL07-00-030820 + stigid@ol8: OL08-00-030360 +- stigid@rhel8: RHEL-08-030360 ++ stigid@almalinux8: RHEL-08-030360 + stigid@sle12: SLES-12-020740 + stigid@sle15: SLES-15-030530 + stigid@ubuntu2004: UBTU-20-010179 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/missing_auid_filter.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/missing_auid_filter.fail.sh +index 8e282ee3e..d344773fa 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/missing_auid_filter.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/missing_auid_filter.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_ubuntu ++# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ubuntu + # packages = audit + + rm -f /etc/audit/rules.d/* +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/tests/missing_auid_filter.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/tests/missing_auid_filter.fail.sh +index 009564309..0f9a7f6e6 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/tests/missing_auid_filter.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/tests/missing_auid_filter.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9 + # packages = audit + + rm -f /etc/audit/rules.d/* +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh +index 1ea2bcfa9..06d0f131a 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +index 3d2a43291..a91e740bc 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +@@ -49,7 +49,7 @@ references: + srg: SRG-OS-000392-GPOS-00172,SRG-OS-000470-GPOS-00214,SRG-OS-000473-GPOS-00218,SRG-APP-000503-CTR-001275,SRG-APP-000506-CTR-001290 + stigid@ol7: OL07-00-030610 + stigid@ol8: OL08-00-030590 +- stigid@rhel8: RHEL-08-030590 ++ stigid@almalinux8: RHEL-08-030590 + + ocil_clause: 'the command does not return a line, or the line is commented out' + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh +index e8b40c40b..c003a3101 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh +index b1e45d310..5eff48e99 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh +index c602f8e49..2e041b718 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh +index 00e9c031c..d29dcd262 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh +index 8c380177f..5e0608d35 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh +index a321ab78b..fa8cd80bb 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh +index e2750dbee..6a2992c9d 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis + + path="/var/run/faillock" +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh +index d8379bfe5..3c16dd148 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_extra_permission_cis.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis + + path="/var/run/faillock" +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh +index cbbcb5f67..76ebb0844 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_without_key_cis.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis + + path="/var/run/faillock" +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh +index 22b979187..e90519a30 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_remove_all_rules_cis.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis + + path="/var/run/faillock" +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh +index afdeb73d1..95b55eef4 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_cis.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis + + path="/var/run/faillock" +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh +index b14bc1951..81934f021 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_wrong_rule_without_key_cis.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis + + path="/var/run/faillock" +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +index 740f309db..69b434b79 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +@@ -51,7 +51,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000473-GPOS-00218,SRG-OS-000470-GPOS-00214,SRG-APP-000495-CTR-001235,SRG-APP-000503-CTR-001275,SRG-APP-000506-CTR-001290 + stigid@ol7: OL07-00-030620 + stigid@ol8: OL08-00-030600 +- stigid@rhel8: RHEL-08-030600 ++ stigid@almalinux8: RHEL-08-030600 + stigid@sle12: SLES-12-020660 + stigid@sle15: SLES-15-030480 + stigid@ubuntu2004: UBTU-20-010171 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml +index b3f4eb102..e6bb717eb 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh +index 3526d3fea..046a977ca 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + {{{ setup_auditctl_environment() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh +index 1fbd8ba8a..65ac95bb2 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + {{{ setup_auditctl_environment() }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh +index 20fee9f76..71dfe4b3c 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + {{{ setup_auditctl_environment() }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh +index 5cc15361e..2e18c47f0 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + {{{ setup_auditctl_environment() }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh +index dc7ae3bdf..ff7f21c64 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + {{{ setup_auditctl_environment() }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh +index ee36da807..bd848737d 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + # augenrules is default for rhel7 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh +index b6aabf247..8405f0ba1 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # packages = audit + # remediation = none +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /tmp/privileged.rules + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh +index 12f1b429a..8dea24479 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules + echo "-a always,exit -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh +index 711bae803..617ff1b33 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules + sed -i '/newgrp/d' /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh +index d272fd1d5..f7c0fec7d 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + echo "-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh +index ecda20ef9..115487067 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh +index 51482922f..4ac366ec9 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules + # change key of rules for binaries in /usr/sbin +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh +index 6ef31d987..2da0682e0 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_ignore_dracut_tmp.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh +index 45acc82b6..2505b138b 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + . $SHARED/partition.sh + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh +index 79c0bb972..2968492ac 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules + sed -i -E 's/^(.*path=[[:graph:]]+) -F perm=x(.*$)/\1\2/' /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh +index a8667bbfb..471d2aff2 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + echo "-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -k privileged" >> /etc/audit/rules.d/privileged.rules + echo "-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh +index b2e18d1cd..5c56cdb6d 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + echo "-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules + echo "-a always,exit -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh +index 81fc6dd16..9c3f84ef8 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + ./generate_privileged_commands_rule.sh {{{ uid_min }}} own_key /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +index dbf4f7d14..e3b55cf54 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +@@ -59,7 +59,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-APP-000029-CTR-000085,SRG-APP-000495-CTR-001235,SRG-APP-000501-CTR-001265,SRG-APP-000502-CTR-001270 + stigid@ol7: OL07-00-030660 + stigid@ol8: OL08-00-030250 +- stigid@rhel8: RHEL-08-030250 ++ stigid@almalinux8: RHEL-08-030250 + stigid@sle12: SLES-12-020690 + stigid@sle15: SLES-15-030120 + stigid@ubuntu2004: UBTU-20-010175 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +index b97f30b63..208474d14 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +@@ -59,7 +59,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030720 + stigid@ol8: OL08-00-030410 +- stigid@rhel8: RHEL-08-030410 ++ stigid@almalinux8: RHEL-08-030410 + stigid@sle12: SLES-12-020580 + stigid@sle15: SLES-15-030100 + stigid@ubuntu2004: UBTU-20-010163 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +index 349d0223f..593b9c899 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +@@ -58,7 +58,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030800 + stigid@ol8: OL08-00-030400 +- stigid@rhel8: RHEL-08-030400 ++ stigid@almalinux8: RHEL-08-030400 + stigid@sle12: SLES-12-020710 + stigid@sle15: SLES-15-030130 + stigid@ubuntu2004: UBTU-20-010177 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +index ce3300918..d7199bdb3 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +@@ -59,7 +59,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000029-CTR-000085,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030650 + stigid@ol8: OL08-00-030370 +- stigid@rhel8: RHEL-08-030370 ++ stigid@almalinux8: RHEL-08-030370 + stigid@sle12: SLES-12-020560 + stigid@sle15: SLES-15-030080 + stigid@ubuntu2004: UBTU-20-010174 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml +index 6c114c13c..5c5f7185c 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh +index f4fff8181..6c379ca01 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/insmod", "x", "modules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml +index 6b0577551..417636fce 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml +@@ -46,7 +46,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222,SRG-APP-000495-CTR-001235,SRG-APP-000504-CTR-001280 + stigid@ol7: OL07-00-030840 + stigid@ol8: OL08-00-030580 +- stigid@rhel8: RHEL-08-030580 ++ stigid@almalinux8: RHEL-08-030580 + stigid@sle12: SLES-12-020360 + stigid@sle15: SLES-15-030410 + stigid@ubuntu2004: UBTU-20-010297 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml +index 44feb6dc4..7a5b0fa5e 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh +index c4c78f756..c9c2d7239 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_debian,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu ++# platform = multi_platform_debian,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/modprobe", "x", "modules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +index bc987e798..4832377c3 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +@@ -48,7 +48,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000029-CTR-000085 + stigid@ol7: OL07-00-030740 + stigid@ol8: OL08-00-030300 +- stigid@rhel8: RHEL-08-030300 ++ stigid@almalinux8: RHEL-08-030300 + stigid@sle12: SLES-12-020290 + stigid@ubuntu2004: UBTU-20-010138 + stigid@ubuntu2204: UBTU-22-654065 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +index 8ff611ce5..7047c1cd6 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +@@ -59,7 +59,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000029-CTR-000085,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030710 + stigid@ol8: OL08-00-030350 +- stigid@rhel8: RHEL-08-030350 ++ stigid@almalinux8: RHEL-08-030350 + stigid@sle12: SLES-12-020570 + stigid@sle15: SLES-15-030090 + stigid@ubuntu2004: UBTU-20-010164 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +index f749a53f8..b59bca4d1 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +@@ -63,7 +63,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000029-CTR-000085,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030810 + stigid@ol8: OL08-00-030340 +- stigid@rhel8: RHEL-08-030340 ++ stigid@almalinux8: RHEL-08-030340 + stigid@sle12: SLES-12-020720 + stigid@sle15: SLES-15-030510 + stigid@ubuntu2004: UBTU-20-010178 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +index fa96437c0..ca4f97962 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000029-CTR-000085,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030630 + stigid@ol8: OL08-00-030290 +- stigid@rhel8: RHEL-08-030290 ++ stigid@almalinux8: RHEL-08-030290 + stigid@sle12: SLES-12-020550 + stigid@sle15: SLES-15-030070 + stigid@ubuntu2004: UBTU-20-010172 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +index 4625b87e0..981a4717a 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030760 + stigid@ol8: OL08-00-030311 +- stigid@rhel8: RHEL-08-030311 ++ stigid@almalinux8: RHEL-08-030311 + + {{{ ocil_fix_srg_privileged_command("postdrop") }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +index fe137e041..cb46d5141 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030770 + stigid@ol8: OL08-00-030312 +- stigid@rhel8: RHEL-08-030312 ++ stigid@almalinux8: RHEL-08-030312 + + {{{ ocil_fix_srg_privileged_command("postqueue") }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml +index 7e18fe435..a27adad2d 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh +index 102d4b40b..f9a428790 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_debian,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu ++# platform = multi_platform_debian,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/rmmod", "x", "modules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml +index 670dc8ffc..4a3f802f0 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml +@@ -41,7 +41,7 @@ references: + nist@sle12: AU-3,AU-3.1,AU-12(a),AU-12(c),AU-12.1(a),AU-12.1(ii),AU-12.1(iv),MA-4(1)(a) + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 + stigid@ol8: OL08-00-030280 +- stigid@rhel8: RHEL-08-030280 ++ stigid@almalinux8: RHEL-08-030280 + stigid@sle12: SLES-12-020310 + stigid@sle15: SLES-15-030370 + stigid@ubuntu2004: UBTU-20-010140 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +index 3b28014d9..41c6e45a1 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +@@ -66,7 +66,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000029-CTR-000085,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030780 + stigid@ol8: OL08-00-030320 +- stigid@rhel8: RHEL-08-030320 ++ stigid@almalinux8: RHEL-08-030320 + stigid@sle12: SLES-12-020320 + stigid@sle15: SLES-15-030060 + stigid@ubuntu2004: UBTU-20-010141 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +index a9f55f14d..eec33824e 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +@@ -57,7 +57,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000064-GPOS-0003,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-APP-000029-CTR-000085,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-OS-000755-GPOS-00220 + stigid@ol7: OL07-00-030680 + stigid@ol8: OL08-00-030190 +- stigid@rhel8: RHEL-08-030190 ++ stigid@almalinux8: RHEL-08-030190 + stigid@sle12: SLES-12-020250 + stigid@sle15: SLES-15-030550 + stigid@ubuntu2004: UBTU-20-010136 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +index 01189ac3a..35f1f08cd 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +@@ -58,7 +58,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-APP-000029-CTR-000085,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-OS-000755-GPOS-00220 + stigid@ol7: OL07-00-030690 + stigid@ol8: OL08-00-030550 +- stigid@rhel8: RHEL-08-030550 ++ stigid@almalinux8: RHEL-08-030550 + stigid@sle12: SLES-12-020260 + stigid@sle15: SLES-15-030560 + stigid@ubuntu2004: UBTU-20-010161 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +index a00cb6231..f398b9790 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +@@ -57,7 +57,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000029-CTR-000085 + stigid@ol7: OL07-00-030750 + stigid@ol8: OL08-00-030301 +- stigid@rhel8: RHEL-08-030301 ++ stigid@almalinux8: RHEL-08-030301 + stigid@sle12: SLES-12-020300 + stigid@ubuntu2004: UBTU-20-010139 + stigid@ubuntu2204: UBTU-22-654115 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +index d0fa760e5..d70fbbae2 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +@@ -58,7 +58,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000029-CTR-000085,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030640 + stigid@ol8: OL08-00-030317 +- stigid@rhel8: RHEL-08-030317 ++ stigid@almalinux8: RHEL-08-030317 + stigid@sle12: SLES-12-020680 + stigid@sle15: SLES-15-030110 + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml +index 655f14784..cb8c772ff 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml +@@ -38,7 +38,7 @@ references: + disa: CCI-000172,CCI-000130,CCI-000135,CCI-000169,CCI-002884 + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 + stigid@ol8: OL08-00-030310 +- stigid@rhel8: RHEL-08-030310 ++ stigid@almalinux8: RHEL-08-030310 + stigid@ubuntu2004: UBTU-20-010173 + stigid@ubuntu2204: UBTU-22-654120 + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +index 7b5ffa69d..06263dfc0 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +@@ -54,7 +54,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030670 + stigid@ol8: OL08-00-030315 +- stigid@rhel8: RHEL-08-030315 ++ stigid@almalinux8: RHEL-08-030315 + + {{{ ocil_fix_srg_privileged_command("userhelper") }}} + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml +index d54a24124..129eaeae3 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml +@@ -43,7 +43,7 @@ references: + nist@sle12: AU-3,AU-12(a),AU-12(c),MA-4(1)(a) + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255 + stigid@ol8: OL08-00-030560 +- stigid@rhel8: RHEL-08-030560 ++ stigid@almalinux8: RHEL-08-030560 + stigid@sle12: SLES-12-020700 + stigid@sle15: SLES-15-030500 + stigid@ubuntu2004: UBTU-20-010176 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh +index b57078075..5d03b92a6 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian + + # Traverse all of: + # +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml +index 26d02c24e..28daa9106 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml +index 1eae30fa7..356531c34 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml +@@ -51,7 +51,7 @@ references: + pcidss: Req-10.5.2 + srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-APP-000119-CTR-000245,SRG-APP-000120-CTR-000250 + stigid@ol8: OL08-00-030121 +- stigid@rhel8: RHEL-08-030121 ++ stigid@almalinux8: RHEL-08-030121 + + ocil_clause: 'the audit system is not set to be immutable by adding the "-e 2" option to the end of "/etc/audit/audit.rules"' + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/ansible/shared.yml +index 94768073f..6fd009b50 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml +index ecdc6aa7e..50b9dc000 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable_login_uids/rule.yml +@@ -32,7 +32,7 @@ references: + disa: CCI-000163,CCI-000172,CCI-000164,CCI-000162 + srg: SRG-OS-000462-GPOS-00206,SRG-OS-000475-GPOS-00220,SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029 + stigid@ol8: OL08-00-030122 +- stigid@rhel8: RHEL-08-030122 ++ stigid@almalinux8: RHEL-08-030122 + + ocil_clause: 'the system is not configured to make login UIDs immutable' + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml +index e55119fd1..2e7514b51 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh +index 79440e79b..614a4e09c 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/etc/selinux/", "wa", "MAC-policy") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml +index 889f83178..7896d4cb1 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml +index 496670fad..a9cce0a56 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh +index b61368c0c..eb3bf47f9 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/usr/share/selinux/", "wa", "MAC-policy") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml +index 766663e81..c3ab87953 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml +@@ -52,7 +52,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-APP-000495-CTR-001235 + stigid@ol7: OL07-00-030740 + stigid@ol8: OL08-00-030302 +- stigid@rhel8: RHEL-08-030302 ++ stigid@almalinux8: RHEL-08-030302 + stigid@sle12: SLES-12-020290 + stigid@sle15: SLES-15-030350 + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml +index fb56e5550..ea6929b63 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian + # reboot =false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh +index 1e040de05..65a6c1127 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian + + # First perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml +index 58be87f4b..3adce26dc 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh +index bd42cc0f1..366b790a4 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/var/run/utmp", "wa", "session") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml +index 8b2377d44..39c2bba69 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml +index 20c0566d6..c00ed3d39 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml +@@ -33,7 +33,7 @@ references: + disa: CCI-001403,CCI-001404,CCI-001405,CCI-000172,CCI-000130,CCI-002130,CCI-000135,CCI-000169,CCI-002884,CCI-000018,CCI-000015 + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 + stigid@ol8: OL08-00-030171 +- stigid@rhel8: RHEL-08-030171 ++ stigid@almalinux8: RHEL-08-030171 + stigid@ubuntu2204: UBTU-22-654220 + + ocil_clause: 'the command does not return a line, or the line is commented out' +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml +index 7a7c522d9..3265b03bf 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml +@@ -33,7 +33,7 @@ references: + disa: CCI-001403,CCI-001404,CCI-001405,CCI-000172,CCI-000130,CCI-002130,CCI-000135,CCI-000169,CCI-002884,CCI-000018,CCI-000015 + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 + stigid@ol8: OL08-00-030172 +- stigid@rhel8: RHEL-08-030172 ++ stigid@almalinux8: RHEL-08-030172 + stigid@ubuntu2204: UBTU-22-654225 + + ocil_clause: 'the command does not return a line, or the line is commented out' +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml +index 0e882f8c9..e18326c0d 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh +index 15d6fa4e2..7f98c9915 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + # First perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml +index 340551b27..3dcf0ed87 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh +index 424d65c1f..f787822c0 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu + + # First perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml +index 323a798b1..46fad7416 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml +index bd05c372a..28c92b0f4 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000326-GPOS-00126,SRG-OS-000327-GPOS-00127,SRG-APP-000343-CTR-000780,SRG-APP-000381-CTR-000905,SRG-OS-000755-GPOS-00220 + stigid@ol7: OL07-00-030360 + stigid@ol8: OL08-00-030000 +- stigid@rhel8: RHEL-08-030000 ++ stigid@almalinux8: RHEL-08-030000 + stigid@sle12: SLES-12-020240 + stigid@sle15: SLES-15-030640 + stigid@ubuntu2004: UBTU-20-010211 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh +index 1dfe6124c..7e915ca96 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml +index 336beb2b7..26c47e462 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh +index 07965e2c7..908fa6e54 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/etc/group", "wa", "audit_rules_usergroup_modification") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +index 9bb644fb7..597211c7e 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 + stigid@ol7: OL07-00-030871 + stigid@ol8: OL08-00-030170 +- stigid@rhel8: RHEL-08-030170 ++ stigid@almalinux8: RHEL-08-030170 + stigid@sle12: SLES-12-020210 + stigid@sle15: SLES-15-030010 + stigid@ubuntu2004: UBTU-20-010101 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +index 61e7ce7be..fd13a8fd5 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 + stigid@ol7: OL07-00-030872 + stigid@ol8: OL08-00-030160 +- stigid@rhel8: RHEL-08-030160 ++ stigid@almalinux8: RHEL-08-030160 + stigid@sle12: SLES-12-020590 + stigid@sle15: SLES-15-030040 + stigid@ubuntu2004: UBTU-20-010103 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +index 5a62a050c..db6ddd67c 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +@@ -57,7 +57,7 @@ references: + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000496-CTR-001240,SRG-APP-000497-CTR-001245,SRG-APP-000498-CTR-001250,SRG-APP-000503-CTR-001275 + stigid@ol7: OL07-00-030874 + stigid@ol8: OL08-00-030140 +- stigid@rhel8: RHEL-08-030140 ++ stigid@almalinux8: RHEL-08-030140 + stigid@sle12: SLES-12-020230 + stigid@sle15: SLES-15-030030 + stigid@ubuntu2004: UBTU-20-010104 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +index adb4bfb33..c452fa1cc 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-OS-000274-GPOS-00104,SRG-OS-000275-GPOS-00105,SRG-OS-000276-GPOS-00106,SRG-OS-000277-GPOS-00107,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 + stigid@ol7: OL07-00-030870 + stigid@ol8: OL08-00-030150 +- stigid@rhel8: RHEL-08-030150 ++ stigid@almalinux8: RHEL-08-030150 + stigid@sle12: SLES-12-020200 + stigid@sle15: SLES-15-030000 + stigid@ubuntu2004: UBTU-20-010100 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +index 10c1feb90..66a67c858 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-APP-000495-CTR-001235,SRG-APP-000499-CTR-001255,SRG-APP-000503-CTR-001275 + stigid@ol7: OL07-00-030873 + stigid@ol8: OL08-00-030130 +- stigid@rhel8: RHEL-08-030130 ++ stigid@almalinux8: RHEL-08-030130 + stigid@sle12: SLES-12-020220 + stigid@sle15: SLES-15-030020 + stigid@ubuntu2004: UBTU-20-010102 +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh +index 24b4da6b6..1b2b4dd27 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian + + {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml +index 49c97e395..51f48c0f9 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh +index c511ede45..617b679c5 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian + + # First perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml +index ec76157d4..0f9e9f7cc 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh +index b7f44ab38..e6b1d1856 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu + + {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml +index 3f43030e9..85e9a47c8 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh +index b7f44ab38..e6b1d1856 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu + + {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml +index 8a58bbc38..1a73014dc 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh +index 0899dcded..fa722e21d 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/etc/localtime", "wa", "audit_time_rules") }}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml +index 140506b60..4290a051f 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml +index ec17adf55..0ecb4079c 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml +index b648f54cc..87157586f 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml +@@ -36,7 +36,7 @@ references: + pcidss: Req-10.5.1 + srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 + stigid@ol8: OL08-00-030110 +- stigid@rhel8: RHEL-08-030110 ++ stigid@almalinux8: RHEL-08-030110 + + ocil: |- + {{% if product =="ol8" %}} +diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh +index 09d4e8ff5..6a8e8bdab 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + groupadd group_test + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml +index de4d603cd..a76d9c19b 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml +@@ -32,7 +32,7 @@ references: + pcidss: Req-10.5.1 + srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 + stigid@ol8: OL08-00-030100 +- stigid@rhel8: RHEL-08-030100 ++ stigid@almalinux8: RHEL-08-030100 + + ocil_clause: the directory is not owned by root + +diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh +index 0dad1bfe1..29632f729 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu + + if LC_ALL=C grep -iw ^log_file /etc/audit/auditd.conf; then + DIR=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ' | rev | cut -d"/" -f2- | rev) +diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml +index b558e92ad..d62740922 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml ++++ b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml +@@ -3,7 +3,7 @@ documentation_complete: true + title: 'System Audit Logs Must Have Mode 0750 or Less Permissive' + + description: |- +- {{% if product in ["ol8", "rhel8"] %}} ++ {{% if product in ["ol8", "rhel8", "almalinux8"] %}} + Verify the audit log directories have a mode of "0700" or less permissive by first determining + where the audit logs are stored with the following command: + 
$ sudo grep -iw log_file /etc/audit/auditd.conf
+@@ -45,7 +45,7 @@ references:
+     nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4
+     srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029
+     stigid@ol8: OL08-00-030120
+-    stigid@rhel8: RHEL-08-030120
++    stigid@almalinux8: RHEL-08-030120
+     stigid@ubuntu2004: UBTU-20-010128
+     stigid@ubuntu2204: UBTU-22-653060
+ 
+@@ -70,7 +70,7 @@ ocil: |-
+ 
+     Replace "[audit_log_directory]" to the correct audit log directory path, by default this location is "/var/log/audit".
+ 
+-    {{% if product in ["ol8", "rhel8"] %}}
++    {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
+     The correct permissions are 0700
+     {{% else %}}
+     If the log_group is "root" or is not set, the correct permissions are 0700, otherwise they are 0750.
+@@ -83,7 +83,7 @@ fixtext: |-
+ 
+     $ sudo grep "^log_file" /etc/audit/auditd.conf
+ 
+-    {{% if product in ["ol8", "rhel8"] %}}
++    {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
+     Set the correct permissions mode by the following command:
+ 
+     $ sudo chmod 0700 [audit_log_directory]
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh
+index 7e8c49123..999d914cd 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ source common_0700.sh
+ 
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh
+index 7cfadc195..3bb0cefbb 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ source common_0700.sh
+ 
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh
+index 3654389ed..64e3e8ebc 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ source common_0700.sh
+ 
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh
+index b93254a4b..c7d66ccbb 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ source common_0700.sh
+ 
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
+index cfcf088bd..9bdb0b72a 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
+@@ -40,7 +40,7 @@ references:
+     pcidss: Req-10.5.1
+     srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
+     stigid@ol8: OL08-00-030090
+-    stigid@rhel8: RHEL-08-030090
++    stigid@almalinux8: RHEL-08-030090
+     stigid@ubuntu2004: UBTU-20-010124
+     stigid@ubuntu2204: UBTU-22-653055
+ 
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
+index 6f19e15c6..b1d995c61 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ 
+ if grep -iwq "log_file" /etc/audit/auditd.conf; then
+     FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ')
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh
+index cf4b02b90..cd69f17c2 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ 
+ if grep -iwq "log_file" /etc/audit/auditd.conf; then
+     FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ')
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml
+index 95acf5905..18954ffa1 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml
+@@ -6,7 +6,7 @@
+         
+         
+       
+-      {{% if product in ["ol8", "rhel8"] %}}
++      {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
+       
+         
+@@ -28,7 +28,7 @@
+     state_owner_not_root_var_log_audit
+   
+   
+-  {{% if product in ["ol8", "rhel8"] %}}
++  {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
+   
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml
+index 703a5d470..c8e265b3e 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml
+@@ -35,7 +35,7 @@ references:
+     pcidss: Req-10.5.1
+     srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
+     stigid@ol8: OL08-00-030080
+-    stigid@rhel8: RHEL-08-030080
++    stigid@almalinux8: RHEL-08-030080
+     stigid@ubuntu2004: UBTU-20-010123
+     stigid@ubuntu2204: UBTU-22-653050
+ 
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh
+index 3a0d9a4e9..ab43ceb2b 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ #!/bin/bash
+ 
+ sed -i "/^\s*log_file.*/d" /etc/audit/auditd.conf
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value.fail.sh
+index d597ca07f..75a41c4fd 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value.fail.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value.fail.sh
+@@ -15,7 +15,7 @@ useradd testuser_123
+ touch "/var/log/audit/audit.log"
+ chown root "/var/log/audit/audit.log"
+ 
+-{{% if product in ["ol8", "rhel8"] %}}
++{{% if product in ["ol8", "rhel8", "almalinux8"] %}}
+ touch $FILE
+ chown testuser_123 $FILE
+ {{% else %}}
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh
+index 1879113b8..8798ae1ae 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ #!/bin/bash
+ 
+ sed -i "/^\s*log_file.*/d" /etc/audit/auditd.conf
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml
+index 722f6731a..7f1879db2 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
+index 0b42da512..013401d8c 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+ 
+ if LC_ALL=C grep -iw ^log_file /etc/audit/auditd.conf; then
+     FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ')
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
+index 19e01c03a..9588a89c8 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
+@@ -50,7 +50,7 @@ references:
+     srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
+     stigid@ol7: OL07-00-910055
+     stigid@ol8: OL08-00-030070
+-    stigid@rhel8: RHEL-08-030070
++    stigid@almalinux8: RHEL-08-030070
+     stigid@ubuntu2004: UBTU-20-010122
+ 
+ ocil_clause: 'any permissions are more permissive'
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh
+index 15023ca70..488ef3e3f 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # packages = audit
+ 
+ source common_0600.sh
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh
+index 04d76809f..6475f83ae 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # packages = audit
+ 
+ source common_0600.sh
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh
+index aea9d1b10..3f045e4c7 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # packages = audit
+ 
+ source common_0600.sh
+diff --git a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh
+index 003e3330f..368540adc 100644
+--- a/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh
++++ b/linux_os/guide/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # packages = audit
+ 
+ source common_0600.sh
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml
+index 083f32d74..655635941 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh
+index e5743cfad..b60215a3e 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_audispd_remote_server") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh
+index 44d9a1f74..a466bc72d 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh
+index 0bfa82083..93b11eb05 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
+index 5f12eb017..73493b7cf 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
+@@ -48,7 +48,7 @@ references:
+     nist@sle15: AU-4
+     srg: SRG-OS-000341-GPOS-00132,SRG-OS-000342-GPOS-00133
+     stigid@ol8: OL08-00-030660
+-    stigid@rhel8: RHEL-08-030660
++    stigid@almalinux8: RHEL-08-030660
+     stigid@sle12: SLES-12-020020
+     stigid@sle15: SLES-15-030660
+     stigid@ubuntu2004: UBTU-20-010215
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml
+index d4ba66ac7..de8c26b9c 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh
+index 76c1ad183..18a751f06 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_audispd_disk_full_action") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
+index 5e49158b5..e365ecf5f 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
+@@ -1,7 +1,7 @@
+ # platform = multi_platform_all
+ 
+ AUDISP_REMOTE_CONFIG="{{{ audisp_conf_path }}}/audisp-remote.conf"
+-{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "sle15"] %}}
++{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4", "sle15"] %}}
+ option="^transport"
+ value="KRB5"
+ {{% else %}}
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
+index f5932e35a..b5c0dd6d6 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
+@@ -2,7 +2,7 @@
+ 
+ 
+   
+-    {{% if product in ["rhel8", "fedora", "ol8", "rhv4", "sle15"] %}}
++    {{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4", "sle15"] %}}
+     {{{ oval_metadata("transport setting in " + audisp_config_file_path + " is set to 'KRB5'") }}}
+     {{% else %}}
+     {{{ oval_metadata("enable_krb5 setting in " + audisp_config_file_path + " is set to 'yes'") }}}
+@@ -22,7 +22,7 @@
+     {{{ audisp_config_file_path }}}
+     
+     
+-{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "sle15"] %}}
++{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4", "sle15"] %}}
+     ^[ ]*transport[ ]+=[ ]+KRB5[ ]*$
+ {{% else %}}
+     ^[ ]*enable_krb5[ ]+=[ ]+yes[ ]*$
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
+index a08582b06..f0daf5ff4 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
+@@ -6,7 +6,7 @@ title: 'Encrypt Audit Records Sent With audispd Plugin'
+ description: |-
+     Configure the operating system to encrypt the transfer of off-loaded audit
+     records onto a different system or media from the system being audited.
+-{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "sle15"] %}}
++{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4", "sle15"] %}}
+     Set the transport option in 
{{{ audisp_conf_path }}}/audisp-remote.conf

+     to KRB5.
+ {{% else %}}
+@@ -43,7 +43,7 @@ ocil_clause: 'audispd is not encrypting audit records when sent over the network
+ ocil: |-
+     To verify the audispd plugin encrypts audit records off-loaded onto a different
+     system or media from the system being audited, run the following command:
+-{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "sle15"] %}}
++{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4", "sle15"] %}}
+     
$ sudo grep -i transport {{{ audisp_conf_path }}}/audisp-remote.conf

+     The output should return the following:
+     
transport = KRB5

+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh
+index 1ee02140b..711b6593d 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh
+index b6775223d..b7fa1f1f4 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh
+index bf1c533c6..fb621cfff 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh
+index 864e97b31..8c16af8f9 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml
+index d238e7277..cbeae4d55 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh
+index 90f6fbc93..d64b401df 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_audispd_network_failure_action") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh
+index 28d00f26e..bf391529f 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh
+index fea488a3e..62a08e1c7 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh
+index caf9766f5..8b2142f08 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = bash
+ 
+ . $SHARED/auditd_utils.sh
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh
+index c87268eae..ffa87d06e 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = bash
+ 
+ . $SHARED/auditd_utils.sh
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh
+index 0bb1518ef..c54736340 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = bash
+ 
+ . $SHARED/auditd_utils.sh
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml
+index b075778f5..d9baf1b4f 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh
+index d0065b38c..7027992a4 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
+index c06cf1145..9456949fe 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
+@@ -38,7 +38,7 @@ references:
+     nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4
+     srg: SRG-OS-000047-GPOS-00023,SRG-APP-000098-CTR-000185,SRG-APP-000099-CTR-000190,SRG-APP-000100-CTR-000195,SRG-APP-000100-CTR-000200,SRG-APP-000109-CTR-000215,SRG-APP-000290-CTR-000670,SRG-APP-000357-CTR-000800
+     stigid@ol8: OL08-00-030040
+-    stigid@rhel8: RHEL-08-030040
++    stigid@almalinux8: RHEL-08-030040
+ 
+ ocil_clause: 'there is no evidence of appropriate action'
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml
+index 06f4a10c6..ba788edbf 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh
+index 78726bbc6..0a36846ab 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
+index 4205bb067..d7a1a4d8b 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
+index 698076ac8..e59677252 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_auditd_disk_full_action") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
+index e595e81c2..ee1b38b6e 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
+@@ -45,7 +45,7 @@ references:
+     nist@sle12: AU-5(b),AU-5.1(iv)
+     srg: SRG-OS-000047-GPOS-00023
+     stigid@ol8: OL08-00-030060
+-    stigid@rhel8: RHEL-08-030060
++    stigid@almalinux8: RHEL-08-030060
+     stigid@sle12: SLES-12-020060
+     stigid@sle15: SLES-15-030590
+     stigid@ubuntu2004: UBTU-20-010118
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml
+index 61cc4751d..7f66a5c15 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh
+index 8ab6e16ab..110211558 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_auditd_disk_full_action") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
+index bcb4b0de9..2f6e309d3 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
+index 06d79abb6..258378a89 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_auditd_action_mail_acct") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
+index 516591612..7ecb7908e 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
+@@ -46,7 +46,7 @@ references:
+     srg: SRG-OS-000046-GPOS-00022,SRG-OS-000343-GPOS-00134
+     stigid@ol7: OL07-00-030350
+     stigid@ol8: OL08-00-030020
+-    stigid@rhel8: RHEL-08-030020
++    stigid@almalinux8: RHEL-08-030020
+     stigid@sle12: SLES-12-020040
+     stigid@sle15: SLES-15-030570
+     stigid@ubuntu2004: UBTU-20-010117
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
+index 49efdc918..ab901e892 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
+index f377a92dd..44680a119 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_auditd_admin_space_left_action") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml
+index 9c8afcfa3..53a6da7e0 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh
+index 79b916559..40632d099 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ 
+ {{{ bash_instantiate_variables("var_auditd_flush") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh
+index ba44b2bb5..303e1d8f7 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # remediation = bash
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh
+index a8f68412c..0c0d35e0d 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # remediation = bash
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh
+index f3301e81a..eb39696dd 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # remediation = bash
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh
+index 64ebd312f..c43471049 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # remediation = bash
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh
+index f6e0c1088..a51782746 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # remediation = bash
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh
+index 47f3daf89..5cab1da02 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # remediation = bash
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml
+index c70cd104e..c97fbf56e 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
+index 8a53bf847..95c5446b6 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_auditd_max_log_file") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
+index 69ae3cb89..f48f36569 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
+index 5007f965f..4c06ea831 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml
+index 69ae3cb89..f48f36569 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh
+index 4609f8ec9..f4b4664e3 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ 
+ {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml
+index 7deaa0607..748a59d80 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml
+index ab0bea58e..a6158699d 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh
+index a53f062b5..e0200450d 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_auditd_space_left") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
+index bf6dec7e1..5ab7ec344 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
+index e6a508f32..4be7f5b35 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_auditd_space_left_action") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
+index 1956706cf..cfb908562 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
+@@ -57,7 +57,7 @@ references:
+     srg: SRG-OS-000343-GPOS-00134
+     stigid@ol7: OL07-00-030340
+     stigid@ol8: OL08-00-030731
+-    stigid@rhel8: RHEL-08-030731
++    stigid@almalinux8: RHEL-08-030731
+     stigid@ubuntu2004: UBTU-20-010217
+     stigid@ubuntu2204: UBTU-22-653040
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
+index a7c0963ac..71fd60240 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
+@@ -37,7 +37,7 @@ references:
+     srg: SRG-OS-000343-GPOS-00134
+     stigid@ol7: OL07-00-030330
+     stigid@ol8: OL08-00-030730
+-    stigid@rhel8: RHEL-08-030730
++    stigid@almalinux8: RHEL-08-030730
+     stigid@ubuntu2004: UBTU-20-010217
+     stigid@ubuntu2204: UBTU-22-653040
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
+index 8aabe5ca5..47fad3734 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
+@@ -24,7 +24,7 @@ references:
+     nist: CM-6
+     srg: SRG-OS-000062-GPOS-00031,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-030061
+-    stigid@rhel8: RHEL-08-030061
++    stigid@almalinux8: RHEL-08-030061
+ 
+ ocil_clause: local_events isn't set to yes
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
+index 1e4489ec6..9efec94dd 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
+@@ -26,7 +26,7 @@ references:
+     ospp: FAU_GEN.1.2
+     srg: SRG-OS-000255-GPOS-00096,SRG-OS-000480-GPOS-00227,SRG-APP-000096-CTR-000175,SRG-APP-000097-CTR-000180,SRG-APP-000098-CTR-000185,SRG-APP-000099-CTR-000190,SRG-APP-000100-CTR-000195,SRG-APP-000100-CTR-000200,SRG-APP-000109-CTR-000215,SRG-APP-000290-CTR-000670,SRG-APP-000357-CTR-000800
+     stigid@ol8: OL08-00-030063
+-    stigid@rhel8: RHEL-08-030063
++    stigid@almalinux8: RHEL-08-030063
+ 
+ ocil_clause: log_format isn't set to ENRICHED
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml
+index 64042da08..2a1e5e6d8 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh
+index 638b566dc..8c5acfbe9 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
+index 3adb155e4..6ffb0c791 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
+@@ -29,7 +29,7 @@ references:
+     srg: SRG-OS-000039-GPOS-00017,SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
+     stigid@ol7: OL07-00-030211
+     stigid@ol8: OL08-00-030062
+-    stigid@rhel8: RHEL-08-030062
++    stigid@almalinux8: RHEL-08-030062
+ 
+ ocil_clause: name_format isn't set to {{{ xccdf_value("var_auditd_name_format") }}}
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
+index 37fc1df9b..18d04768e 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh
+index aba1bf099..e628e189c 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
+index 0182850d3..baf98cc48 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
+@@ -31,7 +31,7 @@ references:
+     srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
+     stigid@ol7: OL07-00-030210
+     stigid@ol8: OL08-00-030700
+-    stigid@rhel8: RHEL-08-030700
++    stigid@almalinux8: RHEL-08-030700
+ 
+ ocil_clause: 'auditd overflow action is not set correctly'
+ 
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
+index 55f407e01..b9084af21 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/var_audispd_remote_server.var b/linux_os/guide/auditing/configure_auditd_data_retention/var_audispd_remote_server.var
+index bcafc35b8..1579dc90f 100644
+--- a/linux_os/guide/auditing/configure_auditd_data_retention/var_audispd_remote_server.var
++++ b/linux_os/guide/auditing/configure_auditd_data_retention/var_audispd_remote_server.var
+@@ -3,7 +3,7 @@ documentation_complete: true
+ title: 'Remote server for audispd to send audit records'
+ 
+ description: |-
+-{{% if product in ["rhel8", "fedora"] %}}
++{{% if product in ["rhel8", "almalinux8", "fedora"] %}}
+     The setting for remote_server in /etc/audit/audisp-remote.conf
+ {{% else %}}
+     The setting for remote_server in /etc/audisp/audisp-remote.conf
+diff --git a/linux_os/guide/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/auditing/grub2_audit_argument/rule.yml
+index c299d690b..16d97a7b3 100644
+--- a/linux_os/guide/auditing/grub2_audit_argument/rule.yml
++++ b/linux_os/guide/auditing/grub2_audit_argument/rule.yml
+@@ -44,7 +44,7 @@ references:
+     pcidss: Req-10.3
+     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000473-GPOS-00218,SRG-OS-000254-GPOS-00095
+     stigid@ol8: OL08-00-030601
+-    stigid@rhel8: RHEL-08-030601
++    stigid@almalinux8: RHEL-08-030601
+     stigid@ubuntu2004: UBTU-20-010198
+     stigid@ubuntu2204: UBTU-22-212015
+ 
+diff --git a/linux_os/guide/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh b/linux_os/guide/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh
+index 065c1d459..75db9892c 100644
+--- a/linux_os/guide/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh
++++ b/linux_os/guide/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Break the audit argument in kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/rule.yml
+index 29aa7f9ad..ce9b67832 100644
+--- a/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/rule.yml
++++ b/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/rule.yml
+@@ -34,7 +34,7 @@ references:
+     ospp: FAU_STG.1,FAU_STG.3
+     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000254-GPOS-00095,SRG-OS-000341-GPOS-00132,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
+     stigid@ol8: OL08-00-030602
+-    stigid@rhel8: RHEL-08-030602
++    stigid@almalinux8: RHEL-08-030602
+ 
+ ocil_clause: 'audit backlog limit is not configured'
+ 
+diff --git a/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh
+index aaffbf476..f3e10ad43 100644
+--- a/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh
++++ b/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) audit_backlog_limit=8192"
+diff --git a/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh
+index f93dc5644..1fa37409f 100644
+--- a/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh
++++ b/linux_os/guide/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Break the audit_backlog_limit argument in kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/auditing/package_audit_installed/rule.yml b/linux_os/guide/auditing/package_audit_installed/rule.yml
+index 466f246e1..e2d0c9a57 100644
+--- a/linux_os/guide/auditing/package_audit_installed/rule.yml
++++ b/linux_os/guide/auditing/package_audit_installed/rule.yml
+@@ -31,7 +31,7 @@ references:
+     pcidss: Req-10.1
+     srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220
+     stigid@ol8: OL08-00-030180
+-    stigid@rhel8: RHEL-08-030180
++    stigid@almalinux8: RHEL-08-030180
+     stigid@sle12: SLES-12-020000
+     stigid@sle15: SLES-15-030650
+     stigid@ubuntu2004: UBTU-20-010182
+diff --git a/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml
+index f29a4afc6..26ac0688c 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml
+index 412c67f15..ec1467404 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_success/kubernetes/shared.yml
+index 413293083..3f8c50a39 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_access_success/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_access_success/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml
+index 1d08bae3a..3e2300448 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml
+index 372b7c27c..4e2ce77e9 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml
+index f62426900..bd3ddd10a 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml
+index c26dc39be..d32b854fd 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml
+index 08c8dc855..e9277f263 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
+index dab3d0eaa..620596c44 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml
+index 22d3990f0..ed4f8bce8 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml
+index 2fb2c25aa..e182781c4 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
+index bff04fe4c..a56d7f18f 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ 
+ {{% set file_contents = """## Successful file delete
+ -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete
+diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml
+index 37b8b3676..d1be71273 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ 
+ {{% set file_contents = """## Successful file delete
+ -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete
+diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml
+index a46066d62..731636c7f 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ 
+ {{% set file_contents = """## Successful file delete
+ -a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete""" -%}}
+diff --git a/linux_os/guide/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
+index ff5e61676..f7012bed2 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml
+index 2d9279849..ec6477378 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml
+index dae466002..527bc8489 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml
+index f07ff3607..62de7826c 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml
+index c6f796967..7a6e545c4 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml
+index 212ec4ba5..62e1ee6de 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml
+index 92310b977..e76e314a6 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_module_load/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_module_load/kubernetes/shared.yml
+index f8cd8b73d..090554c02 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_module_load/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_module_load/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml
+index 231034a9c..460877cec 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml
+index 6002067e5..0515753c4 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml
+index c122b209f..d1f676a94 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml
+index fa81ece03..7a26684d2 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/service_auditd_enabled/kubernetes/shared.yml b/linux_os/guide/auditing/service_auditd_enabled/kubernetes/shared.yml
+index 89d6152dc..7afbf02b7 100644
+--- a/linux_os/guide/auditing/service_auditd_enabled/kubernetes/shared.yml
++++ b/linux_os/guide/auditing/service_auditd_enabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/auditing/service_auditd_enabled/rule.yml
+index 855978657..1aa6504c6 100644
+--- a/linux_os/guide/auditing/service_auditd_enabled/rule.yml
++++ b/linux_os/guide/auditing/service_auditd_enabled/rule.yml
+@@ -55,7 +55,7 @@ references:
+     srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220,SRG-APP-000095-CTR-000170,SRG-APP-000409-CTR-000990,SRG-APP-000508-CTR-001300,SRG-APP-000510-CTR-001310
+     stigid@ol7: OL07-00-030000
+     stigid@ol8: OL08-00-030181
+-    stigid@rhel8: RHEL-08-030181
++    stigid@almalinux8: RHEL-08-030181
+     stigid@sle12: SLES-12-020010
+     stigid@sle15: SLES-15-030050
+     stigid@ubuntu2004: UBTU-20-010182
+diff --git a/linux_os/guide/services/base/package_abrt_removed/rule.yml b/linux_os/guide/services/base/package_abrt_removed/rule.yml
+index 4613ec199..1e9063ce9 100644
+--- a/linux_os/guide/services/base/package_abrt_removed/rule.yml
++++ b/linux_os/guide/services/base/package_abrt_removed/rule.yml
+@@ -26,7 +26,7 @@ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+     stigid@ol8: OL08-00-040001
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="abrt") }}}
+ 
+diff --git a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda
+index 1f6a233ed..9f3a4d6b4 100644
+--- a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda
++++ b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda
+@@ -1,3 +1,3 @@
+-# platform = multi_platform_rhel,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ 
+ kdump --disable
+diff --git a/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml
+index 6ac54b57b..bb599fdaa 100644
+--- a/linux_os/guide/services/base/service_kdump_disabled/rule.yml
++++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml
+@@ -45,7 +45,7 @@ references:
+     srg: SRG-OS-000269-GPOS-00103,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021300
+     stigid@ol8: OL08-00-010670
+-    stigid@rhel8: RHEL-08-010670
++    stigid@almalinux8: RHEL-08-010670
+     stigid@sle12: SLES-12-010840
+     stigid@sle15: SLES-15-040190
+     stigid@ubuntu2004: UBTU-20-010413
+diff --git a/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml
+index 7977cba9f..2f6eb4edf 100644
+--- a/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml
++++ b/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml
+@@ -1,4 +1,4 @@
+-{{% if product in ["rhel8", "rhel9", "rhel10"] %}}
++{{% if product in ["rhel8", "almalinux8", "rhel9", "rhel10"] %}}
+ {{% set service_name = "crond" %}}
+ {{% else %}}
+ {{% set service_name = "cron" %}}
+diff --git a/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml b/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml
+index 67fc86c42..a397633e8 100644
+--- a/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml
++++ b/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml
+@@ -25,7 +25,7 @@ references:
+   nist: CM-7 (2),CM-7 (5) (b),CM-6 b
+   srg: SRG-OS-000368-GPOS-00154,SRG-OS-000370-GPOS-00155,SRG-OS-000480-GPOS-00232
+   stigid@ol8: OL08-00-040137
+-  stigid@rhel8: RHEL-08-040137
++  stigid@almalinux8: RHEL-08-040137
+ 
+ ocil_clause: 'fapolicyd is not running in enforcement mode with a deny-all, permit-by-exception policy'
+ 
+@@ -40,7 +40,7 @@ ocil: |-
+ 
+     Check that fapolicyd employs a deny-all policy on system mounts with the following commands:
+ 
+-    {{%- if product in ["ol8", "rhel8"] %}}
++    {{%- if product in ["ol8", "rhel8", "almalinux8"] %}}
+     {{% set product_short_name = "OL" if "ol" in product else "RHEL" %}}
+     For {{{ product_short_name }}} 8.5 systems and older:
+     $ sudo tail /etc/fapolicyd/fapolicyd.rules
+@@ -60,7 +60,7 @@ fixtext: |-
+ 
+     permissive = 1
+ 
+-    {{%- if product in ["ol8", "rhel8"] %}}
++    {{%- if product in ["ol8", "rhel8", "almalinux8"] %}}
+     For {{{ product_short_name }}} 8.5 systems and older:
+     Build the whitelist in the "/etc/fapolicyd/fapolicyd.rules" file ensuring the last rule is "deny perm=any all : all".
+ 
+diff --git a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml
+index 5b602d196..83f10383e 100644
+--- a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml
++++ b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml
+@@ -23,7 +23,7 @@ references:
+     nist: CM-6(a),SI-4(22)
+     srg: SRG-OS-000370-GPOS-00155,SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00230
+     stigid@ol8: OL08-00-040135
+-    stigid@rhel8: RHEL-08-040135
++    stigid@almalinux8: RHEL-08-040135
+ 
+ ocil_clause: 'the fapolicyd package is not installed'
+ 
+diff --git a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml
+index d1b5254d2..828ac2fd7 100644
+--- a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml
++++ b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml
+@@ -25,7 +25,7 @@ references:
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000370-GPOS-00155,SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00230
+     stigid@ol8: OL08-00-040136
+-    stigid@rhel8: RHEL-08-040136
++    stigid@almalinux8: RHEL-08-040136
+ 
+ ocil_clause: 'the service is not enabled'
+ 
+diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
+index d811d3f56..11c584793 100644
+--- a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
++++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
+@@ -34,7 +34,7 @@ references:
+     srg: SRG-OS-000074-GPOS-00042,SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040690
+     stigid@ol8: OL08-00-040360
+-    stigid@rhel8: RHEL-08-040360
++    stigid@almalinux8: RHEL-08-040360
+     stigid@sle12: SLES-12-030011
+     stigid@sle15: SLES-15-010030
+ 
+diff --git a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml
+index 181c6b3b0..375c03301 100644
+--- a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml
++++ b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml
+@@ -26,7 +26,7 @@ references:
+     ism: 0418,1055,1402
+     srg: SRG-OS-000120-GPOS-00061
+     stigid@ol8: OL08-00-010161
+-    stigid@rhel8: RHEL-08-010161
++    stigid@almalinux8: RHEL-08-010161
+ 
+ platforms:
+     - krb5_server_older_than_1_17-18 and krb5_workstation_older_than_1_17-18
+diff --git a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml
+index 36dc8de85..e64652a1b 100644
+--- a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml
++++ b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml
+@@ -29,7 +29,7 @@ references:
+     nist: IA-7,IA-7.1
+     srg: SRG-OS-000120-GPOS-00061
+     stigid@ol8: OL08-00-010163
+-    stigid@rhel8: RHEL-08-010163
++    stigid@almalinux8: RHEL-08-010163
+ 
+ platforms:
+     - krb5_server_older_than_1_17-18
+diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh
+index 646e63f4b..cb346ebf4 100644
+--- a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh
++++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ 
+ 
+ # Use LDAP for authentication
+diff --git a/linux_os/guide/services/mail/package_mailx_installed/rule.yml b/linux_os/guide/services/mail/package_mailx_installed/rule.yml
+index ac5972341..4328c61b2 100644
+--- a/linux_os/guide/services/mail/package_mailx_installed/rule.yml
++++ b/linux_os/guide/services/mail/package_mailx_installed/rule.yml
+@@ -24,7 +24,7 @@ references:
+     srg: SRG-OS-000363-GPOS-00150
+     stigid@ol7: OL07-00-020028
+     stigid@ol8: OL08-00-010358
+-    stigid@rhel8: RHEL-08-010358
++    stigid@almalinux8: RHEL-08-010358
+     stigid@sle12: SLES-12-010498
+     stigid@sle15: SLES-15-010418
+ 
+diff --git a/linux_os/guide/services/mail/package_postfix_installed/rule.yml b/linux_os/guide/services/mail/package_postfix_installed/rule.yml
+index 6ba5bd00e..e0188820d 100644
+--- a/linux_os/guide/services/mail/package_postfix_installed/rule.yml
++++ b/linux_os/guide/services/mail/package_postfix_installed/rule.yml
+@@ -19,7 +19,7 @@ identifiers:
+ references:
+     disa: CCI-000139
+     srg: SRG-OS-000046-GPOS-00022
+-    stigid@rhel8: RHEL-08-030030
++    stigid@almalinux8: RHEL-08-030030
+ 
+ ocil_clause: 'the package is not installed'
+ 
+diff --git a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml
+index 8b23a9474..87280428f 100644
+--- a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml
++++ b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml
+@@ -33,7 +33,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-3
+     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000095-GPOS-00049
+     stigid@ol8: OL08-00-040002
+-    stigid@rhel8: RHEL-08-040002
++    stigid@almalinux8: RHEL-08-040002
+ 
+ {{{ complete_ocil_entry_package(package="sendmail") }}}
+ 
+diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml
+index a0330236a..89efc61e4 100644
+--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml
++++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh
+index 001ead7d6..1fc220d8a 100644
+--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh
++++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
+ 
+ {{{ bash_instantiate_variables("var_postfix_root_mail_alias") }}}
+ 
+diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml
+index 6b5349b41..1873724cd 100644
+--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml
++++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias_postmaster/rule.yml
+@@ -30,7 +30,7 @@ references:
+     nist: AU-5(a),AU-5.1(ii)
+     srg: SRG-OS-000046-GPOS-00022
+     stigid@ol8: OL08-00-030030
+-    stigid@rhel8: RHEL-08-030030
++    stigid@almalinux8: RHEL-08-030030
+ 
+ ocil_clause: 'the alias is not set or is not root'
+ 
+diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml
+index ef8290b59..ad730ee5c 100644
+--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml
++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh
+index befe1acf3..e36b1fd3e 100644
+--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh
++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_postfix_inet_interfaces") }}}
+ 
+diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml
+index b66afbaae..b0dab5753 100644
+--- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml
++++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml
+@@ -26,7 +26,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040680
+     stigid@ol8: OL08-00-040290
+-    stigid@rhel8: RHEL-08-040290
++    stigid@almalinux8: RHEL-08-040290
+ 
+ ocil_clause: 'the "smtpd_client_restrictions" parameter contains any entries other than "permit_mynetworks" and "reject"'
+ 
+diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml
+index eaee5b233..41c58ffc4 100644
+--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml
++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml
+@@ -27,7 +27,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010640
+-    stigid@rhel8: RHEL-08-010640
++    stigid@almalinux8: RHEL-08-010640
+ 
+ ocil_clause: 'the setting does not show'
+ 
+diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
+index 6673f2b5b..abeb64446 100644
+--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml
+@@ -33,7 +33,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021021
+     stigid@ol8: OL08-00-010630
+-    stigid@rhel8: RHEL-08-010630
++    stigid@almalinux8: RHEL-08-010630
+     stigid@sle12: SLES-12-010820
+     stigid@sle15: SLES-15-040170
+ 
+diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
+index 11ef40a64..ddc51b730 100644
+--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml
+@@ -31,7 +31,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021020
+     stigid@ol8: OL08-00-010650
+-    stigid@rhel8: RHEL-08-010650
++    stigid@almalinux8: RHEL-08-010650
+     stigid@sle12: SLES-12-010810
+     stigid@sle15: SLES-15-040160
+ 
+diff --git a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh b/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh
+index 4963780f8..c3bc5b0de 100644
+--- a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh
++++ b/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ 
+ {{{ bash_package_remove("ntp") }}}
+ 
+diff --git a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_server_missing.fail.sh b/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_server_missing.fail.sh
+index fdfe38968..92a468e1e 100644
+--- a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_server_missing.fail.sh
++++ b/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_server_missing.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ 
+ {{{ bash_package_remove("ntp") }}}
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh
+index 524cdc7d0..2678708d2 100644
+--- a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh
++++ b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ 
+ {{{ bash_replace_or_append(chrony_conf_path, '^port', '0', '%s %s') }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml
+index c435df983..b80ffbf7b 100644
+--- a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml
++++ b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml
+index 815a75520..8a917babb 100644
+--- a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml
++++ b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml
+@@ -28,7 +28,7 @@ references:
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000096-GPOS-00050,SRG-OS-000095-GPOS-00049
+     stigid@ol8: OL08-00-030741
+-    stigid@rhel8: RHEL-08-030741
++    stigid@almalinux8: RHEL-08-030741
+ 
+ ocil_clause: 'the "port" option is not set to "0", is commented out, or is missing'
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh
+index 25b768688..a1e46bc12 100644
+--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh
++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ 
+ {{{ bash_replace_or_append(chrony_conf_path, '^cmdport', '0', '%s %s') }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml
+index c435df983..b80ffbf7b 100644
+--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml
++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml
+index 5dd6dcdd9..5c94f9f9d 100644
+--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml
++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml
+@@ -26,7 +26,7 @@ references:
+     nist: CM-7(1)
+     srg: SRG-OS-000096-GPOS-00050,SRG-OS-000095-GPOS-00049
+     stigid@ol8: OL08-00-030742
+-    stigid@rhel8: RHEL-08-030742
++    stigid@almalinux8: RHEL-08-030742
+ 
+ ocil_clause: 'the "cmdport" option is not set to "0", is commented out, or is missing'
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml
+index c435df983..b80ffbf7b 100644
+--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml
++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
+index 33ac6c19a..b3de88fff 100644
+--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
+@@ -93,7 +93,7 @@ references:
+     srg: SRG-OS-000355-GPOS-00143,SRG-OS-000356-GPOS-00144,SRG-OS-000359-GPOS-00146
+     stigid@ol7: OL07-00-040500
+     stigid@ol8: OL08-00-030740
+-    stigid@rhel8: RHEL-08-030740
++    stigid@almalinux8: RHEL-08-030740
+     stigid@sle12: SLES-12-030300
+     stigid@sle15: SLES-15-010400
+     stigid@ubuntu2004: UBTU-20-010435
+diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh
+index a7d291916..c1802d791 100644
+--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh
++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh
+@@ -1,7 +1,7 @@
+ #!/bin/bash
+ # packages = chrony
+ # variables = var_time_service_set_maxpoll=16
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ 
+ {{{ bash_package_remove("ntp") }}}
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh
+index f6da9d51f..2eeff701b 100644
+--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh
++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh
+@@ -1,7 +1,7 @@
+ #!/bin/bash
+ # packages = chrony
+ # variables = var_time_service_set_maxpoll=16
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ 
+ {{{ bash_package_remove("ntp") }}}
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh
+index f82c5018e..4ab4df582 100644
+--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh
++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ {{{ bash_instantiate_variables("var_multiple_time_servers") }}}
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml
+index c435df983..b80ffbf7b 100644
+--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml
++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh
+index c8619f66e..141adec0b 100644
+--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh
++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol
+ 
+ {{{ bash_instantiate_variables("var_multiple_time_servers") }}}
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml
+index c435df983..b80ffbf7b 100644
+--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml
++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml
+index b7eaee763..ceeb3228c 100644
+--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml
++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh
+index 2e3d4e406..a348b99df 100644
+--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh
++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # packages = chrony
+ 
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct_multiple_options.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct_multiple_options.pass.sh
+index b75e59c2e..6c3415c34 100644
+--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct_multiple_options.pass.sh
++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct_multiple_options.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # packages = chrony
+ 
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh
+index e7c266e7f..7ce4dd93a 100644
+--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh
++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # packages = chrony
+ 
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh
+index 7b9cbcb9a..154effcbd 100644
+--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh
++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # packages = chrony
+ 
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line.fail.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line.fail.sh
+index 0b8c54cfb..7a44d477b 100644
+--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line.fail.sh
++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # packages = chrony
+ 
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line_2.fail.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line_2.fail.sh
+index 69908e41f..0c506bca3 100644
+--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line_2.fail.sh
++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/wrong_line_2.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # packages = chrony
+ 
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml b/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml
+index 353812b08..2eb12a06e 100644
+--- a/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml
++++ b/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml
+@@ -25,7 +25,7 @@ references:
+     disa: CCI-001890,CCI-004926,CCI-004923
+     srg: SRG-OS-000355-GPOS-00143,SRG-OS-000356-GPOS-00144,SRG-OS-000359-GPOS-00146
+     stigid@ol8: OL08-00-030740
+-    stigid@rhel8: RHEL-08-030740
++    stigid@almalinux8: RHEL-08-030740
+ 
+ ocil_clause: 'an authoritative remote time server is not configured or configured with pool directive'
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh
+index b2427c1d5..2d62ca68b 100644
+--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh
++++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ echo "" > {{{ chrony_conf_path }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh
+index 16c634e0a..e0e0b136a 100644
+--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh
++++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ rm -f {{{ chrony_conf_path }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh
+index 56b414e2e..c28bc2f7f 100644
+--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh
++++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ echo "some line" > {{{ chrony_conf_path }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh
+index 01a21e0b0..3b8082c73 100644
+--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh
++++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ sed -i "^pool.*" {{{ chrony_conf_path }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh
+index 6f45a555f..5d03e6e21 100644
+--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh
++++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ sed -i "^server.*" {{{ chrony_conf_path }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh
+index ec9e58c75..1a31ccf74 100644
+--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh
++++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ sed -i "^pool.*" {{{ chrony_conf_path }}}
+ echo "server 0.pool.ntp.org" > {{{ chrony_conf_path }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml
+index 516a57a68..1b36373e5 100644
+--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml
++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml
+@@ -37,7 +37,7 @@ references:
+     nist: CM-6(a),AU-8(1)(a)
+     pcidss: Req-10.4.3
+     srg: SRG-OS-000355-GPOS-00143
+-    stigid@rhel8: RHEL-08-030740
++    stigid@almalinux8: RHEL-08-030740
+ 
+ ocil_clause: 'a remote time server is not configured'
+ 
+diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh
+index d74bde623..8f83241cd 100644
+--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh
++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ echo "server 0.pool.ntp.org" > {{{ chrony_conf_path }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh
+index 56cee5abd..a8d771d62 100644
+--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh
++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ echo "pool 0.pool.ntp.org" > {{{ chrony_conf_path }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh
+index 50e0715cc..e75a1ec07 100644
+--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh
++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ echo "" > {{{ chrony_conf_path }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh
+index d89bdb1e5..a56b2e0dc 100644
+--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh
++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ rm -f {{{ chrony_conf_path }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh
+index ce121222a..3c7d36f8b 100644
+--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh
++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ echo "some line" > {{{ chrony_conf_path }}}
+ echo "another line" >> {{{ chrony_conf_path }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh
+index 917d2e610..eccff3389 100644
+--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh
++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ echo "server 0.pool.ntp.org" > {{{ chrony_conf_path }}}
+ echo "server 1.pool.ntp.org" >> {{{ chrony_conf_path }}}
+diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh
+index 5f0ad2c6e..7c6175efb 100644
+--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh
++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ echo "server " > {{{ chrony_conf_path }}}
+diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml
+index ff1bfe242..b8fbb95c1 100644
+--- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml
++++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh
+index b322a02cf..f9c83a600 100644
+--- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh
++++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml
+index 722c975d6..e171b138c 100644
+--- a/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml
++++ b/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml
+@@ -48,7 +48,7 @@ template:
+ 
+ platform: package[ntp]
+ 
+-{{% if product in ["rhel8", "rhel9", "sle15"] %}}
++{{% if product in ["rhel8", "almalinux8", "rhel9", "sle15"] %}}
+ warnings:
+     - general:
+         The 
ntp
 package is not available in {{{ full_name }}}. Please
+diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml
+index 8ea49101f..7d4e47fb9 100644
+--- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml
++++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml
+@@ -29,7 +29,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040550
+     stigid@ol8: OL08-00-010460
+-    stigid@rhel8: RHEL-08-010460
++    stigid@almalinux8: RHEL-08-010460
+     stigid@sle12: SLES-12-010410
+     stigid@sle15: SLES-15-040030
+ 
+diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml
+index 9c6fc297c..7db8e8320 100644
+--- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml
++++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh
+index e64838b15..baaa07631 100644
+--- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh
++++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ 
+ find /root -xdev -type f -name ".rhosts" -exec rm -f {} \;
+ find /home -maxdepth 2 -xdev -type f -name ".rhosts" -exec rm -f {} \;
+diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
+index e6cce8607..cb93701a4 100644
+--- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
++++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml
+@@ -32,7 +32,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040540
+     stigid@ol8: OL08-00-010470
+-    stigid@rhel8: RHEL-08-010470
++    stigid@almalinux8: RHEL-08-010470
+     stigid@sle12: SLES-12-010400
+     stigid@sle15: SLES-15-040020
+ 
+diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml
+index 3c2b23136..44a4266fb 100644
+--- a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml
++++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml
+@@ -36,7 +36,7 @@ references:
+     srg: SRG-OS-000095-GPOS-00049
+     stigid@ol7: OL07-00-020000
+     stigid@ol8: OL08-00-040010
+-    stigid@rhel8: RHEL-08-040010
++    stigid@almalinux8: RHEL-08-040010
+     stigid@ubuntu2004: UBTU-20-010406
+     stigid@ubuntu2204: UBTU-22-215030
+ 
+@@ -47,7 +47,7 @@ template:
+     vars:
+         pkgname: rsh-server
+ 
+-{{% if product in ["rhel8", "rhel9"] %}}
++{{% if product in ["rhel8", "almalinux8", "rhel9"] %}}
+ warnings:
+     - general:
+         The package is not available in {{{ full_name }}}.
+diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml
+index 38024ff19..9d507bc24 100644
+--- a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml
++++ b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml
+@@ -56,7 +56,7 @@ template:
+         pkgname@ubuntu2004: rsh-client
+         pkgname@ubuntu2204: rsh-client
+ 
+-{{% if product in ["rhel8", "rhel9"] %}}
++{{% if product in ["rhel8", "almalinux8", "rhel9"] %}}
+ warnings:
+     - general:
+         The package is not available in {{{ full_name }}}.
+diff --git a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml
+index a820ba060..2b38dc61f 100644
+--- a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml
++++ b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml
+@@ -29,7 +29,7 @@ template:
+     vars:
+         pkgname: talk-server
+ 
+-{{% if product in ["rhel8", "rhel9"] %}}
++{{% if product in ["rhel8", "almalinux8", "rhel9"] %}}
+ warnings:
+     - general:
+         The package is not available in {{{ full_name }}}.
+diff --git a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml
+index 5e382e97b..3dcc86722 100644
+--- a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml
++++ b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml
+@@ -38,7 +38,7 @@ template:
+     vars:
+         pkgname: talk
+ 
+-{{% if product in ["rhel8", "rhel9"] %}}
++{{% if product in ["rhel8", "almalinux8", "rhel9"] %}}
+ warnings:
+     - general:
+         The package is not available in {{{ full_name }}}.
+diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
+index 263d036f9..63cfe4fcb 100644
+--- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
++++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
+@@ -46,7 +46,7 @@ references:
+     srg: SRG-OS-000095-GPOS-00049
+     stigid@ol7: OL07-00-021710
+     stigid@ol8: OL08-00-040000
+-    stigid@rhel8: RHEL-08-040000
++    stigid@almalinux8: RHEL-08-040000
+     stigid@sle12: SLES-12-030000
+     stigid@sle15: SLES-15-010180
+ 
+diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
+index 72e6a5780..dbd1dbd76 100644
+--- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
++++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml
+@@ -35,7 +35,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040700
+     stigid@ol8: OL08-00-040190
+-    stigid@rhel8: RHEL-08-040190
++    stigid@almalinux8: RHEL-08-040190
+ 
+ {{{ complete_ocil_entry_package(package="tftp-server") }}}
+ 
+diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml
+index 8b3864392..0c9ad8711 100644
+--- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml
++++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml
+@@ -6,7 +6,7 @@ title: 'Ensure tftp Daemon Uses Secure Mode'
+ description: |-
+     If running the Trivial File Transfer Protocol (TFTP) service is necessary,
+     it should be configured to change its root directory at startup. To do so,
+-    {{%- if product in ["ol7","rhel8","ol8","rhv4"] %}}
++    {{%- if product in ["ol7","rhel8", "almalinux8","ol8","rhv4"] %}}
+     ensure /etc/xinetd.d/tftp includes -s as a command line argument,
+     as shown in the following example:
+     
server_args = -s {{{ xccdf_value("var_tftpd_secure_directory") }}}

+@@ -45,10 +45,10 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040720
+     stigid@ol8: OL08-00-040350
+-    stigid@rhel8: RHEL-08-040350
++    stigid@almalinux8: RHEL-08-040350
+ 
+ ocil_clause: |-
+-{{%- if product in ["ol7","rhel8","ol8","rhv4"] %}}
++{{%- if product in ["ol7","rhel8", "almalinux8","ol8","rhv4"] %}}
+     '"server_args" line does not have a "-s" option, and a subdirectory is not assigned'
+ {{%- else %}}
+     'the "ExecStart" line does not have a "-s" option, and a subdirectory is not assigned'
+@@ -58,7 +58,7 @@ ocil: |-
+     Verify the TFTP daemon is configured to operate in secure mode.
+ 
+     Check if a TFTP server is installed with the following command:
+-    {{% if product in ["ol7","rhel8","ol8","rhv4"] %}}
++    {{% if product in ["ol7","rhel8", "almalinux8","ol8","rhv4"] %}}
+     
$ rpm -qa | grep tftp

+     {{% else %}}
+     
$ sudo dnf list --installed tftp-server
+@@ -68,7 +68,7 @@ ocil: |-
+ 
+     If a TFTP server is not installed, this is Not Applicable.
+     


+-    {{% if product in ["ol7","rhel8","ol8","rhv4"] %}}
++    {{% if product in ["ol7","rhel8", "almalinux8","ol8","rhv4"] %}}
+     If a TFTP server is installed, verify TFTP is configured by with
+     the -s option by running the following command:
+ 
+@@ -82,7 +82,7 @@ ocil: |-
+     {{% endif %}}
+ 
+ fixtext: |-
+-    {{%- if product in ["ol7","rhel8","ol8","rhv4"] %}}
++    {{%- if product in ["ol7","rhel8", "almalinux8","ol8","rhv4"] %}}
+     Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value):
+ 
+     server_args = -s {{{ xccdf_value("var_tftpd_secure_directory") }}}
+diff --git a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
+index df5f18c3b..d4339ebfd 100644
+--- a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
++++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
+@@ -23,7 +23,7 @@ references:
+     disa: CCI-000366
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010473
+-    stigid@rhel8: RHEL-08-010471
++    stigid@almalinux8: RHEL-08-010471
+ 
+ {{% if product == "ol8" %}}
+ platform: os_linux[ol]<8.4 or not runtime_kernel_fips_enabled
+diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml
+index a66068605..f25b95045 100644
+--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml
++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh
+index 9e1f01f53..d7d4c2651 100644
+--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh
++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ ######################################################################
+ #By Luke "Brisk-OH" Brisk
+ #luke.brisk@boeing.com or luke.brisk@gmail.com
+diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh
+index a869e7ad6..d9e84b5d7 100644
+--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh
++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ if grep -s "rwuser" /etc/snmp/snmpd.conf | grep -qv "^#"; then
+ 	sed -i "/^\s*#/b;/rwuser/ s/^/#/" /etc/snmp/snmpd.conf
+diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml
+index ca07eef0e..9a56d0833 100644
+--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml
++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
++# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh
+index c54b259d0..78a682cc8 100644
+--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh
++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
++# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+ 
+ {{{ bash_instantiate_variables("var_snmpd_ro_string", "var_snmpd_rw_string") }}}
+ 
+diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh
+index cd5171c1b..6301578ba 100644
+--- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh
++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ if ! grep -q ssh_keys /etc/group; then
+     groupadd ssh_keys
+diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh
+index 840370623..c64f052be 100644
+--- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh
++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ test_group="cac_testgroup"
+ groupadd $test_group
+diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh
+index 4964fe4a1..f5fd88dd3 100644
+--- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh
++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ test_group="cac_testgroup"
+ groupadd $test_group
+diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh
+index 8028e0466..36ebda0b3 100644
+--- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh
++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX.pub)
+ chgrp root "$FAKE_KEY"
+diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh
+index 56c713f3d..505f3adfb 100644
+--- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh
++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ test_group="cac_testgroup"
+ groupadd $test_group
+diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh
+index 7cffa2c97..9c0f3a28b 100644
+--- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh
++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ rm -f /etc/ssh/*.pub
+diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh
+index b6bef987d..799d5044b 100644
+--- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh
++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ test_group="cac_testgroup"
+ groupadd $test_group
+diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh
+index b36e8a3d7..494455df2 100644
+--- a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh
++++ b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key)
+ chown root "$FAKE_KEY"
+diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh
+index 30da398eb..4ee3a3c1f 100644
+--- a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh
++++ b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ test_user="cac_testuser"
+ useradd $test_user
+diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh
+index 59f414be3..484da1eec 100644
+--- a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh
++++ b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ test_user="cac_testuser"
+ useradd $test_user
+diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh
+index adc985a1a..489f65995 100644
+--- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh
++++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX.pub)
+ chown root "$FAKE_KEY"
+diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh
+index 4fa528fe3..bbc3c6147 100644
+--- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh
++++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ test_user="cac_testuser"
+ useradd $test_user
+diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh
+index 16878dc1d..6c3983a9d 100644
+--- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh
++++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ test_user="cac_testuser"
+ useradd $test_user
+diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
+index 7469527d6..e83611da2 100644
+--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
++++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
+@@ -53,7 +53,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040420
+     stigid@ol8: OL08-00-010490
+-    stigid@rhel8: RHEL-08-010490
++    stigid@almalinux8: RHEL-08-010490
+     stigid@sle12: SLES-12-030220
+     stigid@sle15: SLES-15-040250
+ 
+diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altcorrect_permissions.pass.sh b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altcorrect_permissions.pass.sh
+index 28325e1f7..d19148a0b 100644
+--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altcorrect_permissions.pass.sh
++++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altcorrect_permissions.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key)
+ chown root:ssh_keys "$FAKE_KEY"
+diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altlenient_permissions.fail.sh b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altlenient_permissions.fail.sh
+index 63e2d8642..8a5a658b5 100644
+--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altlenient_permissions.fail.sh
++++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/altlenient_permissions.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key)
+ chown root:ssh_keys "$FAKE_KEY"
+diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/supercompliance.pass.sh b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/supercompliance.pass.sh
+index 48ecfbcac..c5a05db8b 100644
+--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/supercompliance.pass.sh
++++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/tests/supercompliance.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key)
+ chown root:ssh_keys "$FAKE_KEY"
+diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
+index 6b70b8e5c..ba1394e94 100644
+--- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
++++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
+@@ -37,7 +37,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040410
+     stigid@ol8: OL08-00-010480
+-    stigid@rhel8: RHEL-08-010480
++    stigid@almalinux8: RHEL-08-010480
+     stigid@sle12: SLES-12-030210
+     stigid@sle15: SLES-15-040240
+ 
+diff --git a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml
+index 27e2fe7ba..5cfd5d9c9 100644
+--- a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml
++++ b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml
+@@ -31,7 +31,7 @@ references:
+     srg: SRG-OS-000423-GPOS-00187,SRG-OS-000424-GPOS-00188,SRG-OS-000425-GPOS-00189,SRG-OS-000426-GPOS-00190
+     stigid@ol7: OL07-00-040300
+     stigid@ol8: OL08-00-040159
+-    stigid@rhel8: RHEL-08-040159
++    stigid@almalinux8: RHEL-08-040159
+     stigid@ubuntu2004: UBTU-20-010042
+     stigid@ubuntu2204: UBTU-22-255010
+ 
+diff --git a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
+index a8774a1b5..a2c9081ba 100644
+--- a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
++++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
+@@ -40,7 +40,7 @@ references:
+     srg: SRG-OS-000423-GPOS-00187,SRG-OS-000424-GPOS-00188,SRG-OS-000425-GPOS-00189,SRG-OS-000426-GPOS-00190
+     stigid@ol7: OL07-00-040310
+     stigid@ol8: OL08-00-040160
+-    stigid@rhel8: RHEL-08-040160
++    stigid@almalinux8: RHEL-08-040160
+     stigid@sle12: SLES-12-030100
+     stigid@sle15: SLES-15-010530
+     stigid@ubuntu2004: UBTU-20-010042
+diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml
+index 1c878701e..be1bff4cf 100644
+--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml
++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh
+index 3df859f35..e2ab18861 100644
+--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh
++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
+ 
+ # put line into the file
+ echo "setenv SSH_USE_STRONG_RNG 32" > /etc/profile.d/cc-ssh-strong-rng.csh
+diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml
+index 29c646020..1be957f95 100644
+--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml
++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh
+index 13306db45..7a5ca21fc 100644
+--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh
++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
+ 
+ # put line into the file
+ echo "export SSH_USE_STRONG_RNG=32" > /etc/profile.d/cc-ssh-strong-rng.sh
+diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml
+index 022d46803..1c9c8880b 100644
+--- a/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml
+@@ -26,7 +26,7 @@ references:
+     disa: CCI-000186
+     srg: SRG-OS-000067-GPOS-00035
+     stigid@ol8: OL08-00-010100
+-    stigid@rhel8: RHEL-08-010100
++    stigid@almalinux8: RHEL-08-010100
+ 
+ ocil_clause: 'no ssh private key is accessible without a passcode'
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml
+index 5a97f74df..104b27f3f 100644
+--- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml
++++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
+index 8f9ec93a5..4137c8051 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
+@@ -52,7 +52,7 @@ references:
+     srg: SRG-OS-000106-GPOS-00053,SRG-OS-000480-GPOS-00229,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-010300
+     stigid@ol8: OL08-00-020330
+-    stigid@rhel8: RHEL-08-020330
++    stigid@almalinux8: RHEL-08-020330
+     stigid@sle12: SLES-12-030150
+     stigid@sle15: SLES-15-040440
+     stigid@ubuntu2004: UBTU-20-010047
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml
+index 45010c036..2aca7eeb8 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml
+@@ -42,7 +42,7 @@ references:
+     srg: SRG-OS-000364-GPOS-00151,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040430
+     stigid@ol8: OL08-00-010522
+-    stigid@rhel8: RHEL-08-010522
++    stigid@almalinux8: RHEL-08-010522
+ 
+ {{{ complete_ocil_entry_sshd_option(default="yes", option="GSSAPIAuthentication", value="no") }}}
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml
+index baa1a8c31..9591371cc 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000364-GPOS-00151,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040440
+     stigid@ol8: OL08-00-010521
+-    stigid@rhel8: RHEL-08-010521
++    stigid@almalinux8: RHEL-08-010521
+ 
+ {{{ complete_ocil_entry_sshd_option(default="yes", option="KerberosAuthentication", value="no") }}}
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
+index 9a07f75ee..9a2244fbb 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
+@@ -49,7 +49,7 @@ references:
+     srg: SRG-OS-000109-GPOS-00056,SRG-OS-000480-GPOS-00227,SRG-APP-000148-CTR-000335,SRG-APP-000190-CTR-000500
+     stigid@ol7: OL07-00-040370
+     stigid@ol8: OL08-00-010550
+-    stigid@rhel8: RHEL-08-010550
++    stigid@almalinux8: RHEL-08-010550
+     stigid@sle12: SLES-12-030140
+     stigid@sle15: SLES-15-020040
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml
+index 362fe2673..a091f8c9b 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml
+@@ -39,7 +39,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040380
+     stigid@ol8: OL08-00-010520
+-    stigid@rhel8: RHEL-08-010520
++    stigid@almalinux8: RHEL-08-010520
+     stigid@sle12: SLES-12-030200
+     stigid@sle15: SLES-15-040230
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
+index f520fbad5..63e00a574 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040710
+     stigid@ol8: OL08-00-040340
+-    stigid@rhel8: RHEL-08-040340
++    stigid@almalinux8: RHEL-08-040340
+     stigid@sle15: SLES-15-040290
+     stigid@ubuntu2004: UBTU-20-010048
+     stigid@ubuntu2204: UBTU-22-255040
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
+index 8c524bdcd..4da257f8e 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
+@@ -47,7 +47,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00229
+     stigid@ol7: OL07-00-010460
+     stigid@ol8: OL08-00-010830
+-    stigid@rhel8: RHEL-08-010830
++    stigid@almalinux8: RHEL-08-010830
+     stigid@sle12: SLES-12-030151
+     stigid@sle15: SLES-15-040440
+     stigid@ubuntu2004: UBTU-20-010047
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
+index 3320ebf99..15111b069 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040450
+     stigid@ol8: OL08-00-010500
+-    stigid@rhel8: RHEL-08-010500
++    stigid@almalinux8: RHEL-08-010500
+     stigid@sle12: SLES-12-030230
+     stigid@sle15: SLES-15-040260
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
+index 6888999e6..ee6da669f 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
+@@ -45,7 +45,7 @@ references:
+     srg: SRG-OS-000023-GPOS-00006,SRG-OS-000228-GPOS-00088
+     stigid@ol7: OL07-00-040170
+     stigid@ol8: OL08-00-010040
+-    stigid@rhel8: RHEL-08-010040
++    stigid@almalinux8: RHEL-08-010040
+     stigid@sle12: SLES-12-030050
+     stigid@sle15: SLES-15-010040
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml
+index ef2ba3929..c0cbe8629 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml
+@@ -38,7 +38,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040360
+     stigid@ol8: OL08-00-020350
+-    stigid@rhel8: RHEL-08-020350
++    stigid@almalinux8: RHEL-08-020350
+     stigid@sle12: SLES-12-030130
+     stigid@sle15: SLES-15-020120
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml
+index 897603d8f..8d4d45030 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml
+@@ -28,7 +28,7 @@ references:
+     ospp: FCS_SSH_EXT.1.8
+     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000033-GPOS-00014
+     stigid@ol8: OL08-00-040161
+-    stigid@rhel8: RHEL-08-040161
++    stigid@almalinux8: RHEL-08-040161
+ 
+ ocil_clause: 'it is commented out or is not set'
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ospp_ok.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ospp_ok.pass.sh
+index a31a14f8a..08ad17d7b 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ospp_ok.pass.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ospp_ok.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ 
+ mkdir -p /etc/ssh/sshd_config.d
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
+index 696e203cd..854132594 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml
+@@ -53,7 +53,7 @@ references:
+     srg: SRG-OS-000126-GPOS-00066,SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109,SRG-OS-000395-GPOS-00175
+     stigid@ol7: OL07-00-040320
+     stigid@ol8: OL08-00-010201
+-    stigid@rhel8: RHEL-08-010201
++    stigid@almalinux8: RHEL-08-010201
+     stigid@sle12: SLES-12-030190
+     stigid@sle15: SLES-15-010280
+     stigid@ubuntu2004: UBTU-20-010037
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
+index 75789bf3b..1c230359d 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml
+@@ -52,7 +52,7 @@ references:
+     pcidss: Req-8.1.8
+     srg: SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109
+     stigid@ol8: OL08-00-010200
+-    stigid@rhel8: RHEL-08-010200
++    stigid@almalinux8: RHEL-08-010200
+     stigid@sle12: SLES-12-030191
+     stigid@sle15: SLES-15-010320
+     stigid@ubuntu2004: UBTU-20-010036
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh
+index e38b6bf60..4658991c3 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ 
+ if grep -q "^Ciphers" /etc/ssh/sshd_config; then
+ 	sed -i "s/^Ciphers.*/Ciphers aes192-ctr,aes128-ctr/" /etc/ssh/sshd_config
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml
+index bfd521ac1..97642c41c 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml
+@@ -47,7 +47,7 @@ references:
+     srg: SRG-OS-000250-GPOS-00093
+     stigid@ol7: OL07-00-040712
+     stigid@ol8: OL08-00-040342
+-    stigid@rhel8: RHEL-08-040342
++    stigid@almalinux8: RHEL-08-040342
+     stigid@sle12: SLES-12-030270
+     stigid@sle15: SLES-15-040450
+     stigid@ubuntu2004: UBTU-20-010045
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh
+index 925d9862f..d3146b477 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh
+index a2af968bb..34dc5eae4 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh
+index b99287bd4..49cfc66c0 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh
+index 0dc5ce52d..2e01aa869 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/default_fips.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/default_fips.pass.sh
+index 3fd2901a9..2e3d34fef 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/default_fips.pass.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/default_fips.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh
+index d0fdba3e0..562580591 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ source common.sh
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh
+index 46040718a..82010363d 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh
+index 15cf3f7fa..be91dfca7 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh
+index edb2553d2..2bfd42c86 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh
+@@ -1,3 +1,3 @@
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^MACs', "hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com", '%s %s') }}}
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh
+index b903a7a08..cd6f95db4 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh
+@@ -1,3 +1,3 @@
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^MACs', "wrong_value_expected_to_fail.com", '%s %s') }}}
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh
+index e0a7f0ac5..20fbef899 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ 
+ if grep -q "^MACs" /etc/ssh/sshd_config; then
+ 	sed -i "s/^MACs.*/MACs hmac-sha2-512/" /etc/ssh/sshd_config
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh
+index ba493f99f..dad0a61e3 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ sed -i 's/^\s*Ciphers\s.*//i' /etc/ssh/sshd_config
+ echo "Ciphers aes256-ctr" >> /etc/ssh/sshd_config
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh
+index 27a2e37ac..3e678dccb 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh
+@@ -1,3 +1,3 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ sed -i 's/^\s*Ciphers\s/# &/i' /etc/ssh/sshd_config
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh
+index ca08e633a..f90fa48d6 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ sed -i 's/^\s*MACs\s.*//i' /etc/ssh/sshd_config
+ echo "MACs hmac-sha2-512" >> /etc/ssh/sshd_config
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh
+index 5a98fc0eb..846cdd444 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh
+@@ -1,3 +1,3 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ sed -i 's/^\s*MACs\s/# &/i' /etc/ssh/sshd_config
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml
+index 20d36dd38..5f1cc3ab5 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml
+@@ -29,7 +29,7 @@ references:
+     disa: CCI-000366
+     srg: SRG-OS-000480-GPOS-00232,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010292
+-    stigid@rhel8: RHEL-08-010292
++    stigid@almalinux8: RHEL-08-010292
+ 
+ ocil: |-
+     To determine whether the SSH service is configured to use strong entropy seed,
+diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
+index 6fb515baf..62d97825a 100644
+--- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
++++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml
+@@ -37,7 +37,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040711
+     stigid@ol8: OL08-00-040341
+-    stigid@rhel8: RHEL-08-040341
++    stigid@almalinux8: RHEL-08-040341
+     stigid@sle12: SLES-12-030261
+     stigid@ubuntu2004: UBTU-20-010049
+     stigid@ubuntu2204: UBTU-22-255045
+diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml
+index 202fc7f44..711cc57c6 100644
+--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml
++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh
+index 68a6a1291..740c94e10 100644
+--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh
++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ {{{ bash_instantiate_variables("var_sssd_ldap_tls_ca_dir") }}}
+ 
+diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml
+index 891b3e2f9..6cb0bce26 100644
+--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml
++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh
+index 5c83263bc..91e28ba16 100644
+--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh
++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh
+@@ -1,3 +1,3 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ {{{ bash_sssd_ldap_config(parameter="ldap_tls_reqcert", value="demand") }}}
+diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml
+index b38bc41fe..33c5c9034 100644
+--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml
++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh
+index 564e32815..02bed6db8 100644
+--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh
++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ {{{ bash_sssd_ldap_config(parameter="ldap_id_use_start_tls", value="true") }}}
+ 
+diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml
+index 02cfde93e..1b9644302 100644
+--- a/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml
++++ b/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh b/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh
+index a7e449e52..84da3094e 100644
+--- a/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh
++++ b/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml b/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml
+index abff8a19d..cb6b4e213 100644
+--- a/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml
++++ b/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml
+@@ -25,7 +25,7 @@ references:
+     nist: IA-2(11)
+     srg: SRG-OS-000375-GPOS-00160,SRG-OS-000377-GPOS-00162
+     stigid@ol8: OL08-00-010400
+-    stigid@rhel8: RHEL-08-010400
++    stigid@almalinux8: RHEL-08-010400
+ 
+ ocil_clause: 'certificate_verification in sssd is not configured'
+ 
+diff --git a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml
+index 0c4a9a86a..1c957d991 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml
++++ b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml
+@@ -31,7 +31,7 @@ references:
+    nist: IA-5 (2) (c)
+    srg: SRG-OS-000068-GPOS-00036
+    stigid@ol8: OL08-00-020090
+-   stigid@rhel8: RHEL-08-020090
++   stigid@almalinux8: RHEL-08-020090
+ 
+ warnings:
+     - general: |-
+diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh
+index 09e863e4a..ba1f546e9 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh
++++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ 
+ 
+ 
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml
+index 00f88e11d..328633728 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml
+@@ -47,7 +47,7 @@
+     replace: 'pam_cert_auth = True'
+   with_items: "{{ sssd_conf_d_files.files }}"
+ 
+-{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
++{{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
+ - name: '{{{ rule_title }}} - Check if system relies on authselect'
+   ansible.builtin.stat:
+     path: /usr/bin/authselect
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh
+index b896f4f7d..af7771778 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh
+@@ -13,7 +13,7 @@ umask u=rw,go=
+ 
+ umask $OLD_UMASK
+ 
+-{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
++{{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
+ if [ -f /usr/bin/authselect ]; then
+     {{{ bash_enable_authselect_feature('with-smartcard') | indent(4) }}}
+ else
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/oval/shared.xml b/linux_os/guide/services/sssd/sssd_enable_smartcards/oval/shared.xml
+index 1cadee2e4..1c1a2507f 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/oval/shared.xml
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/oval/shared.xml
+@@ -5,7 +5,7 @@
+     
+       
+-      {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
++      {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
+       
+       (?i)true
+   
+ 
+-  {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
++  {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
+   
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
+index e729a6822..9563926af 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
+@@ -10,7 +10,7 @@ description: |-
+     
[pam]
+     pam_cert_auth = True
+     

+-    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
++    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
+     Add or update "pam_sss.so" line in auth section of "/etc/pam.d/system-auth" file to include
+     "try_cert_auth" or "require_cert_auth" option, like in the following example:
+     
+@@ -48,7 +48,7 @@ references:
+     pcidss: Req-8.3
+     srg: SRG-OS-000375-GPOS-00160,SRG-OS-000105-GPOS-00052,SRG-OS-000106-GPOS-00053,SRG-OS-000107-GPOS-00054,SRG-OS-000108-GPOS-00055
+     stigid@ol8: OL08-00-020250
+-    stigid@rhel8: RHEL-08-020250
++    stigid@almalinux8: RHEL-08-020250
+ 
+ ocil_clause: 'smart cards are not enabled in SSSD'
+ 
+@@ -58,7 +58,7 @@ ocil: |-
+     If configured properly, output should be
+     
pam_cert_auth = True

+ 
+-    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
++    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
+     To verify that smart cards are enabled in PAM files, run the following command:
+     
$ sudo grep -e "auth.*pam_sss\.so.*\(allow_missing_name\|try_cert_auth\)" /etc/pam.d/smartcard-auth /etc/pam.d/system-auth

+     If configured properly, output should be
+@@ -73,7 +73,7 @@ fixtext: |-
+ 
+     pam_cert_auth = True
+ 
+-    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}}
++    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
+     Enable the with-smartcard feature using the authselect command:
+     sudo authselect enable-feature with-smartcard
+     sudo authselect apply-changes -b
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh
+index bcaae2a60..53947d224 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,sssd
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # remediation = none
+ 
+ SSSD_FILE="/etc/sssd/sssd.conf"
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh
+index 5f4aaa725..be9cee3f3 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,sssd
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSSD_FILE="/etc/sssd/sssd.conf"
+ echo "[pam]" > $SSSD_FILE
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh
+index 860e0bb6c..b1763e438 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,sssd
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSSD_FILE="/etc/sssd/sssd.conf"
+ echo "[pam]" > $SSSD_FILE
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_conf_d.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_conf_d.pass.sh
+index 7e2019cff..ca200076f 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_conf_d.pass.sh
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_conf_d.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,sssd
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSSD_FILE="/etc/sssd/conf.d/unused.conf"
+ echo "[pam]" > $SSSD_FILE
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh
+index 78b79752a..2f436c9e9 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,sssd
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSSD_FILE="/etc/sssd/sssd.conf"
+ echo "[pam]" > $SSSD_FILE
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh
+index aaf33d7b0..a20a8c190 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,sssd
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSSD_FILE="/etc/sssd/sssd.conf"
+ echo "[pam]" > $SSSD_FILE
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false_conf_d.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false_conf_d.fail.sh
+index b1ed28f39..576cf7649 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false_conf_d.fail.sh
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false_conf_d.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,sssd
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSSD_FILE="/etc/sssd/conf.d/unused.conf"
+ echo "[pam]" > $SSSD_FILE
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh
+index 85bb1de67..a1ef34292 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,sssd
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSSD_FILE="/etc/sssd/sssd.conf"
+ echo "[pam]" > $SSSD_FILE
+diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh
+index 43e19d382..2848e2072 100644
+--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh
++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,sssd
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSSD_FILE="/etc/sssd/sssd.conf"
+ rm -f $SSSD_FILE
+diff --git a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
+index ceeecb8cb..09ff7a09b 100644
+--- a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
++++ b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
+@@ -37,7 +37,7 @@ references:
+   nist: IA-5 (2) (a)
+   srg: SRG-OS-000066-GPOS-00034,SRG-OS-000384-GPOS-00167
+   stigid@ol8: OL08-00-010090
+-  stigid@rhel8: RHEL-08-010090
++  stigid@almalinux8: RHEL-08-010090
+ 
+ warnings:
+     - general: |-
+diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml
+index 0817b532e..f27acd4e2 100644
+--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml
++++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
+index 6a8a81817..2f380920e 100644
+--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
++++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ 
+ {{{ bash_instantiate_variables("var_sssd_memcache_timeout") }}}
+ 
+diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml
+index 89bba2055..e5967d9dd 100644
+--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml
++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml
+@@ -4,7 +4,7 @@
+     
+       
+-      {{% if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
++      {{% if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
+       
+       {{% endif %}}
+@@ -25,7 +25,7 @@
+   
+     1
+   
+-  {{% if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
++  {{% if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
+   
+diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
+index dfa576a1c..311e0cafa 100644
+--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
+@@ -5,7 +5,7 @@ title: 'Configure SSSD to Expire Offline Credentials'
+ 
+ description: |-
+     SSSD should be configured to expire offline credentials after 1 day.
+-    {{% if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
++    {{% if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
+     Check if SSSD allows cached authentications with the following command:
+     
+     $ sudo grep cache_credentials /etc/sssd/sssd.conf
+@@ -45,7 +45,7 @@ references:
+     nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
+     srg: SRG-OS-000383-GPOS-00166
+     stigid@ol8: OL08-00-020290
+-    stigid@rhel8: RHEL-08-020290
++    stigid@almalinux8: RHEL-08-020290
+     stigid@sle12: SLES-12-010680
+     stigid@sle15: SLES-15-010500
+     stigid@ubuntu2004: UBTU-20-010441
+@@ -54,7 +54,7 @@ references:
+ ocil_clause: 'it does not exist or is not configured properly'
+ 
+ ocil: |-
+-    {{% if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
++    {{% if product in ["ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}}
+     Check if SSSD allows cached authentications with the following command:
+     
+     $ sudo grep cache_credentials /etc/sssd/sssd.conf
+diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh
+index 7bf7526b9..002925ac9 100644
+--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh
++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh
+@@ -1,7 +1,7 @@
+ #!/bin/bash
+ # packages = sssd
+ 
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ source common.sh
+ 
+ echo -e "[pam]\noffline_credentials_expiration = 2" >> $SSSD_CONF
+diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
+index 3da9609d7..06586bd8a 100644
+--- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
++++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ MAIN_CONF="/etc/sssd/conf.d/ospp.conf"
+ 
+diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml
+index b92e1d3a6..747a90b31 100644
+--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml
++++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh
+index f066ef1bd..01254fa6f 100644
+--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh
++++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ {{{ bash_instantiate_variables("var_sssd_ssh_known_hosts_timeout") }}}
+ 
+diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml
+index 331627492..72a361b30 100644
+--- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml
++++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml
+@@ -1,3 +1,3 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+ {{{ kubernetes_usbguard_set(["xccdf_org.ssgproject.content_rule_package_usbguard_installed"]) }}}
+diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
+index c1e549877..611b62e64 100644
+--- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
++++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
+@@ -27,7 +27,7 @@ references:
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000062-GPOS-00031,SRG-OS-000471-GPOS-00215,SRG-APP-000141-CTR-000315
+     stigid@ol8: OL08-00-030603
+-    stigid@rhel8: RHEL-08-030603
++    stigid@almalinux8: RHEL-08-030603
+ 
+ platform: package[usbguard]
+ 
+diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml
+index 9f18591b3..b49d5217a 100644
+--- a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml
++++ b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
+index 2e8ab4691..d1078274f 100644
+--- a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
++++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
+@@ -49,7 +49,7 @@ references:
+     nist: CM-8(3),IA-3
+     srg: SRG-OS-000378-GPOS-00163,SRG-APP-000141-CTR-000315
+     stigid@ol8: OL08-00-040139
+-    stigid@rhel8: RHEL-08-040139
++    stigid@almalinux8: RHEL-08-040139
+ 
+ ocil_clause: 'the package is not installed'
+ 
+diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml
+index e9c55dfb0..9be805c13 100644
+--- a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml
++++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ metadata:
+diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
+index e8112110a..b42279c97 100644
+--- a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
++++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
+@@ -26,7 +26,7 @@ references:
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000378-GPOS-00163,SRG-APP-000141-CTR-000315
+     stigid@ol8: OL08-00-040141
+-    stigid@rhel8: RHEL-08-040141
++    stigid@almalinux8: RHEL-08-040141
+ 
+ ocil_clause: 'the service is not enabled'
+ 
+diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml
+index 5ef460be8..8a12559f6 100644
+--- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml
++++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+ {{% macro usbguard_hid_and_hub_config_source() %}}
+ allow with-interface match-all { 03:*:* 09:00:* }
+ {{%- endmacro -%}}
+diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml
+index cca593262..5ac5c0678 100644
+--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml
++++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh
+index 88d55f160..f2f336700 100644
+--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh
++++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
+index c5d5738db..f1010c040 100644
+--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
++++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
+@@ -25,7 +25,7 @@ references:
+     nist: CM-8(3)(a),IA-3
+     srg: SRG-OS-000378-GPOS-00163
+     stigid@ol8: OL08-00-040140
+-    stigid@rhel8: RHEL-08-040140
++    stigid@almalinux8: RHEL-08-040140
+ 
+ ocil_clause: 'there is no evidence that unauthorized peripherals are being blocked before establishing a connection'
+ 
+diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml
+index 6980dd0e2..20c40703e 100644
+--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml
++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_ol
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
+index fc227651b..e3c893048 100644
+--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
+@@ -40,7 +40,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040730
+     stigid@ol8: OL08-00-040320
+-    stigid@rhel8: RHEL-08-040320
++    stigid@almalinux8: RHEL-08-040320
+ 
+ ocil_clause: 'xorg related packages are not removed and run level is not correctly configured'
+ 
+diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
+index bb4f6cd93..1251a07c6 100644
+--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
+@@ -37,7 +37,7 @@ references:
+     nist-csf: PR.AC-3,PR.PT-4
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040321
+-    stigid@rhel8: RHEL-08-040321
++    stigid@almalinux8: RHEL-08-040321
+ 
+ ocil_clause: 'the system default target is not set to "multi-user.target" and the Information System Security Officer (ISSO) lacks a documented requirement for a graphical user interface'
+ 
+diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
+index e0bdca6be..9ce5132f6 100644
+--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_sle
++# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ 
+ systemctl set-default multi-user.target
+diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
+index 9ec0cae93..4487412e5 100644
+--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_sle
++# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ 
+ ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
+index 3df966d45..25eb0ca24 100644
+--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
++# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle
+ 
+ systemctl set-default graphical.target
+diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
+index d3da2f113..a90d73d4b 100644
+--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
++# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle
+ 
+ ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
+diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
+index 58d38f9a2..4eea80461 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
+index bfa9ddc92..cd29e3739 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("login_banner_text") }}}
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml
+index c2feb1fbc..116c6cde5 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ metadata:
+diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
+index f26873ada..f9eab4878 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
+@@ -120,7 +120,7 @@ references:
+     srg: SRG-OS-000023-GPOS-00006,SRG-OS-000228-GPOS-00088
+     stigid@ol7: OL07-00-010050
+     stigid@ol8: OL08-00-010060
+-    stigid@rhel8: RHEL-08-010060
++    stigid@almalinux8: RHEL-08-010060
+     stigid@sle12: SLES-12-010030
+     stigid@sle15: SLES-15-010020
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
+index 5735d2035..0ca7771ef 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
+index 4d77e8336..4ed727fc5 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("motd_banner_text") }}}
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml
+index 5814a30bd..aa4aa4c5c 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
+index a1f30e5c3..62a7e0658 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
+@@ -53,7 +53,7 @@ references:
+     srg: SRG-OS-000023-GPOS-00006,SRG-OS-000228-GPOS-00088
+     stigid@ol7: OL07-00-010030
+     stigid@ol8: OL08-00-010049
+-    stigid@rhel8: RHEL-08-010049
++    stigid@almalinux8: RHEL-08-010049
+     stigid@sle12: SLES-12-010040
+     stigid@sle15: SLES-15-010080
+     stigid@ubuntu2004: UBTU-20-010002
+diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml
+index 86aff54f9..b295782b0 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
+index 6be15fae6..afe502fd9 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
+@@ -57,7 +57,7 @@ references:
+     srg: SRG-OS-000023-GPOS-00006,SRG-OS-000228-GPOS-00088
+     stigid@ol7: OL07-00-010040
+     stigid@ol8: OL08-00-010050
+-    stigid@rhel8: RHEL-08-010050
++    stigid@almalinux8: RHEL-08-010050
+     stigid@sle12: SLES-12-010050
+     stigid@sle15: SLES-15-010090
+     stigid@ubuntu2004: UBTU-20-010003
+diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
+index 1b2e46eff..6c22561e3 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ncp
+ # packages = dconf,gdm
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
+index a3e7ebc0e..c65609786 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ # packages = dconf,gdm
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
+index 4af47e3e0..0fe73b672 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ # packages = dconf,gdm
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
+index e1abf408e..ea28b1697 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ # packages = dconf,gdm
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml b/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
+index b789b906e..18feffa3d 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
+@@ -29,7 +29,7 @@ references:
+     srg: SRG-OS-000373-GPOS-00156,SRG-OS-000373-GPOS-00157,SRG-OS-000373-GPOS-00158
+     stigid@ol7: OL07-00-010344
+     stigid@ol8: OL08-00-010385
+-    stigid@rhel8: RHEL-08-010385
++    stigid@almalinux8: RHEL-08-010385
+     stigid@sle12: SLES-12-010114
+     stigid@sle15: SLES-15-020104
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
+index ad3b44290..562d3b354 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,Red Hat Virtualization 4
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,Red Hat Virtualization 4
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
+index 891d516d5..ff2f7b63b 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,multi_platform_slmicro,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_sle,multi_platform_slmicro,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ 
+ {{%- if "sle" in product or "slmicro" in product or "ubuntu" in product %}}
+ {{%- set pam_lastlog_path = "/etc/pam.d/login" %}}
+diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
+index 60b2ae3a3..9d9f27880 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
+@@ -54,7 +54,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040530
+     stigid@ol8: OL08-00-020340
+-    stigid@rhel8: RHEL-08-020340
++    stigid@almalinux8: RHEL-08-020340
+     stigid@sle12: SLES-12-010390
+     stigid@sle15: SLES-15-020080
+     stigid@ubuntu2004: UBTU-20-010453
+diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh
+index 2cd897b71..944d2dcb6 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ if authselect list-features sssd | grep -q with-silent-lastlog; then
+     authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh
+index 60ede2a24..6e55b3281 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # remediation = none
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_lastlog.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_lastlog.fail.sh
+index 325d5860a..09df07cce 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_lastlog.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_lastlog.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ if authselect list-features sssd | grep -q with-silent-lastlog; then
+     authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
+index 003dc0beb..fd02163bd 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh
+index 28062890d..b04531a5b 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ if ! grep -Eq '^\s*session\s+required\s+pam_namespace.so\s*$' '/etc/pam.d/login' ; then
+     echo "session    required     pam_namespace.so" >> "/etc/pam.d/login"
+ fi
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
+index 533db0328..ef8174729 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
+@@ -21,7 +21,7 @@ references:
+     nist: AC-7 (a)
+     srg: SRG-OS-000021-GPOS-00005
+     stigid@ol8: OL08-00-020026
+-    stigid@rhel8: RHEL-08-020026
++    stigid@almalinux8: RHEL-08-020026
+ 
+ ocil_clause: 'the pam_faillock.so module is not present in the "/etc/pam.d/password-auth" file with the "preauth" line listed before pam_unix.so'
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh
+index 98fab1858..1dc7417b6 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ authselect create-profile test_profile -b sssd
+ authselect select "custom/test_profile" --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/no_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/no_value.fail.sh
+index ce36c2d22..ac0d46b24 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/no_value.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/no_value.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ authselect create-profile test_profile -b sssd
+ authselect select "custom/test_profile" --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
+index 5be40f349..0d7ca9097 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
+@@ -21,7 +21,7 @@ references:
+     nist: AC-7 (a)
+     srg: SRG-OS-000021-GPOS-00005
+     stigid@ol8: OL08-00-020025
+-    stigid@rhel8: RHEL-08-020025
++    stigid@almalinux8: RHEL-08-020025
+ 
+ ocil_clause: 'the pam_faillock.so module is not present in the "/etc/pam.d/system-auth" file with the "preauth" line listed before pam_unix.so'
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/correct_value.pass.sh
+index 98fab1858..1dc7417b6 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/correct_value.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/correct_value.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ authselect create-profile test_profile -b sssd
+ authselect select "custom/test_profile" --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/no_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/no_value.fail.sh
+index ce36c2d22..ac0d46b24 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/no_value.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/tests/no_value.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ authselect create-profile test_profile -b sssd
+ authselect select "custom/test_profile" --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
+index e46b40d68..77a2a4d91 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
+@@ -23,7 +23,7 @@ references:
+     nist: AC-7 (a)
+     srg: SRG-OS-000021-GPOS-00005
+     stigid@ol8: OL08-00-020027,OL08-00-020028
+-    stigid@rhel8: RHEL-08-020027,RHEL-08-020028
++    stigid@almalinux8: RHEL-08-020027,RHEL-08-020028
+ 
+ platform: system_with_kernel
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/ansible/shared.yml
+index e9ecd879f..74e4c0b09 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/bash/shared.sh
+index 63d03f08d..e0eae4498 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ 
+ {{{ bash_pam_faillock_enable() }}}
+ {{{ bash_pam_faillock_parameter_value("audit", authfail=False)}}}
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
+index 5e75c996c..ca16cf405 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
+@@ -1,7 +1,7 @@
+ 
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh
+index e1eb0a970..79ba23b4a 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml
+index 95c3a04db..37caefc2f 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh
+index 365006509..2a10d041b 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ 
+ {{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}}
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
+index fb7bc6dd7..a35c2c411 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
+@@ -54,7 +54,7 @@ references:
+     nist@sle15: IA-5(1)(e),IA-5(1).1(v)
+     pcidss: Req-8.2.5
+     srg: SRG-OS-000077-GPOS-00045
+-    stigid@rhel8: RHEL-08-020220
++    stigid@almalinux8: RHEL-08-020220
+ 
+ ocil_clause: |-
+     the pam_pwhistory.so module is not used, the "remember" module option is not set in
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_conflict_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_conflict_settings.fail.sh
+index bef6bbcea..8263dd4a0 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_conflict_settings.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_conflict_settings.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=5
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_conf.pass.sh
+index 111ed3df6..01534eda1 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=5
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_pam.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_pam.pass.sh
+index cc133d939..7e6f01471 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_pam.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value_pam.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=5
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh
+index f8e697789..4742ed72f 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ if authselect list-features sssd | grep -q with-pwhistory; then
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh
+index 5565977e7..ff8a50427 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ if authselect list-features sssd | grep -q with-pwhistory; then
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh
+index e5af75fdc..6bb8994e3 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = none
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh
+index 7af3472d6..480cc8d34 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ if authselect list-features sssd | grep -q with-pwhistory; then
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_conf.fail.sh
+index f16643985..157d8c8f9 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=3
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_pam.fail.sh
+index debcc53ca..a86b0a1d1 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=3
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml
+index e4be20de0..a9d7e2ec1 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh
+index a55f86dc3..5506f8c40 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ 
+ {{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}}
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
+index 8ad3e9c5d..36690b5fa 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
+@@ -54,7 +54,7 @@ references:
+     nist@sle15: IA-5(1)(e),IA-5(1).1(v)
+     pcidss: Req-8.2.5
+     srg: SRG-OS-000077-GPOS-00045
+-    stigid@rhel8: RHEL-08-020221
++    stigid@almalinux8: RHEL-08-020221
+ 
+ ocil_clause: |-
+     the pam_pwhistory.so module is not used, the "remember" module option is not set in
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh
+index fe238b41b..84c181749 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=5
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_conf.pass.sh
+index bc6d5ab7f..c3c002885 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=5
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_pam.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_pam.pass.sh
+index dd12efbc1..349a46b94 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_pam.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value_pam.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=5
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
+index b97a9bfdb..11a006ae9 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ if authselect list-features sssd | grep -q with-pwhistory; then
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
+index afdbbea49..9d16e673b 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ if authselect list-features sssd | grep -q with-pwhistory; then
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
+index e5af75fdc..6bb8994e3 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = none
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
+index 6f8fba5a6..ef54c0fd1 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ if authselect list-features sssd | grep -q with-pwhistory; then
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh
+index e25a158f7..dcd7e77b1 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=3
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_pam.fail.sh
+index 253d50de1..6665b7b06 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=3
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_conflict_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_conflict_settings.fail.sh
+index a18fa3d6c..41fe931e0 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_conflict_settings.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_conflict_settings.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=5
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_conf.pass.sh
+index bc6d5ab7f..c3c002885 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=5
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_pam.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_pam.pass.sh
+index dd12efbc1..349a46b94 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_pam.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value_pam.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=5
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh
+index 8ca16e11a..9a40ceb9a 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_remember=5
+ 
+ if authselect list-features sssd | grep -q with-pwhistory; then
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh
+index bc3c429f1..c5e1ccddd 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_remember=5
+ 
+ if authselect list-features sssd | grep -q with-pwhistory; then
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh
+index 02d30f17a..0463e6008 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = none
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_correct.pass.sh
+index 7f6215029..5088ca82d 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_correct.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_correct.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_remember=5
+ 
+ remember_cnt=5
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_wrong.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_wrong.fail.sh
+index dc53f50b0..c3eba833b 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_wrong.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_wrong.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_remember=5
+ 
+ remember_cnt=3
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_conf.fail.sh
+index e25a158f7..dcd7e77b1 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=3
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_pam.fail.sh
+index 253d50de1..6665b7b06 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
+ 
+ remember_cnt=3
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/ansible/shared.yml
+index 1eab1f8c4..f29521f1b 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/bash/shared.sh
+index 021a400c0..09b9d3918 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+ 
+ {{{ bash_pam_faillock_enable() }}}
+ {{{ bash_pam_faillock_parameter_value("audit", authfail=False)}}}
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml
+index a25e3c01a..0beff3a62 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/rule.yml
+@@ -20,7 +20,7 @@ references:
+     nist: AC-7 (a)
+     srg: SRG-OS-000021-GPOS-00005
+     stigid@ol8: OL08-00-020020,OL08-00-020021
+-    stigid@rhel8: RHEL-08-020021
++    stigid@almalinux8: RHEL-08-020021
+     stigid@ubuntu2004: UBTU-20-010072
+     stigid@ubuntu2204: UBTU-22-411045
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
+index d805aa018..d188e828a 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/conflicting_settings_authselect.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh
+index e1eb0a970..79ba23b4a 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh
+index c35696fee..f9615fcef 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/expected_pam_files.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh
+index 5bbbc464e..15a644bba 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_audit/tests/missing_parameter.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ 
+ source common.sh
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
+index f18c0a14f..6861469b3 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
+@@ -49,7 +49,7 @@ references:
+     srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005
+     stigid@ol7: OL07-00-010320
+     stigid@ol8: OL08-00-020010,OL08-00-020011
+-    stigid@rhel8: RHEL-08-020011
++    stigid@almalinux8: RHEL-08-020011
+     stigid@ubuntu2004: UBTU-20-010072
+     stigid@ubuntu2204: UBTU-22-411045
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
+index b3232cc93..ec32d65f7 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = none
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh
+index 24f5731f6..c118c9be0 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ pam_files=("password-auth" "system-auth")
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
+index aa3ca061d..6d383b228 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh
+index 67c1b593b..74bb77abe 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # packages = authselect
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
+index e770e300f..ceffa12a0 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+ authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
+index fd57152b8..0ee33185e 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+ authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+index efb57601c..4127e7265 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
+index e3ec96da0..56c6b75f3 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # packages = authselect
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
+index 595b85192..392d025a0 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+ authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml
+index 2a6868f38..70448df97 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh
+index 09d8aeee0..72b3aeacb 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ 
+ {{{ bash_pam_faillock_enable() }}}
+ {{{ bash_pam_faillock_parameter_value("even_deny_root", "") }}}
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
+index 002a81b2f..3e374d471 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
+@@ -39,7 +39,7 @@ references:
+     srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005
+     stigid@ol7: OL07-00-010330
+     stigid@ol8: OL08-00-020022,OL08-00-020023
+-    stigid@rhel8: RHEL-08-020023
++    stigid@almalinux8: RHEL-08-020023
+ 
+ {{% if product == "rhel8" %}}
+ platform: os_linux[rhel]>=8.2
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh
+index b3232cc93..ec32d65f7 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = none
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
+index d39d1ae31..431ef19ad 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ pam_files=("password-auth" "system-auth")
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh
+index 476c4e77e..2152306fe 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # remediation = none
+ 
+ authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh
+index 87bca6919..f2957144e 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ 
+ authselect select sssd --force
+ authselect enable-feature with-faillock
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+index 7c702d669..06c0d31e2 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # remediation = none
+ 
+ authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml
+index 586a32611..98880bb53 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml
+@@ -34,7 +34,7 @@ references:
+     nist: AC-7(b),AC-7(a),AC-7.1(ii)
+     srg: SRG-OS-000021-GPOS-00005,SRG-OS-000329-GPOS-00128
+     stigid@ol8: OL08-00-020016,OL08-00-020017
+-    stigid@rhel8: RHEL-08-020016,RHEL-08-020017
++    stigid@almalinux8: RHEL-08-020016,RHEL-08-020017
+ 
+ ocil_clause: 'the "dir" option is not set to a non-default documented tally log directory, is missing or commented out'
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/conflicting_settings_authselect.fail.sh
+index 679e47bcc..4f798d486 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/conflicting_settings_authselect.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/conflicting_settings_authselect.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/expected_faillock_conf.pass.sh
+index 6bb763cf5..9562ea10f 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/expected_faillock_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/expected_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/wrong_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/wrong_faillock_conf.fail.sh
+index 2f08a7d47..19ae579cf 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/wrong_faillock_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/tests/wrong_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml
+index fd8e44443..9240e6cf3 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh
+index e9c09b713..9fc45f3d1 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ {{{ bash_pam_faillock_enable() }}}
+ {{{ bash_pam_faillock_parameter_value("local_users_only", "") }}}
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh
+index 856bd56ea..71194a32f 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ 
+ authselect select sssd --force
+ authselect disable-feature with-faillock
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh
+index 075791de6..1ccb03dbd 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ 
+ authselect select sssd --force
+ authselect enable-feature with-faillock
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+index 978cccce6..8cc6c0b53 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # remediation = none
+ 
+ authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh
+index 053f91100..04f362717 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # remediation = none
+ 
+ # This test scenario manually modify the pam_faillock.so entries in auth section from
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
+index bea8688ac..c51ab4edf 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
+@@ -45,7 +45,7 @@ references:
+     srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005
+     stigid@ol7: OL07-00-010320
+     stigid@ol8: OL08-00-020012,OL08-00-020013
+-    stigid@rhel8: RHEL-08-020012,RHEL-08-020013
++    stigid@almalinux8: RHEL-08-020012,RHEL-08-020013
+     stigid@ubuntu2004: UBTU-20-010072
+     stigid@ubuntu2204: UBTU-22-411045
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh
+index b3232cc93..ec32d65f7 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = none
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh
+index 9a553893c..239179515 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ pam_files=("password-auth" "system-auth")
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh
+index 0b67e0e02..f4ab6a731 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_fail_interval=900
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh
+index 9d4320fbb..4cf206854 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # packages = authselect
+ # variables = var_accounts_passwords_pam_faillock_fail_interval=900
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh
+index 82bf9fa75..5ab933ad8 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_fail_interval=900
+ 
+ authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh
+index 74236e2fb..6341829be 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_fail_interval=900
+ 
+ authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+index ef2461160..c47470ab4 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_fail_interval=900
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh
+index 30e044729..bb60fb3ed 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # packages = authselect
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_fail_interval=900
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh
+index c71a12afe..6dd3f50d6 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_fail_interval=900
+ 
+ authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/rule.yml
+index 71ca92bfa..4e6b05a6f 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/rule.yml
+@@ -29,7 +29,7 @@ references:
+     disa: CCI-002238,CCI-000044
+     srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005
+     stigid@ol8: OL08-00-020018,OL08-00-020019
+-    stigid@rhel8: RHEL-08-020018,RHEL-08-020019
++    stigid@almalinux8: RHEL-08-020018,RHEL-08-020019
+     stigid@ubuntu2004: UBTU-20-010072
+     stigid@ubuntu2204: UBTU-22-411045
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_faillock_conf.pass.sh
+index fdd0c4c06..ec8195db8 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_faillock_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_pam_files.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_pam_files.pass.sh
+index ebabc6518..b02f953cc 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_pam_files.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/expected_pam_files.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter.fail.sh
+index a10547339..c01c35a48 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ 
+ source common.sh
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_password_auth.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_password_auth.fail.sh
+index f73c751f5..146acc847 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_password_auth.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_password_auth.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_system_auth.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_system_auth.fail.sh
+index 514b2bb37..79374ea78 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_system_auth.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_silent/tests/missing_parameter_system_auth.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
+index e52bd8b76..517b16e01 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
+@@ -50,7 +50,7 @@ references:
+     srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005
+     stigid@ol7: OL07-00-010320
+     stigid@ol8: OL08-00-020014,OL08-00-020015
+-    stigid@rhel8: RHEL-08-020014,RHEL-08-020015
++    stigid@almalinux8: RHEL-08-020014,RHEL-08-020015
+     stigid@ubuntu2004: UBTU-20-010072
+     stigid@ubuntu2204: UBTU-22-411045
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh
+index b3232cc93..ec32d65f7 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = none
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh
+index d547b0e35..925fc0dbe 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ pam_files=("password-auth" "system-auth")
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh
+index 057348eb4..0b2000ba3 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_unlock_time=600
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh
+index bfcc7d4a4..da0f4a90e 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # packages = authselect
+ # variables = var_accounts_passwords_pam_faillock_unlock_time=600
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh
+index 1840cae45..953ba3353 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_unlock_time=600
+ 
+ authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh
+index 838ab7c53..4f717ef5a 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_unlock_time=600
+ 
+ authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+index b7b1532bb..5b8279841 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_unlock_time=600
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh
+index eff1bd32c..f6307511b 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # packages = authselect
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_unlock_time=600
+diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh
+index a57645eb1..a7e7b8e9c 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_unlock_time=600
+ 
+ authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
+index 567144b30..b7a49ab06 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
+@@ -48,7 +48,7 @@ references:
+     srg: SRG-OS-000071-GPOS-00039
+     stigid@ol7: OL07-00-010140
+     stigid@ol8: OL08-00-020130
+-    stigid@rhel8: RHEL-08-020130
++    stigid@almalinux8: RHEL-08-020130
+     stigid@ubuntu2004: UBTU-20-010052
+     stigid@ubuntu2204: UBTU-22-611020
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
+index c4c55f3e1..5a6e73f66 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
+@@ -30,7 +30,7 @@ references:
+     nist: IA-5(c),IA-5(1)(a),CM-6(a),IA-5(4)
+     srg: SRG-OS-000480-GPOS-00225,SRG-OS-000072-GPOS-00040
+     stigid@ol8: OL08-00-020300
+-    stigid@rhel8: RHEL-08-020300
++    stigid@almalinux8: RHEL-08-020300
+     stigid@ubuntu2004: UBTU-20-010056
+     stigid@ubuntu2204: UBTU-22-611030
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
+index b63e93fc0..371477acc 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
+@@ -46,7 +46,7 @@ references:
+     srg: SRG-OS-000072-GPOS-00040
+     stigid@ol7: OL07-00-010160
+     stigid@ol8: OL08-00-020170
+-    stigid@rhel8: RHEL-08-020170
++    stigid@almalinux8: RHEL-08-020170
+     stigid@ubuntu2004: UBTU-20-010053
+     stigid@ubuntu2204: UBTU-22-611040
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
+index 0c3e42332..ab86031c9 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
+@@ -48,7 +48,7 @@ references:
+     srg: SRG-OS-000070-GPOS-00038
+     stigid@ol7: OL07-00-010130
+     stigid@ol8: OL08-00-020120
+-    stigid@rhel8: RHEL-08-020120
++    stigid@almalinux8: RHEL-08-020120
+     stigid@ubuntu2004: UBTU-20-010051
+     stigid@ubuntu2204: UBTU-22-611015
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
+index b8eed2243..e246512fb 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
+@@ -38,7 +38,7 @@ references:
+     srg: SRG-OS-000072-GPOS-00040,SRG-OS-000730-GPOS-00190
+     stigid@ol7: OL07-00-010190
+     stigid@ol8: OL08-00-020140
+-    stigid@rhel8: RHEL-08-020140
++    stigid@almalinux8: RHEL-08-020140
+ 
+ ocil_clause: the value of "maxclassrepeat" is set to "0", more than "{{{ xccdf_value("var_password_pam_maxclassrepeat") }}}" or is commented out
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml
+index 2e3c33f22..7742a233c 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml
+@@ -40,7 +40,7 @@ references:
+     srg: SRG-OS-000072-GPOS-00040
+     stigid@ol7: OL07-00-010180
+     stigid@ol8: OL08-00-020150
+-    stigid@rhel8: RHEL-08-020150
++    stigid@almalinux8: RHEL-08-020150
+ 
+ ocil_clause: the value of "maxrepeat" is set to more than "{{{ xccdf_value("var_password_pam_maxrepeat") }}}" or is commented out
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
+index 4905d163d..46efc5f68 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
+@@ -55,7 +55,7 @@ references:
+     srg: SRG-OS-000072-GPOS-00040
+     stigid@ol7: OL07-00-010170
+     stigid@ol8: OL08-00-020160
+-    stigid@rhel8: RHEL-08-020160
++    stigid@almalinux8: RHEL-08-020160
+ 
+ ocil_clause: the value of "minclass" is set to less than "{{{ xccdf_value("var_password_pam_minclass") }}}" or is commented out
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
+index 3d4440cda..8bb8c77e6 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
+@@ -48,7 +48,7 @@ references:
+     srg: SRG-OS-000078-GPOS-00046
+     stigid@ol7: OL07-00-010280
+     stigid@ol8: OL08-00-020230
+-    stigid@rhel8: RHEL-08-020230
++    stigid@almalinux8: RHEL-08-020230
+     stigid@ubuntu2004: UBTU-20-010054
+     stigid@ubuntu2204: UBTU-22-611035
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
+index 84ee603a8..813faf411 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
+@@ -49,7 +49,7 @@ references:
+     srg: SRG-OS-000266-GPOS-00101
+     stigid@ol7: OL07-00-010150
+     stigid@ol8: OL08-00-020280
+-    stigid@rhel8: RHEL-08-020280
++    stigid@almalinux8: RHEL-08-020280
+     stigid@ubuntu2004: UBTU-20-010055
+     stigid@ubuntu2204: UBTU-22-611025
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml
+index 06f7962fd..dc6eea20d 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh
+index a55859203..377efc82e 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh
+@@ -1,3 +1,3 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ 
+ {{{ bash_ensure_pam_module_configuration('/etc/pam.d/password-auth', 'password', 'requisite', 'pam_pwquality.so', '', '', '^account.*required.*pam_permit\.so') }}}
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
+index 482760bcc..996b89192 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
+@@ -24,7 +24,7 @@ references:
+     disa: CCI-004066
+     srg: SRG-OS-000069-GPOS-00037,SRG-OS-000070-GPOS-00038,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-020100
+-    stigid@rhel8: RHEL-08-020100
++    stigid@almalinux8: RHEL-08-020100
+ 
+ ocil_clause: 'pam_pwquality.so is not enabled in password-auth'
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh
+index 81d2955d3..8c9b1d1f2 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ 
+ authselect create-profile hardening -b sssd
+ CUSTOM_PROFILE="custom/hardening"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh
+index 4bb7a4872..f73dd8b0f 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ 
+ authselect create-profile hardening -b sssd
+ CUSTOM_PROFILE="custom/hardening"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh
+index 32ce46407..168ca249a 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ 
+ authselect create-profile hardening -b sssd
+ CUSTOM_PROFILE="custom/hardening"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh
+index 0f9b75cec..75ac241d9 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = none
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/password-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh
+index 61c28f2d6..30166c800 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ 
+ authselect create-profile hardening -b sssd
+ CUSTOM_PROFILE="custom/hardening"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml
+index 90484d66f..81664de52 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh
+index 4ea10f4c4..6c1de4e4c 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh
+@@ -1,3 +1,3 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ 
+ {{{ bash_ensure_pam_module_configuration('/etc/pam.d/system-auth', 'password', 'requisite', 'pam_pwquality.so', '', '', '^account.*required.*pam_permit\.so') }}}
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
+index ce5973eaf..40ff808eb 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
+@@ -24,7 +24,7 @@ references:
+     disa: CCI-000366
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-020101
+-    stigid@rhel8: RHEL-08-020101
++    stigid@almalinux8: RHEL-08-020101
+ 
+ ocil_clause: 'pam_pwquality.so is not enabled in system-auth'
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh
+index f68622be4..c8e13631a 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ 
+ authselect create-profile hardening -b sssd
+ CUSTOM_PROFILE="custom/hardening"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh
+index 0de6065a2..57e6c8bdb 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ 
+ authselect create-profile hardening -b sssd
+ CUSTOM_PROFILE="custom/hardening"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh
+index 03a4ef295..31b622c66 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ 
+ authselect create-profile hardening -b sssd
+ CUSTOM_PROFILE="custom/hardening"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh
+index ae0ed105d..cc1f3ca20 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = none
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh
+index 60ebfdeba..2b9d40cf6 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ 
+ authselect create-profile hardening -b sssd
+ CUSTOM_PROFILE="custom/hardening"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml
+index 25a0da980..bf2a98da4 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
+index 6e25f2948..716c7d6cf 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
+@@ -47,7 +47,7 @@ references:
+     srg: SRG-OS-000069-GPOS-00037,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-010119
+     stigid@ol8: OL08-00-020102,OL08-00-020103,OL08-00-020104
+-    stigid@rhel8: RHEL-08-020104
++    stigid@almalinux8: RHEL-08-020104
+     stigid@ubuntu2004: UBTU-20-010057
+     stigid@ubuntu2204: UBTU-22-611045
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/argument_missing.fail.sh
+index 03723cd8c..1df4f1d61 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/argument_missing.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/argument_missing.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # variables = var_password_pam_retry=3
+ 
+ source common.sh
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
+index 19cac93f4..4a5b1142b 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # variables = var_password_pam_retry=3
+ 
+ source common.sh
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh
+index ae605f717..db875782d 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # variables = var_password_pam_retry=3
+ 
+ source common.sh
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh
+index ce7f4b7a3..0aeb8535b 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct_with_space.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # variables = var_password_pam_retry=3
+ 
+ source common.sh
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh
+index 962112d6a..f0db47d5e 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_overriden.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # variables = var_password_pam_retry=3
+ 
+ source common.sh
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh
+index ea2eb57fe..033bbbceb 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # variables = var_password_pam_retry=3
+ 
+ source common.sh
+diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
+index fa55c67d0..aa1626c3c 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
+@@ -45,7 +45,7 @@ references:
+     srg: SRG-OS-000069-GPOS-00037,SRG-OS-000070-GPOS-00038
+     stigid@ol7: OL07-00-010120
+     stigid@ol8: OL08-00-020110
+-    stigid@rhel8: RHEL-08-020110
++    stigid@almalinux8: RHEL-08-020110
+     stigid@ubuntu2004: UBTU-20-010050
+     stigid@ubuntu2204: UBTU-22-611010
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
+index 662c3641e..4baf0adaa 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh
+index f6b461789..fb6d88e37 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ 
+ {{{ bash_instantiate_variables("var_password_hashing_algorithm_pam") }}}
+ LIBUSER_CONF="/etc/libuser.conf"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
+index e0b6d68db..5ec6c69bb 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
+index fc5064a28..3f367461f 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
+@@ -44,7 +44,7 @@ references:
+     srg: SRG-OS-000073-GPOS-00041
+     stigid@ol7: OL07-00-010210
+     stigid@ol8: OL08-00-010110
+-    stigid@rhel8: RHEL-08-010110
++    stigid@almalinux8: RHEL-08-010110
+     stigid@sle12: SLES-12-010210
+     stigid@sle15: SLES-15-010260
+     stigid@ubuntu2004: UBTU-20-010404
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml
+index 9fffb6188..bd6f532b7 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh
+index 3b4602f2c..89cf6b6c5 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
+ 
+ {{{ bash_instantiate_variables("var_password_hashing_algorithm_pam") }}}
+ PAM_FILE_PATH="/etc/pam.d/password-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
+index 13da3921f..a3f780057 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
+@@ -50,7 +50,7 @@ references:
+     srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
+     stigid@ol7: OL07-00-010200
+     stigid@ol8: OL08-00-010160
+-    stigid@rhel8: RHEL-08-010160
++    stigid@almalinux8: RHEL-08-010160
+ 
+ ocil_clause: 'it does not'
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
+index abcdf02f5..213909b8d 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_incorrect_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_incorrect_option.fail.sh
+index 1572f0d9b..88bc3e44d 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_incorrect_option.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_incorrect_option.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh
+index 463b78e55..58d5e3524 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh
+index a36ff143d..c41476b3d 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ # remediation = none
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_multiple_options.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_multiple_options.fail.sh
+index b874f33d6..d0c5d75a5 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_multiple_options.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_multiple_options.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh
+index 98aff168e..ce8da6ac3 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
+index eb1843292..a7c95046e 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
+@@ -65,7 +65,7 @@ references:
+     srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
+     stigid@ol7: OL07-00-010200
+     stigid@ol8: OL08-00-010159
+-    stigid@rhel8: RHEL-08-010159
++    stigid@almalinux8: RHEL-08-010159
+     stigid@sle12: SLES-12-010230
+     stigid@sle15: SLES-15-020170
+     stigid@ubuntu2204: UBTU-22-611055
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
+index a665b3b10..dc11875da 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_incorrect_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_incorrect_option.fail.sh
+index c498e86dd..912618a8d 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_incorrect_option.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_incorrect_option.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh
+index 3653f7912..e6dd9f4c0 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh
+index 11ed319f1..26222d810 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ # remediation = none
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_multiple_options.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_multiple_options.fail.sh
+index e41950217..429ee6246 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_multiple_options.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_multiple_options.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh
+index d0413404b..3ec30f45b 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
+index 556bee4c1..8a5f82244 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
+@@ -36,7 +36,7 @@ references:
+     nist@sle12: IA-5(1)(c),IA-5(1).1(v),IA-7,IA-7.1
+     srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
+     stigid@ol8: OL08-00-010130
+-    stigid@rhel8: RHEL-08-010130
++    stigid@almalinux8: RHEL-08-010130
+     stigid@sle12: SLES-12-010240
+     stigid@sle15: SLES-15-020190
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml
+index 3045574e5..7ce6bb466 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
+index 7e9a58560..6cdeb9586 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
+@@ -71,7 +71,7 @@ references:
+     ospp: FAU_GEN.1.2
+     srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040172
+-    stigid@rhel8: RHEL-08-040172
++    stigid@almalinux8: RHEL-08-040172
+     stigid@sle15: SLES-15-040062
+     stigid@ubuntu2004: UBTU-20-010460
+     stigid@ubuntu2204: UBTU-22-211015
+diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml
+index 517c83c6e..041e9a29c 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
+index ae3a3ab28..1449c55de 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
+@@ -76,7 +76,7 @@ references:
+     srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020230
+     stigid@ol8: OL08-00-040170
+-    stigid@rhel8: RHEL-08-040170
++    stigid@almalinux8: RHEL-08-040170
+     stigid@sle12: SLES-12-010610
+     stigid@sle15: SLES-15-040060
+     stigid@ubuntu2004: UBTU-20-010460
+diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
+index f8c47e96a..d0aaabaf7 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
+ 
+ systemctl disable --now ctrl-alt-del.target
+ systemctl mask --now ctrl-alt-del.target
+diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
+index 41eed9737..992dc2304 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
+ 
+ systemctl unmask ctrl-alt-del.target
+diff --git a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml
+index 6dc5eae7e..fbf4edf7b 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml
+@@ -42,7 +42,7 @@ references:
+     pcidss: Req-8.1.8
+     srg: SRG-OS-000163-GPOS-00072
+     stigid@ol8: OL08-00-020035
+-    stigid@rhel8: RHEL-08-020035
++    stigid@almalinux8: RHEL-08-020035
+ 
+ ocil_clause: "the option is not configured"
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
+index 1517b25f8..096e09800 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
+@@ -42,7 +42,7 @@ references:
+     srg: SRG-OS-000080-GPOS-00048
+     stigid@ol7: OL07-00-010481
+     stigid@ol8: OL08-00-010152
+-    stigid@rhel8: RHEL-08-010152
++    stigid@almalinux8: RHEL-08-010152
+ 
+ ocil_clause: 'the output is different'
+ 
+@@ -50,7 +50,7 @@ ocil: |-
+     To check if authentication is required for emergency mode, run the following command:
+     
$ grep sulogin /usr/lib/systemd/system/emergency.service

+     The output should be similar to the following, and the line must begin with
+-    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
++    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
+         ExecStart and /usr/lib/systemd/systemd-sulogin-shell.
+         
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency

+     {{%- else -%}}
+@@ -78,7 +78,7 @@ fixtext: |-
+     Configure {{{ full_name }}} to require authentication for system emergency mode.
+ 
+     Add or edit the following line in "/usr/lib/systemd/system/emergency.service":
+-    {{% if product in ["fedora", "ol8", "ol9", "kylinserver10", "openeuler2203", "rhel8", "rhel9", "sle12", "sle15"] -%}}
++    {{% if product in ["fedora", "ol8", "ol9", "kylinserver10", "openeuler2203", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
+     ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
+     {{%- else -%}}
+     ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"
+diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh
+index bce932b72..e446c7836 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ 
+ service_file="/usr/lib/systemd/system/emergency.service"
+ sulogin="/usr/lib/systemd/systemd-sulogin-shell"
+diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh
+index 73d2f3ad0..d5c7db6ab 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ rm -f /etc/systemd/system/emergency.service
+ mkdir -p /etc/systemd/system/emergency.service.d/
+ cat << EOF > /etc/systemd/system/emergency.service.d/10-automatus.conf
+diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
+index d9fdc678f..a4f6ea6a9 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ service_file="/usr/lib/systemd/system/emergency.service"
+ sulogin="/bin/bash"
+diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
+index 4545cf49f..520cd2af5 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ rm -f /etc/systemd/system/emergency.service
+ mkdir -p /etc/systemd/system/emergency.service.d/
+ cat << EOF > /etc/systemd/system/emergency.service.d/10-oscap.conf
+diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
+index 90c48074e..8a677d311 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
+@@ -45,7 +45,7 @@ references:
+     srg: SRG-OS-000080-GPOS-00048
+     stigid@ol7: OL07-00-010481
+     stigid@ol8: OL08-00-010151
+-    stigid@rhel8: RHEL-08-010151
++    stigid@almalinux8: RHEL-08-010151
+ 
+ ocil_clause: 'the output is different'
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh
+index 3cf97a457..7f9b4043f 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ rm -rf /etc/systemd/system/rescue.service.d
+ mkdir -p /etc/systemd/system/rescue.service.d
+ cat << EOF > /etc/systemd/system/rescue.service.d/10-automatus.conf
+diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh
+index 0bb3ce9ff..d9865e063 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ rm -rf /etc/systemd/system/rescue.service.d
+ mkdir -p /etc/systemd/system/rescue.service.d
+ cat << EOF > /etc/systemd/system/rescue.service.d/10-automatus.conf
+diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
+index 63b9b08b5..15abe6cec 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ service_file="/usr/lib/systemd/system/rescue.service"
+ sulogin="/bin/bash"
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
+index 75395cf61..1dcee69f3 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml
+index f47326940..42d591752 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml
+index dc63eb653..dc6931307 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh
+index ddfb97fa4..5213cdee6 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ echo 'set -g lock-command vlock' >> '/etc/tmux.conf'
+ chmod 0644 "/etc/tmux.conf"
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh
+index 38bf0f874..696a2bba2 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ echo > '/etc/tmux.conf'
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh
+index 5c630fa9e..6aebf9f3d 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ echo '# set -g lock-command vlock' >> '/etc/tmux.conf'
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_permissions.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_permissions.fail.sh
+index ec984bb94..8d4f4eb93 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_permissions.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_permissions.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ echo 'set -g lock-command vlock' >> '/etc/tmux.conf'
+ chmod 0600 "/etc/tmux.conf"
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh
+index acd297d55..d8dc1cd00 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ echo 'set -g lock-command locker' >> '/etc/tmux.conf'
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh
+index 0b31379f0..778d63d74 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ 
+ echo 'bind W lock-session' >> '/etc/tmux.conf'
+ chmod 0644 "/etc/tmux.conf"
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh
+index e38203195..55a8aff57 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # packages = tmux
+ 
+ echo 'bind X lock-session' >> '/etc/tmux.conf'
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh
+index 45458b6f2..87e6ded51 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # packages = tmux
+ 
+ echo > '/etc/tmux.conf'
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh
+index 93ed8cbf4..bff755146 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # packages = tmux
+ 
+ echo '# bind X lock-session' >> '/etc/tmux.conf'
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh
+index da006625e..8e02e36e8 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_fedora
++# platform = Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # packages = tmux
+ 
+ echo 'bind X lock-session' >> '/etc/tmux.conf'
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml
+index 6b2d6cd5e..c20712c9f 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml
+index 1a9d35f69..9a5753d98 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
+index 7f094490a..01acc6117 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
+@@ -55,7 +55,7 @@ references:
+     srg: SRG-OS-000105-GPOS-00052,SRG-OS-000375-GPOS-00160,SRG-OS-000375-GPOS-00161,SRG-OS-000377-GPOS-00162
+     stigid@ol7: OL07-00-041001
+     stigid@ol8: OL08-00-010390
+-    stigid@rhel8: RHEL-08-010390
++    stigid@almalinux8: RHEL-08-010390
+     stigid@sle12: SLES-12-030500
+     stigid@sle15: SLES-15-010460
+     stigid@ubuntu2004: UBTU-20-010063
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
+index 7ee9a73fd..ae05d045b 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
+@@ -35,7 +35,7 @@ references:
+     nist: CM-6(a)
+     srg: SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161
+     stigid@ol8: OL08-00-010410
+-    stigid@rhel8: RHEL-08-010410
++    stigid@almalinux8: RHEL-08-010410
+     stigid@ubuntu2004: UBTU-20-010064
+     stigid@ubuntu2204: UBTU-22-612015
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
+index 08b89bf8f..cea27ab4d 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_rhel
++# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh
+index 2efee65ed..6521bf37c 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
+ 
+ {{{ bash_package_install("pam_pkcs11") }}}
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
+index c2afecc19..652fbedb7 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ubuntu,multi_platform_rhel
++# platform = multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
+ # packages = openssl-pkcs11
+ 
+ if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh
+index d7103cc0a..68c252f78 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # packages = openssl-pkcs11
+ 
+ if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh
+index c0cc3c94f..6db041b04 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # packages = openssl-pkcs11
+ 
+ if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then
+diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
+index ee3d8e635..d4a3a520e 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
+@@ -36,7 +36,7 @@ references:
+     ospp: FIA_UAU.1
+     srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040180
+-    stigid@rhel8: RHEL-08-040180
++    stigid@almalinux8: RHEL-08-040180
+ 
+ ocil_clause: |-
+     {{{ ocil_clause_service_disabled(service="debug-shell") }}}
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
+index 84f13bfea..709b9e923 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
+index 77aa71dd9..b3bfff528 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
+ 
+ {{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}}
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
+index 3cbd74e9b..d37ae427e 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
+@@ -52,7 +52,7 @@ references:
+     srg: SRG-OS-000118-GPOS-00060
+     stigid@ol7: OL07-00-010310
+     stigid@ol8: OL08-00-020260
+-    stigid@rhel8: RHEL-08-020260
++    stigid@almalinux8: RHEL-08-020260
+     stigid@sle12: SLES-12-010340
+     stigid@sle15: SLES-15-020050
+     stigid@ubuntu2004: UBTU-20-010409
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
+index 96ae3e33c..6b1558013 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
+@@ -45,7 +45,7 @@ references:
+     srg: SRG-OS-000123-GPOS-00064,SRG-OS-000002-GPOS-00002
+     stigid@ol7: OL07-00-010271
+     stigid@ol8: OL08-00-020000,OL08-00-020270
+-    stigid@rhel8: RHEL-08-020000,RHEL-08-020270
++    stigid@almalinux8: RHEL-08-020000,RHEL-08-020270
+     stigid@sle12: SLES-12-010331
+     stigid@sle15: SLES-15-020061
+     stigid@ubuntu2004: UBTU-20-010000
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
+index e22349631..65f1921fc 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
+@@ -27,7 +27,7 @@ references:
+     pcidss: Req-8.1.1
+     srg: SRG-OS-000104-GPOS-00051,SRG-OS-000121-GPOS-00062
+     stigid@ol8: OL08-00-020240
+-    stigid@rhel8: RHEL-08-020240
++    stigid@almalinux8: RHEL-08-020240
+     stigid@sle12: SLES-12-010640
+     stigid@sle15: SLES-15-010230
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
+index de8bfee0f..08390822e 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
+@@ -38,7 +38,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020270
+     stigid@ol8: OL08-00-020320
+-    stigid@rhel8: RHEL-08-020320
++    stigid@almalinux8: RHEL-08-020320
+     stigid@sle12: SLES-12-010630
+     stigid@sle15: SLES-15-020090
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh
+index aa147fdce..bb8288f5b 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh
+@@ -1,5 +1,5 @@
+ #! /bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # variables = var_accounts_authorized_local_users_regex=^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$
+ 
+ var_accounts_authorized_local_users_regex="^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$"
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
+index c4c2f7ba0..e03ccee7a 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
+index 4fd6b372e..04ec89cdc 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
+@@ -52,7 +52,7 @@ references:
+     srg: SRG-OS-000076-GPOS-00044
+     stigid@ol7: OL07-00-010250
+     stigid@ol8: OL08-00-020200
+-    stigid@rhel8: RHEL-08-020200
++    stigid@almalinux8: RHEL-08-020200
+     stigid@sle12: SLES-12-010280
+     stigid@sle15: SLES-15-020220
+     stigid@ubuntu2004: UBTU-20-010008
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
+index 6e22e90d7..bfd7508ad 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
+index 84fd51d36..b441ebabd 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
+@@ -51,7 +51,7 @@ references:
+     srg: SRG-OS-000075-GPOS-00043
+     stigid@ol7: OL07-00-010230
+     stigid@ol8: OL08-00-020190
+-    stigid@rhel8: RHEL-08-020190
++    stigid@almalinux8: RHEL-08-020190
+     stigid@sle12: SLES-12-010260
+     stigid@sle15: SLES-15-020200
+     stigid@ubuntu2004: UBTU-20-010007
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml
+index b04d7cdb8..0d5a5831e 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh
+index dcc5de3f1..268aafbab 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ 
+ {{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}}
+ {{{ bash_replace_or_append('/etc/login.defs', '^PASS_MIN_LEN', "$var_accounts_password_minlen_login_defs", '%s %s') }}}
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml
+index 2abaa2581..71f3d6a22 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml
+@@ -46,7 +46,7 @@ references:
+     nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
+     srg: SRG-OS-000078-GPOS-00046
+     stigid@ol8: OL08-00-020231
+-    stigid@rhel8: RHEL-08-020231
++    stigid@almalinux8: RHEL-08-020231
+ 
+ ocil_clause: 'it is not set to the required value'
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh
+index cb388dd9b..58223531f 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh
+@@ -1,7 +1,7 @@
+ #!/bin/bash
+ #
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ if grep -q "^PASS_MIN_LEN" /etc/login.defs; then
+ 	sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 10/" /etc/login.defs
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh
+index 7aaac8c68..1f1c11f06 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh
+@@ -1,7 +1,7 @@
+ #!/bin/bash
+ #
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ if grep -q "^PASS_MIN_LEN" /etc/login.defs; then
+ 	sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 12/" /etc/login.defs
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh
+index 89ab4795b..d7b8f29f4 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh
+@@ -1,7 +1,7 @@
+ #!/bin/bash
+ #
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ if grep -q "^PASS_MIN_LEN" /etc/login.defs; then
+ 	sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 15/" /etc/login.defs
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh
+index 00649b0bf..6d8d8f7d4 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ #
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ sed -i "s/.*PASS_MIN_LEN.*/#PASS_MIN_LEN 12/" /etc/login.defs
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh
+index 3772aee13..4dfc4668b 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ #
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ sed -i "/^PASS_MIN_LEN.*/d" /etc/login.defs
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
+index 18974ea6c..d72de8a97 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ol
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
+index 7d6bc11f9..0a8561b81 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
+index 70b804ce8..85fc554e8 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
+@@ -35,7 +35,7 @@ references:
+     srg: SRG-OS-000076-GPOS-00044
+     stigid@ol7: OL07-00-010260
+     stigid@ol8: OL08-00-020210
+-    stigid@rhel8: RHEL-08-020210
++    stigid@almalinux8: RHEL-08-020210
+     stigid@sle12: SLES-12-010290
+     stigid@sle15: SLES-15-020230
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml
+index ebcb5ac04..674369a42 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh
+index 7bdb759f6..dd157f1e3 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_debian
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
+index 43567e343..53e3edb44 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
+@@ -36,7 +36,7 @@ references:
+     srg: SRG-OS-000075-GPOS-00043
+     stigid@ol7: OL07-00-010240
+     stigid@ol8: OL08-00-020180
+-    stigid@rhel8: RHEL-08-020180
++    stigid@almalinux8: RHEL-08-020180
+     stigid@sle12: SLES-12-010270
+     stigid@sle15: SLES-15-020210
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
+index 4994ff315..e8469b8e9 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
+index b3ce8eb55..351a32e8a 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
+@@ -39,7 +39,7 @@ references:
+     nist: IA-5(1)(c),IA-5(1).1(v),IA-7,IA-7.1
+     srg:  SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
+     stigid@ol8: OL08-00-010120
+-    stigid@rhel8: RHEL-08-010120
++    stigid@almalinux8: RHEL-08-010120
+     stigid@sle12: SLES-12-010220
+     stigid@sle15: SLES-15-020180
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml
+index 82110016d..2a73ed386 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
+index 7374c21e8..0a9f303d4 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+ 
+ {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}}
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh
+index 3e24ba16a..f3030f2af 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_rounds=65536
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh
+index 39690d88d..f85baccad 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_rounds=65536
+ 
+ ROUNDS=65536
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_default_rounds.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_default_rounds.fail.sh
+index eabb4af89..ea5d0b359 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_default_rounds.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_default_rounds.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_rounds=5000
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh
+index 9c99fc307..582d69dd0 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = none
+ # variables = var_password_pam_unix_rounds=65536
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh
+index dc8b11e2d..776921f27 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_rounds=65536
+ 
+ ROUNDS=65536
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh
+index 96bcc3e23..0e90d7d60 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_rounds=65536
+ 
+ ROUNDS=4000
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml
+index c0b520bdf..70ab14cba 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh
+index 8316e495a..bf8a4c240 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ 
+ {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}}
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh
+index 3da866412..de98db38a 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_rounds=65536
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh
+index 67a052f98..7bcaa94f0 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_rounds=65536
+ 
+ ROUNDS=65536
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_default_rounds.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_default_rounds.fail.sh
+index 1bbd39228..946aaacef 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_default_rounds.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_default_rounds.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_rounds=5000
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh
+index 3e62935b5..9c2631a46 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = none
+ # variables = var_password_pam_unix_rounds=65536
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh
+index 85bbbdb7f..2a9b3947b 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_rounds=65536
+ 
+ ROUNDS=65536
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh
+index 244799045..be78a8508 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # variables = var_password_pam_unix_rounds=65536
+ 
+ ROUNDS=4000
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
+index 117a42585..b41d01a89 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
+index 889998309..05177f1a1 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml
+index ad3133b1f..eac1b843a 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
+index a4f085ec0..96b1dc896 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
+@@ -53,7 +53,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-010290
+     stigid@ol8: OL08-00-020331,OL08-00-020332
+-    stigid@rhel8: RHEL-08-020331,RHEL-08-020332
++    stigid@almalinux8: RHEL-08-020331,RHEL-08-020332
+     stigid@sle12: SLES-12-010231
+     stigid@sle15: SLES-15-020300
+     stigid@ubuntu2004: UBTU-20-010463
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh
+index 1dd45236b..6766ce732 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = none
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh
+index 0dfb32e31..03bcd23d1 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh
+index 9dc5d7677..a16c83995 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
+index 55c7149f5..861c85d5f 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
+@@ -38,7 +38,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-010291
+     stigid@ol8: OL08-00-010121
+-    stigid@rhel8: RHEL-08-010121
++    stigid@almalinux8: RHEL-08-010121
+     stigid@sle12: SLES-12-010221
+     stigid@sle15: SLES-15-020181
+     stigid@ubuntu2004: UBTU-20-010462
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
+index 3147b3e0d..bb5952a84 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
+@@ -51,7 +51,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020310
+     stigid@ol8: OL08-00-040200
+-    stigid@rhel8: RHEL-08-040200
++    stigid@almalinux8: RHEL-08-040200
+     stigid@sle12: SLES-12-010650
+     stigid@sle15: SLES-15-020100
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml
+index 888cc054f..2b7d571ad 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh
+index 7bbfd7675..3d438fe7a 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_pam_wheel_group_for_su") }}}
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml
+index 8f87bf06e..6bed5ef5a 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml
+index 5f9c92aac..119219eb0 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
+index 10a747ef2..5a819abfc 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
+index e7f5c730c..8f06c6cfa 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh
+index bd1ba1ccb..d139fdda4 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ 
+ # uncomment the option if commented
+ sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
+index e236b1ec2..d84d7345f 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh
+index d16374ffd..1ae066fd9 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ {{{ bash_instantiate_variables("var_pam_wheel_group_for_su") }}}
+ 
+ PAM_CONF=/etc/pam.d/su
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
+index 1c0e2ca28..54ebaf547 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
+@@ -30,7 +30,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020610
+     stigid@ol8: OL08-00-010760
+-    stigid@rhel8: RHEL-08-010760
++    stigid@almalinux8: RHEL-08-010760
+     stigid@sle12: SLES-12-010720
+     stigid@sle15: SLES-15-020110
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml
+index 315b2efec..657d0c4e6 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro5
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro5
+ # disruption = low
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh
+index 305f8fea8..e9470bfa1 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro5
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro5
+ 
+ {{{ bash_instantiate_variables("var_accounts_fail_delay") }}}
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
+index 0b8be731c..03bb75239 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
+@@ -32,7 +32,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00226
+     stigid@ol7: OL07-00-010430
+     stigid@ol8: OL08-00-020310
+-    stigid@rhel8: RHEL-08-020310
++    stigid@almalinux8: RHEL-08-020310
+     stigid@sle12: SLES-12-010140
+ 
+ ocil_clause: 'the value of "FAIL_DELAY" is not set to "{{{ xccdf_value("var_accounts_fail_delay") }}}" or greater, or the line is commented out'
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml
+index 88758d295..f0c54f4c3 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh
+index 3415b164a..97ac5e4d9 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
+ 
+ {{{ bash_instantiate_variables("var_accounts_max_concurrent_login_sessions") }}}
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
+index 477afdbe7..1ccd6d5c0 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
+@@ -39,7 +39,7 @@ references:
+     srg: SRG-OS-000027-GPOS-00008
+     stigid@ol7: OL07-00-040000
+     stigid@ol8: OL08-00-020024
+-    stigid@rhel8: RHEL-08-020024
++    stigid@almalinux8: RHEL-08-020024
+     stigid@sle12: SLES-12-010120
+     stigid@sle15: SLES-15-020020
+     stigid@ubuntu2004: UBTU-20-010400
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
+index d3798de62..19761e09d 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
+index da628bc5e..90f23cb90 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
+index ebab6010f..edb1e218c 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
+@@ -33,7 +33,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020730
+     stigid@ol8: OL08-00-010660
+-    stigid@rhel8: RHEL-08-010660
++    stigid@almalinux8: RHEL-08-010660
+     stigid@sle12: SLES-12-010780
+     stigid@sle15: SLES-15-040130
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
+index a59cb8c08..efdacd07b 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
+@@ -34,7 +34,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020720
+     stigid@ol8: OL08-00-010690
+-    stigid@rhel8: RHEL-08-010690
++    stigid@almalinux8: RHEL-08-010690
+     stigid@sle12: SLES-12-010770
+     stigid@sle15: SLES-15-040120
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
+index 4cc4bd31d..ab4719ded 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
+@@ -30,7 +30,7 @@ references:
+     disa: CCI-000366
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010720
+-    stigid@rhel8: RHEL-08-010720
++    stigid@almalinux8: RHEL-08-010720
+     stigid@sle12: SLES-12-010710
+     stigid@sle15: SLES-15-040070
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
+index a05675fbf..50f9b67d6 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
+@@ -35,7 +35,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020620
+     stigid@ol8: OL08-00-010750
+-    stigid@rhel8: RHEL-08-010750
++    stigid@almalinux8: RHEL-08-010750
+     stigid@sle12: SLES-12-010730
+     stigid@sle15: SLES-15-040080
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml
+index 71cb3ec5d..da5ade2a6 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml
+@@ -32,7 +32,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020670
+     stigid@ol8: OL08-00-010741
+-    stigid@rhel8: RHEL-08-010741
++    stigid@almalinux8: RHEL-08-010741
+ 
+ ocil_clause: 'the group ownership is incorrect'
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml
+index 72dd0b8c0..e62e9203c 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml
+@@ -29,7 +29,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020680
+     stigid@ol8: OL08-00-010731
+-    stigid@rhel8: RHEL-08-010731
++    stigid@almalinux8: RHEL-08-010731
+ 
+ ocil_clause: 'home directory files or folders have incorrect permissions'
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
+index efd83d032..4043bc31e 100644
+--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
+@@ -39,7 +39,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020650
+     stigid@ol8: OL08-00-010740
+-    stigid@rhel8: RHEL-08-010740
++    stigid@almalinux8: RHEL-08-010740
+     stigid@sle12: SLES-12-010750
+     stigid@sle15: SLES-15-040100
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
+index 0fc7f9aa2..a3b478785 100644
+--- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
+@@ -28,7 +28,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020710
+     stigid@ol8: OL08-00-010770
+-    stigid@rhel8: RHEL-08-010770
++    stigid@almalinux8: RHEL-08-010770
+     stigid@sle12: SLES-12-010760
+     stigid@sle15: SLES-15-040110
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files_root/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files_root/rule.yml
+index 40ab5475c..e1f07da16 100644
+--- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files_root/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files_root/rule.yml
+@@ -25,7 +25,7 @@ identifiers:
+ references:
+     disa: CCI-000366
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010770
++    stigid@almalinux8: RHEL-08-010770
+ 
+ ocil_clause: 'they are not 0740 or more permissive'
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
+index e3df0021c..fddf0065c 100644
+--- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
+@@ -32,7 +32,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020630
+     stigid@ol8: OL08-00-010730
+-    stigid@rhel8: RHEL-08-010730
++    stigid@almalinux8: RHEL-08-010730
+     stigid@sle12: SLES-12-010740
+     stigid@sle15: SLES-15-040090
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
+index 5bfb963a1..77807dbfb 100644
+--- a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
+index f94449e09..7d5abcfb3 100644
+--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
+@@ -45,7 +45,7 @@ references:
+     nist-csf: PR.IP-2
+     srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-020353
+-    stigid@rhel8: RHEL-08-020353
++    stigid@almalinux8: RHEL-08-020353
+ 
+ platform: package[bash]
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh
+index 5dac9eec3..e28301101 100644
+--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # packages = bash
+ 
+ sed -i '/umask/d' /etc/bashrc
+diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh
+index 0f681a6db..846b47fee 100644
+--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("var_accounts_user_umask") }}}
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
+index 07be79451..07193cc9f 100644
+--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
+@@ -33,7 +33,7 @@ references:
+     nist-csf: PR.IP-2
+     srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-020353
+-    stigid@rhel8: RHEL-08-020353
++    stigid@almalinux8: RHEL-08-020353
+ 
+ ocil_clause: 'the value for the "umask" parameter is not "{{{ xccdf_value("var_accounts_user_umask") }}}", or the "umask" parameter is missing or is commented out'
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh
+index 04f6247a8..bd02cb830 100644
+--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ sed -i '/umask/d' /etc/csh.cshrc
+ echo "umask 077" >> /etc/csh.cshrc
+diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
+index ba0eed42e..893d1ca2d 100644
+--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
+@@ -39,7 +39,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00228
+     stigid@ol7: OL07-00-020240
+     stigid@ol8: OL08-00-020351
+-    stigid@rhel8: RHEL-08-020351
++    stigid@almalinux8: RHEL-08-020351
+     stigid@sle12: SLES-12-010620
+     stigid@sle15: SLES-15-040420
+     stigid@ubuntu2004: UBTU-20-010016
+diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
+index fab5e5e16..65fdfc61d 100644
+--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
+@@ -41,7 +41,7 @@ references:
+     nist-csf: PR.IP-2
+     srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-020353
+-    stigid@rhel8: RHEL-08-020353
++    stigid@almalinux8: RHEL-08-020353
+ 
+ ocil_clause: |-
+     the value for the "umask" parameter is not "{{{ xccdf_value("var_accounts_user_umask") }}}",
+diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/ansible/shared.yml
+index fb91eab05..02b78a6ab 100644
+--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_rhv4
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_rhv4
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/bash/shared.sh
+index ec59ac915..3e5470b1e 100644
+--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_rhv4
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_rhv4
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml
+index 37ff12a68..c0a98aefb 100644
+--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml
+@@ -27,7 +27,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00228
+     stigid@ol7: OL07-00-021040
+     stigid@ol8: OL08-00-020352
+-    stigid@rhel8: RHEL-08-020352
++    stigid@almalinux8: RHEL-08-020352
+ 
+ ocil_clause: 'any local interactive user initialization files are found to have a umask statement that sets a value less restrictive than "077"'
+ 
+diff --git a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh
+index ec75bf6d2..eb2aa2ea1 100644
+--- a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh
++++ b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ mv /etc/pam.d/system-auth /etc/pam.d/system-auth-ac
+diff --git a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh
+index a545d9791..383a6ee76 100644
+--- a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh
++++ b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ touch /etc/pam.d/{password,system}-auth-{mycustomconfig,ac}
+diff --git a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh
+index 82fb5d543..2dbee752d 100644
+--- a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh
++++ b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ mv /etc/pam.d/system-auth /etc/pam.d/system-auth-ac
+diff --git a/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml b/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
+index 183e2f402..20d2619ef 100644
+--- a/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh b/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh
+index 31c46debf..9b4e3abe2 100644
+--- a/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh
++++ b/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # packages = authselect,pam
+ # remediation = none
+ 
+diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh b/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh
+index ac68df9e0..f589bfb44 100644
+--- a/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh
++++ b/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # packages = authselect,pam
+ 
+ authselect select minimal --force
+diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh b/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh
+index 3bd07c62e..e328ca74c 100644
+--- a/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh
++++ b/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # packages = authselect,pam
+ 
+ rm -f /etc/pam.d/{fingerprint-auth,password-auth,postlogin,smartcard-auth,system-auth}
+diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh
+index 50abc5732..306ca07b1 100644
+--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh
++++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # Based on shared/templates/grub2_bootloader_argument/tests/arg_not_there.fail.sh
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Removes audit argument from kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_grubenv.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_grubenv.fail.sh
+index 5a204756e..98a5d0256 100644
+--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_grubenv.fail.sh
++++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_grubenv.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # Based on shared/templates/grub2_bootloader_argument/tests/arg_not_there_grubenv.fail.sh
+ 
+ # Fake the kernel compile config, this is necessary when the distro's kernel is already compiled
+diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh
+index c4213caf8..c422634f2 100644
+--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh
++++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # Based on shared/templates/grub2_bootloader_argument/tests/wrong_value.fail.sh
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Break the argument in kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
+index eeaf319fa..852899a14 100644
+--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
+@@ -27,7 +27,7 @@ references:
+     nist: SI-16
+     srg: SRG-OS-000433-GPOS-00193,SRG-OS-000095-GPOS-00049
+     stigid@ol8: OL08-00-040004
+-    stigid@rhel8: RHEL-08-040004
++    stigid@almalinux8: RHEL-08-040004
+ 
+ ocil_clause: 'Kernel page-table isolation is not enabled'
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
+index 3e1e837c8..574a211f4 100644
+--- a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
+@@ -26,7 +26,7 @@ references:
+     ospp: FPT_ASLR_EXT.1
+     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
+     stigid@ol8: OL08-00-010422
+-    stigid@rhel8: RHEL-08-010422
++    stigid@almalinux8: RHEL-08-010422
+ 
+ ocil_clause: 'vsyscalls are enabled'
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
+index c476ddec3..5fc8e5710 100644
+--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
+@@ -46,7 +46,7 @@ references:
+     srg: SRG-OS-000080-GPOS-00048
+     stigid@ol7: OL07-00-010483
+     stigid@ol8: OL08-00-010149
+-    stigid@rhel8: RHEL-08-010149
++    stigid@almalinux8: RHEL-08-010149
+ 
+ ocil_clause: 'superuser account is not set or is set to root, admin, administrator or any other existing user name'
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml
+index f5b957e88..b678a4e70 100644
+--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml
++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml
+@@ -3,7 +3,7 @@
+     {{{ oval_metadata("The grub2 boot loader should have password protection enabled.") }}}
+ 
+     
+-      {{% if product in ["ol7", "ol8", "ol9", "rhel8"] %}}
++      {{% if product in ["ol7", "ol8", "ol9", "rhel8", "almalinux8"] %}}
+       
+       {{% else %}}
+       
+diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
+index c58c5f226..efdc99949 100644
+--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
+@@ -64,7 +64,7 @@ references:
+     srg: SRG-OS-000080-GPOS-00048
+     stigid@ol7: OL07-00-010482
+     stigid@ol8: OL08-00-010150
+-    stigid@rhel8: RHEL-08-010150
++    stigid@almalinux8: RHEL-08-010150
+     stigid@sle12: SLES-12-010430
+     stigid@sle15: SLES-15-010190
+     stigid@ubuntu2004: UBTU-20-010009
+diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml
+index bd64b621f..8eb16f129 100644
+--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml
+@@ -47,7 +47,7 @@ references:
+     srg: SRG-OS-000080-GPOS-00048
+     stigid@ol7: OL07-00-010492
+     stigid@ol8: OL08-00-010141
+-    stigid@rhel8: RHEL-08-010141
++    stigid@almalinux8: RHEL-08-010141
+ 
+ ocil_clause: 'superuser account is not set or is set to an existing name or to a common name'
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
+index e4978316b..28c0c13fa 100644
+--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
+@@ -66,7 +66,7 @@ references:
+     srg: SRG-OS-000080-GPOS-00048
+     stigid@ol7: OL07-00-010491
+     stigid@ol8: OL08-00-010140
+-    stigid@rhel8: RHEL-08-010140
++    stigid@almalinux8: RHEL-08-010140
+     stigid@sle12: SLES-12-010440
+     stigid@sle15: SLES-15-010200
+     stigid@ubuntu2004: UBTU-20-010009
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh
+index 7a828837f..d13ae7f52 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Make sure boot loader entries contain audit=1
+ for file in /boot/loader/entries/*.conf
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh
+index 3af83d30d..28a0af739 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Make sure boot loader entries contain audit=1
+ for file in /boot/loader/entries/*.conf
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh
+index 5650cc0a7..1ee373205 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Remove audit=1 from all boot entries
+ sed -Ei 's/(^options.*\s)audit=1(.*?)$/\1\2/' /boot/loader/entries/*
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh
+index e3adb9963..13e5314b1 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # remediation = none
+ 
+ # Make sure no image configured in zipl config file
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh
+index 47626442f..2a88d2abb 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # remediation = none
+ 
+ # Make sure no image configured in zipl config file
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh
+index 728c6b7bd..b06f989e6 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # remediation = none
+ 
+ touch /etc/zipl.conf
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh
+index 1ae4d631e..0f1155665 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # remediation = none
+ 
+ touch /boot/loader/entries/*.conf # Update current existing entries
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh
+index 7981ba8c5..8bfdce20e 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # remediation = none
+ 
+ touch /etc/zipl.conf
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh
+index 50cf1b78f..33cd2971b 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
+ 
+ # Make sure boot loader entries contain init_on_alloc=1
+ for file in /boot/loader/entries/*.conf
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh
+index 7c0d91547..f8fd73edb 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
+ 
+ # Make sure boot loader entries contain init_on_alloc=1
+ for file in /boot/loader/entries/*.conf
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh
+index 9d330c919..62547cbb3 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
+ 
+ # Remove init_on_alloc=1 from all boot entries
+ sed -Ei 's/(^options.*\s)init_on_alloc=1(.*?)$/\1\2/' /boot/loader/entries/*
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/ansible/shared.yml b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/ansible/shared.yml
+index 5585e0eaf..bd860eb70 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/ansible/shared.yml
++++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # reboot = true
+ # strategy = configure
+ # complexity = medium
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/bash/shared.sh b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/bash/shared.sh
+index 0d90d58db..dfc1a2407 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/bash/shared.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ # Correct BLS option using grubby, which is a thin wrapper around BLS operations
+ grubby --update-kernel=ALL --remove-args="systemd.debug-shell"
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/argument_missing.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/argument_missing.pass.sh
+index 4649db979..fb4ec1b8a 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/argument_missing.pass.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/argument_missing.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Make sure boot loader entries don't contain systemd.debug-shell
+ sed -Ei 's/(^options.*)\s\bsystemd.debug-shell\b\S*(.*?)$/\1\2/' /boot/loader/entries/*
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_cmdline.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_cmdline.fail.sh
+index faac856fb..36382a844 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_cmdline.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_cmdline.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Make sure boot loader entries doesn't contain systemd.debug-shell
+ sed -Ei 's/(^options.*)\s\bsystemd.debug-shell\b\S*(.*?)$/\1\2/' /boot/loader/entries/*
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_entry.fail.sh
+index fe07a37d0..52a2e9e14 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_entry.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/configured_in_entry.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Remove systemd.debug-shell from all boot entries
+ sed -Ei 's/(^options.*)\s\bsystemd.debug-shell\b\S*(.*?)$/\1\2/' /boot/loader/entries/*
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/multiple_configured_in_cmdline.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/multiple_configured_in_cmdline.fail.sh
+index 0c2febb03..556ea474a 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/multiple_configured_in_cmdline.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/tests/multiple_configured_in_cmdline.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Make sure boot loader entries doesn't contain systemd.debug-shell
+ sed -Ei 's/(^options.*)\s\bsystemd.debug-shell\b\S*(.*?)$/\1\2/' /boot/loader/entries/*
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
+index 8fa32223f..89e411a7f 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ if ! grep -s "^\s*cron\.\*\s*/var/log/cron$" /etc/rsyslog.conf /etc/rsyslog.d/*.conf; then
+ 	mkdir -p /etc/rsyslog.d
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
+index 3be9ad9b1..3e3d91f5d 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
+@@ -38,7 +38,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021100
+     stigid@ol8: OL08-00-030010
+-    stigid@rhel8: RHEL-08-030010
++    stigid@almalinux8: RHEL-08-030010
+ 
+ ocil_clause: 'cron is not logging to rsyslog'
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
+index 4e321fecb..2818c4ca1 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
+index 3933f28b4..d71a075f1 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
+index 4ee12c8cf..09ff8638c 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
+@@ -33,7 +33,7 @@ references:
+     nist: AU-4(1)
+     srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
+     stigid@ol8: OL08-00-030720
+-    stigid@rhel8: RHEL-08-030720
++    stigid@almalinux8: RHEL-08-030720
+ 
+ ocil_clause: '$ActionSendStreamDriverAuthMode in /etc/rsyslog.conf is not set to x509/name'
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
+index 564ec19cc..c9cbe3e4f 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
+@@ -34,7 +34,7 @@ references:
+     nist: AU-4(1)
+     srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
+     stigid@ol8: OL08-00-030710
+-    stigid@rhel8: RHEL-08-030710
++    stigid@almalinux8: RHEL-08-030710
+ 
+ ocil_clause: 'rsyslogd ActionSendStreamDriverMode is not set to 1'
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
+index 7b9dcc0be..20aa3afaf 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
+@@ -34,7 +34,7 @@ references:
+     nist: AU-4(1)
+     srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
+     stigid@ol8: OL08-00-030710
+-    stigid@rhel8: RHEL-08-030710
++    stigid@almalinux8: RHEL-08-030710
+ 
+ ocil_clause: 'rsyslogd DefaultNetstreamDriver not set to gtls'
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
+index c1f2165a1..d92008f40 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
+@@ -35,7 +35,7 @@ references:
+     nist: AC-17(1)
+     srg: SRG-OS-000032-GPOS-00013
+     stigid@ol8: OL08-00-010070
+-    stigid@rhel8: RHEL-08-010070
++    stigid@almalinux8: RHEL-08-010070
+     stigid@ubuntu2004: UBTU-20-010403
+     stigid@ubuntu2204: UBTU-22-652015
+ 
+diff --git a/linux_os/guide/system/logging/journald/journald_compress/rule.yml b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
+index 7eafd360b..b46871be0 100644
+--- a/linux_os/guide/system/logging/journald/journald_compress/rule.yml
++++ b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
+@@ -32,7 +32,7 @@ ocil: |-
+     Storing logs with compression can help avoid filling the system disk.
+     Run the following command to verify that journald is compressing logs.
+     
+-{{%- if product in ["fedora", "rhel8", "rhel9", "sle15"] %}}
++{{%- if product in ["fedora", "rhel8", "almalinux8", "rhel9", "sle15"] %}}
+     grep "^\sCompress" /etc/systemd/journald.conf {{{ journald_conf_dir_path }}}/*.conf
+ {{% else %}}
+     grep "^\sCompress" /etc/systemd/journald.conf
+@@ -43,7 +43,7 @@ ocil: |-
+     Compress=yes
+     

+ 
+-{{%- if product in ["fedora", "rhel8", "rhel9", "sle15"] %}}
++{{%- if product in ["fedora", "rhel8", "almalinux8", "rhel9", "sle15"] %}}
+ template:
+     name: systemd_dropin_configuration
+     vars:
+diff --git a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
+index e0fab4b24..3f30b01d9 100644
+--- a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
++++ b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
+@@ -31,7 +31,7 @@ ocil: |-
+     Storing logs remotely protects the integrity of the data from local attacks.
+     Run the following command to verify that journald is forwarding logs to a remote host.
+     
+-{{%- if product in ["rhel8", "rhel9", "sle15"] %}}
++{{%- if product in ["rhel8", "almalinux8", "rhel9", "sle15"] %}}
+     grep "^\sForwardToSyslog" /etc/systemd/journald.conf {{{ journald_conf_dir_path }}}/*.conf
+ {{% else %}}
+     grep "^\sForwardToSyslog" /etc/systemd/journald.conf
+@@ -42,7 +42,7 @@ ocil: |-
+     ForwardToSyslog=yes
+     

+ 
+-{{%- if product in ["rhel8", "rhel9", "sle15"] %}}
++{{%- if product in ["rhel8", "almalinux8", "rhel9", "sle15"] %}}
+ template:
+     name: systemd_dropin_configuration
+     vars:
+diff --git a/linux_os/guide/system/logging/journald/journald_storage/rule.yml b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
+index d13ef07c9..7698a7856 100644
+--- a/linux_os/guide/system/logging/journald/journald_storage/rule.yml
++++ b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
+@@ -31,7 +31,7 @@ ocil: |-
+     Storing logs with persistent storage ensures they are available after a reboot or system crash.
+     Run the command below to verify that logs are being persistently stored to disk.
+     
+-{{%- if product in ["fedora", "rhel8", "rhel9", "sle15"] %}}
++{{%- if product in ["fedora", "rhel8", "almalinux8", "rhel9", "sle15"] %}}
+     grep "^\sStorage" /etc/systemd/journald.conf {{{ journald_conf_dir_path }}}/*.conf
+ {{% else %}}
+     grep "^\sStorage" /etc/systemd/journald.conf
+@@ -42,7 +42,7 @@ ocil: |-
+     Storage=persistent
+     

+ 
+-{{%- if product in ["fedora", "rhel8", "rhel9", "sle15"] %}}
++{{%- if product in ["fedora", "rhel8", "almalinux8", "rhel9", "sle15"] %}}
+ template:
+     name: systemd_dropin_configuration
+     vars:
+diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
+index 892523fc4..9fbba1ccb 100644
+--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
++++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
+index ef3415b6a..6eebe43b9 100644
+--- a/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
++++ b/linux_os/guide/system/logging/log_rotation/timer_logrotate_enabled/rule.yml
+@@ -51,7 +51,7 @@ template:
+         timername: logrotate
+         packagename: logrotate
+ 
+-{{% if product in ["rhel8"] %}}
++{{% if product in ["rhel8", "almalinux8"] %}}
+ warnings:
+     - general:
+         The Systemd unit logrotate.timer does not exist in
+diff --git a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
+index 14abf739b..f41d894f3 100644
+--- a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
++++ b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
+@@ -28,7 +28,7 @@ references:
+     disa: CCI-000366,CCI-000803
+     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000120-GPOS-00061
+     stigid@ol8: OL08-00-030680
+-    stigid@rhel8: RHEL-08-030680
++    stigid@almalinux8: RHEL-08-030680
+ 
+ ocil_clause: 'the package is not installed'
+ 
+diff --git a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
+index 54fe1e568..fd6124899 100644
+--- a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
++++ b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
+@@ -33,7 +33,7 @@ references:
+     nist-csf: PR.PT-1
+     srg: SRG-OS-000479-GPOS-00224,SRG-OS-000051-GPOS-00024,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-030670
+-    stigid@rhel8: RHEL-08-030670
++    stigid@almalinux8: RHEL-08-030670
+ 
+ ocil_clause: 'the package is not installed'
+ 
+diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
+index f42709ef5..8b35da68b 100644
+--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
+index f2019bb9a..a12ceb5c1 100644
+--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_ubuntu
+ 
+ {{{ bash_instantiate_variables("rsyslog_remote_loghost_address") }}}
+ 
+diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
+index 58909be6e..9cf411641 100644
+--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
+@@ -61,7 +61,7 @@ references:
+     srg: SRG-OS-000479-GPOS-00224,SRG-OS-000480-GPOS-00227,SRG-OS-000342-GPOS-00133
+     stigid@ol7: OL07-00-031000
+     stigid@ol8: OL08-00-030690
+-    stigid@rhel8: RHEL-08-030690
++    stigid@almalinux8: RHEL-08-030690
+     stigid@sle12: SLES-12-030340
+     stigid@sle15: SLES-15-010580
+ 
+diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml
+index d6e2b2564..323d3ffaa 100644
+--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml
++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh
+index ee1cbf7ea..eb4e5adc4 100644
+--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh
++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
+index 5a6036bac..706df5c2d 100644
+--- a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
++++ b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
+@@ -35,7 +35,7 @@ references:
+     nist-csf: DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.DS-4,PR.PT-1
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010561
+-    stigid@rhel8: RHEL-08-010561
++    stigid@almalinux8: RHEL-08-010561
+     stigid@ubuntu2004: UBTU-20-010432
+     stigid@ubuntu2204: UBTU-22-652010
+ 
+diff --git a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
+index c18b89c9e..88fda59ab 100644
+--- a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
++++ b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
+@@ -25,7 +25,7 @@ references:
+     nist: SC-5
+     srg: SRG-OS-000420-GPOS-00186
+     stigid@ol8: OL08-00-040150
+-    stigid@rhel8: RHEL-08-040150
++    stigid@almalinux8: RHEL-08-040150
+ 
+ ocil_clause: 'the "nftables" is not set as the "firewallbackend"'
+ 
+diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
+index 13ab76040..8d2769fd4 100644
+--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
+@@ -35,7 +35,7 @@ references:
+     srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115,SRG-OS-000298-GPOS-00116,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00232
+     stigid@ol7: OL07-00-040520
+     stigid@ol8: OL08-00-040100
+-    stigid@rhel8: RHEL-08-040100
++    stigid@almalinux8: RHEL-08-040100
+     stigid@sle15: SLES-15-010220
+ 
+ ocil_clause: 'the package is not installed'
+diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+index d52baffd9..22a7cf53e 100644
+--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+@@ -41,7 +41,7 @@ references:
+     srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00231,SRG-OS-000480-GPOS-00232
+     stigid@ol7: OL07-00-040520
+     stigid@ol8: OL08-00-040101
+-    stigid@rhel8: RHEL-08-040101
++    stigid@almalinux8: RHEL-08-040101
+     stigid@sle15: SLES-15-010220
+ 
+ ocil_clause: '{{{ ocil_clause_service_enabled("firewalld") }}}'
+diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
+index 8b5f098f8..d09fa36b6 100644
+--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
+@@ -49,7 +49,7 @@ references:
+     srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115
+     stigid@ol7: OL07-00-040100
+     stigid@ol8: OL08-00-040030
+-    stigid@rhel8: RHEL-08-040030
++    stigid@almalinux8: RHEL-08-040030
+ 
+ ocil_clause: 'there are additional ports, protocols, or services that are not in the PPSM CLSA, or there are ports, protocols, or services that are prohibited by the PPSM Category Assurance List (CAL), or there are no firewall rules configured'
+ 
+diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
+index b136bce25..922e1aa46 100644
+--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ol
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ol
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
+index 9c8e18823..b4fd81cf7 100644
+--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
+@@ -24,7 +24,7 @@ references:
+     nist: AC-17 (1)
+     srg: SRG-OS-000297-GPOS-00115
+     stigid@ol8: OL08-00-040090
+-    stigid@rhel8: RHEL-08-040090
++    stigid@almalinux8: RHEL-08-040090
+ 
+ ocil_clause: 'no zones are active on the interfaces or if the target is set to a different option other than "DROP"'
+ 
+diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
+index 0ea52afd9..658214d09 100644
+--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
+@@ -42,7 +42,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-3
+     pcidss: Req-1.4
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040090
++    stigid@almalinux8: RHEL-08-040090
+ 
+ ocil_clause: 'the default zone is not set to DROP'
+ 
+diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
+index 51b6c4fb6..679e35435 100644
+--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
++++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # check-import = stdout
+ 
+ result=$XCCDF_RESULT_PASS
+diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh
+index b2a8e350c..e97d0f4a5 100644
+--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh
++++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # check-import = stdout
+ 
+ result=$XCCDF_RESULT_PASS
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
+index d787fbbbf..d209806d8 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ 
+ # enable randomness in ipv6 address generation
+ for interface in /etc/sysconfig/network-scripts/ifcfg-*
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
+index 87306fedb..88e2884bc 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
+index b361549d1..f8adf0f64 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
+@@ -33,7 +33,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-3
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040261
+-    stigid@rhel8: RHEL-08-040261
++    stigid@almalinux8: RHEL-08-040261
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_ra", value="0") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml
+index 8792fc668..2c7c4b025 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
+index 4e7c5be44..360e86714 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
+@@ -34,7 +34,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-3
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040280
+-    stigid@rhel8: RHEL-08-040280
++    stigid@almalinux8: RHEL-08-040280
+     stigid@sle12: SLES-12-030363
+     stigid@sle15: SLES-15-040341
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml
+index e222b1c88..85b92ce90 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
+index bab3ff393..e02540987 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040830
+     stigid@ol8: OL08-00-040240
+-    stigid@rhel8: RHEL-08-040240
++    stigid@almalinux8: RHEL-08-040240
+     stigid@sle12: SLES-12-030361
+     stigid@sle15: SLES-15-040310
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
+index b9cde5e58..673f81ae8 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
+@@ -35,7 +35,7 @@ references:
+     nist-csf: DE.CM-1,PR.DS-4,PR.IP-1,PR.PT-3
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040260
+-    stigid@rhel8: RHEL-08-040260
++    stigid@almalinux8: RHEL-08-040260
+     stigid@sle12: SLES-12-030364
+     stigid@sle15: SLES-15-040381
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml
+index 4ed2c480c..f59b6d7c3 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
+index a3164b1b1..f9627f3d4 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
+@@ -33,7 +33,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-3
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040262
+-    stigid@rhel8: RHEL-08-040262
++    stigid@almalinux8: RHEL-08-040262
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_ra", value="0") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml
+index 845b013ed..063776b85 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
+index a5b2f2c1a..d8f57c351 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
+@@ -37,7 +37,7 @@ references:
+     nist@slmicro5: CM-6(b),CM-6.1(iv)
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040210
+-    stigid@rhel8: RHEL-08-040210
++    stigid@almalinux8: RHEL-08-040210
+     stigid@sle12: SLES-12-030401
+     stigid@sle15: SLES-15-040350
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml
+index e2951d845..0335df123 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
+index c46cdcfea..8a0ae66c3 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
+@@ -43,7 +43,7 @@ references:
+     pcidss: Req-1.4.3
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040250
+-    stigid@rhel8: RHEL-08-040250
++    stigid@almalinux8: RHEL-08-040250
+     stigid@sle12: SLES-12-030362
+     stigid@sle15: SLES-15-040321
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh
+index 5d8daaa6b..604dc02c0 100644
+--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh
++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Removes ipv6.disable argument from kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh
+index 0e84a458c..bf898a7c9 100644
+--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh
++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) ipv6.disable=1"
+diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh
+index db339c353..38d2f0d62 100644
+--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh
++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Break the ipv6.disable argument in kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
+index 2bd1bdbca..63ab3fe59 100644
+--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ 
+ # Drop 'tcp6' and 'udp6' entries from /etc/netconfig to prevent RPC
+ # services for NFSv4 from attempting to start IPv6 network listeners
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
+index 6bb6de134..1f0664a02 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
+index 6367ef8ea..70097d4ef 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040641
+     stigid@ol8: OL08-00-040279
+-    stigid@rhel8: RHEL-08-040279
++    stigid@almalinux8: RHEL-08-040279
+     stigid@sle12: SLES-12-030390
+     stigid@sle15: SLES-15-040330
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml
+index b3d72bb4a..b89b8a35a 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
+index 97ceccc1f..065d4b692 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
+@@ -44,7 +44,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040610
+     stigid@ol8: OL08-00-040239
+-    stigid@rhel8: RHEL-08-040239
++    stigid@almalinux8: RHEL-08-040239
+     stigid@sle12: SLES-12-030360
+     stigid@sle15: SLES-15-040300
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml
+index f1ed28560..2e9441e35 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_forwarding/rule.yml
+@@ -22,7 +22,7 @@ references:
+     nist: CM-6(b)
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040259
+-    stigid@rhel8: RHEL-08-040259
++    stigid@almalinux8: RHEL-08-040259
+ 
+ ocil_clause: 'IP forwarding value is "1" and the system is not router'
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml
+index 70e767cc4..fbe1a27a2 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml
+index c64da37a3..08535e5a1 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
+index 9a76b723e..90dd2f842 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
+@@ -40,7 +40,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040611
+     stigid@ol8: OL08-00-040285
+-    stigid@rhel8: RHEL-08-040285
++    stigid@almalinux8: RHEL-08-040285
+ 
+ ocil: |-
+     The runtime status of the net.ipv4.conf.all.rp_filter parameter can be queried
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh
+index 583b70a3b..d9bca3de6 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ # Clean sysctl config directories
+ rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh
+index ef545976d..bf1ccb250 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ # Clean sysctl config directories
+ rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
+index 8b075d55e..0dd17a34b 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
+index 2bfbd9e46..8ea37100a 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
+index 8f2b53aa8..15f51d661 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040640
+     stigid@ol8: OL08-00-040209
+-    stigid@rhel8: RHEL-08-040209
++    stigid@almalinux8: RHEL-08-040209
+     stigid@sle12: SLES-12-030400
+     stigid@sle15: SLES-15-040340
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
+index aa7d1562b..08668d03c 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
+index bac36aac5..2da73e4ad 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
+@@ -45,7 +45,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040620
+     stigid@ol8: OL08-00-040249
+-    stigid@rhel8: RHEL-08-040249
++    stigid@almalinux8: RHEL-08-040249
+     stigid@sle12: SLES-12-030370
+     stigid@sle15: SLES-15-040320
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
+index 3a60ab17c..728ddb817 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
+index b6e53de36..0b652c7cf 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
+index aeb67c4e0..f47a8ab67 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
+index 52d74441b..08c8c256d 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
+index 7fa90e1eb..e4927a4fb 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
+@@ -42,7 +42,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040630
+     stigid@ol8: OL08-00-040230
+-    stigid@rhel8: RHEL-08-040230
++    stigid@almalinux8: RHEL-08-040230
+     stigid@sle12: SLES-12-030380
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.icmp_echo_ignore_broadcasts", value="1") }}}
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
+index 9e3a85af9..d4f4d31cb 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
+index 0c8dae788..a26df0c5a 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
+index ea1db12fe..5d8b19f68 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
+index e0286fee8..279b309fd 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
+@@ -42,7 +42,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040660
+     stigid@ol8: OL08-00-040220
+-    stigid@rhel8: RHEL-08-040220
++    stigid@almalinux8: RHEL-08-040220
+     stigid@sle12: SLES-12-030420
+     stigid@sle15: SLES-15-040370
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
+index b54e3d12b..125464d7a 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
+index 5d3bbd883..3fc2de52c 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
+@@ -42,7 +42,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040650
+     stigid@ol8: OL08-00-040270
+-    stigid@rhel8: RHEL-08-040270
++    stigid@almalinux8: RHEL-08-040270
+     stigid@sle12: SLES-12-030410
+     stigid@sle15: SLES-15-040360
+ 
+diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh b/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh
+index 89d344c4f..1a926adaa 100644
+--- a/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh
++++ b/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # check-import = stdout
+ 
+ tbl_output=$(nft list tables | grep inet)
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
+index 6e06e0c6d..b228978f3 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
+@@ -26,7 +26,7 @@ references:
+     nist: AC-18
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040021
+-    stigid@rhel8: RHEL-08-040021
++    stigid@almalinux8: RHEL-08-040021
+ 
+ {{{ complete_ocil_entry_module_disable(module="atm") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
+index 433d01012..63ad0a2c4 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
+@@ -27,7 +27,7 @@ references:
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040022
+-    stigid@rhel8: RHEL-08-040022
++    stigid@almalinux8: RHEL-08-040022
+ 
+ {{{ complete_ocil_entry_module_disable(module="can") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh
+index 57cc29270..4b1b2805e 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/tests/missing_blacklist.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ 
+ rm -f /etc/modprobe.d/dccp-blacklist.conf
+ echo "install {{{ KERNMODULE }}} /bin/true" > /etc/modprobe.d/{{{ KERNMODULE }}}.conf
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
+index c4b6bb2e8..61804c3ed 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
+@@ -25,7 +25,7 @@ references:
+     nist: AC-18
+     srg: SRG-OS-000095-GPOS-00049
+     stigid@ol8: OL08-00-040026
+-    stigid@rhel8: RHEL-08-040026
++    stigid@almalinux8: RHEL-08-040026
+ 
+ {{{ complete_ocil_entry_module_disable(module="firewire-core") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
+index ba4ca0616..d4ef1fc21 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
+@@ -42,7 +42,7 @@ references:
+     pcidss: Req-1.4.2
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040023
+-    stigid@rhel8: RHEL-08-040023
++    stigid@almalinux8: RHEL-08-040023
+ 
+ {{{ complete_ocil_entry_module_disable(module="sctp") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
+index 3d0417c01..bbae29491 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
+@@ -41,7 +41,7 @@ references:
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000095-GPOS-00049
+     stigid@ol8: OL08-00-040024
+-    stigid@rhel8: RHEL-08-040024
++    stigid@almalinux8: RHEL-08-040024
+ 
+ {{{ complete_ocil_entry_module_disable(module="tipc") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
+index e14d31803..e926995b2 100644
+--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
+@@ -36,7 +36,7 @@ references:
+     nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000300-GPOS-00118
+     stigid@ol8: OL08-00-040111
+-    stigid@rhel8: RHEL-08-040111
++    stigid@almalinux8: RHEL-08-040111
+ 
+ {{{ complete_ocil_entry_module_disable(module="bluetooth") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+index 830e35504..f4130dffb 100644
+--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
++++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+@@ -63,7 +63,7 @@ references:
+     srg: SRG-OS-000299-GPOS-00117,SRG-OS-000300-GPOS-00118,SRG-OS-000424-GPOS-00188,SRG-OS-000481-GPOS-000481
+     stigid@ol7: OL07-00-041010
+     stigid@ol8: OL08-00-040110
+-    stigid@rhel8: RHEL-08-040110
++    stigid@almalinux8: RHEL-08-040110
+     stigid@sle12: SLES-12-030450
+     stigid@sle15: SLES-15-010380
+     stigid@ubuntu2004: UBTU-20-010455
+diff --git a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
+index 171d87a34..6fbdacd90 100644
+--- a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
++++ b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
+@@ -52,7 +52,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040600
+     stigid@ol8: OL08-00-010680
+-    stigid@rhel8: RHEL-08-010680
++    stigid@almalinux8: RHEL-08-010680
+ 
+ ocil_clause: 'less than two lines are returned that are not commented out'
+ 
+diff --git a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh
+index 0f2d15979..27572472b 100644
+--- a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh
++++ b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh
+@@ -1,3 +1,3 @@
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ source common.sh
+diff --git a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh
+index 469db24e9..671a4d019 100644
+--- a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh
++++ b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ source common.sh
+ 
+diff --git a/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh b/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
+index 7e8b5abc0..44ac0069f 100644
+--- a/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
++++ b/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
+@@ -1,2 +1,2 @@
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ echo "NOZEROCONF=yes" >> /etc/sysconfig/network
+diff --git a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
+index 045befe2b..cb724a04e 100644
+--- a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
++++ b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 10,multi_platform_ol,multi_platform_rhv,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 10,multi_platform_ol,multi_platform_rhv,multi_platform_fedora
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
+index df4ca9bba..260aba38b 100644
+--- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
++++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
+@@ -46,7 +46,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040670
+     stigid@ol8: OL08-00-040330
+-    stigid@rhel8: RHEL-08-040330
++    stigid@almalinux8: RHEL-08-040330
+     stigid@sle12: SLES-12-030440
+     stigid@sle15: SLES-15-040390
+ 
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
+index de314e8b2..aa32dfeba 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
+@@ -25,7 +25,7 @@ identifiers:
+ references:
+     disa: CCI-000366,CCI-001090
+     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000138-GPOS-00069
+-    stigid@rhel8: RHEL-08-010700
++    stigid@almalinux8: RHEL-08-010700
+ 
+ ocil_clause: 'there are world-writable directories not owned by root'
+ 
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
+index 33caa81c9..df5b4eacb 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
+index e488cceeb..f36b06f69 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ df --local -P | awk '{if (NR!=1) print $6}' \
+ | xargs -I '$6' find '$6' -xdev -type d \
+ \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
+index 69d08bf04..9b1ef1291 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
+@@ -51,7 +51,7 @@ references:
+     nist-csf: PR.AC-4,PR.DS-5
+     srg: SRG-OS-000138-GPOS-00069
+     stigid@ol8: OL08-00-010190
+-    stigid@rhel8: RHEL-08-010190
++    stigid@almalinux8: RHEL-08-010190
+     stigid@sle12: SLES-12-010460
+     stigid@sle15: SLES-15-010300
+     stigid@ubuntu2004: UBTU-20-010411
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
+index 7a11abcd6..78cee0a4f 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
+@@ -38,7 +38,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021030
+     stigid@ol8: OL08-00-010710
+-    stigid@rhel8: RHEL-08-010710
++    stigid@almalinux8: RHEL-08-010710
+     stigid@sle12: SLES-12-010830
+     stigid@sle15: SLES-15-040180
+ 
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
+index 50f9e7742..e60a7155e 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
++++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
+@@ -28,7 +28,7 @@ references:
+     nist: AU-12(b)
+     srg: SRG-OS-000063-GPOS-00032
+     stigid@ol8: OL08-00-030610
+-    stigid@rhel8: RHEL-08-030610
++    stigid@almalinux8: RHEL-08-030610
+     stigid@ubuntu2004: UBTU-20-010133
+     stigid@ubuntu2204: UBTU-22-653065
+ 
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
+index 4a6b9ceeb..b3eff4127 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
++++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
+@@ -28,7 +28,7 @@ references:
+     nist: AU-12(b)
+     srg: SRG-OS-000063-GPOS-00032
+     stigid@ol8: OL08-00-030610
+-    stigid@rhel8: RHEL-08-030610
++    stigid@almalinux8: RHEL-08-030610
+     stigid@ubuntu2004: UBTU-20-010133
+     stigid@ubuntu2204: UBTU-22-653065
+ 
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
+index 814e0ceb5..2b3500de4 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
++++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
+@@ -48,7 +48,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020330
+     stigid@ol8: OL08-00-010790
+-    stigid@rhel8: RHEL-08-010790
++    stigid@almalinux8: RHEL-08-010790
+     stigid@sle12: SLES-12-010700
+     stigid@sle15: SLES-15-040410
+ 
+diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
+index 14e9efe3e..848445786 100644
+--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
++++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
+@@ -47,7 +47,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020320
+     stigid@ol8: OL08-00-010780
+-    stigid@rhel8: RHEL-08-010780
++    stigid@almalinux8: RHEL-08-010780
+     stigid@sle12: SLES-12-010690
+     stigid@sle15: SLES-15-040400
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
+index c85245e66..0b39eac37 100644
+--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
+@@ -28,7 +28,7 @@ references:
+     disa: CCI-001314
+     srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
+     stigid@ol8: OL08-00-010260
+-    stigid@rhel8: RHEL-08-010260
++    stigid@almalinux8: RHEL-08-010260
+     stigid@ubuntu2004: UBTU-20-010417
+     stigid@ubuntu2204: UBTU-22-232125
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
+index 68849bd25..69c223210 100644
+--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
+@@ -19,7 +19,7 @@ references:
+     disa: CCI-001314
+     srg: SRG-OS-000206-GPOS-00084
+     stigid@ol8: OL08-00-010230
+-    stigid@rhel8: RHEL-08-010230
++    stigid@almalinux8: RHEL-08-010230
+ 
+ ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log/messages", group="root") }}}'
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
+index c098f043b..45b57fc15 100644
+--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
+@@ -21,7 +21,7 @@ references:
+     disa: CCI-001314
+     srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
+     stigid@ol8: OL08-00-010250
+-    stigid@rhel8: RHEL-08-010250
++    stigid@almalinux8: RHEL-08-010250
+     stigid@ubuntu2004: UBTU-20-010418
+     stigid@ubuntu2204: UBTU-22-232120
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
+index b17311a24..70dafa9d8 100644
+--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
+@@ -19,7 +19,7 @@ references:
+     disa: CCI-001314
+     srg: SRG-OS-000206-GPOS-00084
+     stigid@ol8: OL08-00-010220
+-    stigid@rhel8: RHEL-08-010220
++    stigid@almalinux8: RHEL-08-010220
+ 
+ ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log/messages", owner="root") }}}'
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
+index 54ff93140..217aa64e9 100644
+--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
+@@ -22,7 +22,7 @@ references:
+     disa: CCI-001314
+     srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
+     stigid@ol8: OL08-00-010240
+-    stigid@rhel8: RHEL-08-010240
++    stigid@almalinux8: RHEL-08-010240
+     stigid@ubuntu2004: UBTU-20-010419
+     stigid@ubuntu2204: UBTU-22-232025
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
+index cc2286f54..4a77ab174 100644
+--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
+@@ -20,7 +20,7 @@ references:
+     disa: CCI-001314
+     srg: SRG-OS-000206-GPOS-00084
+     stigid@ol8: OL08-00-010210
+-    stigid@rhel8: RHEL-08-010210
++    stigid@almalinux8: RHEL-08-010210
+ 
+ ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log/messages", perms="-rw-r-----") }}}'
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
+index b06834e4f..fe1277bff 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
+@@ -40,7 +40,7 @@ references:
+     nist: CM-5(6),CM-5(6).1
+     srg: SRG-OS-000259-GPOS-00100
+     stigid@ol8: OL08-00-010351
+-    stigid@rhel8: RHEL-08-010351
++    stigid@almalinux8: RHEL-08-010351
+     stigid@sle12: SLES-12-010876
+     stigid@sle15: SLES-15-010356
+     stigid@ubuntu2004: UBTU-20-010431
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
+index 3fcdad610..b44ebf7de 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
+@@ -39,7 +39,7 @@ references:
+     nist: CM-5(6),CM-5(6).1
+     srg: SRG-OS-000259-GPOS-00100
+     stigid@ol8: OL08-00-010341
+-    stigid@rhel8: RHEL-08-010341
++    stigid@almalinux8: RHEL-08-010341
+     stigid@sle12: SLES-12-010874
+     stigid@sle15: SLES-15-010354
+     stigid@ubuntu2004: UBTU-20-010429
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
+index d2b47d989..9f25146b9 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ DIRS="/lib /lib64 /usr/lib /usr/lib64"
+ for dirPath in $DIRS; do
+ 	find "$dirPath" -type d -exec chown root '{}' \;
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
+index 542184ae8..9cdfbf737 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ groupadd nogroup
+ DIRS="/lib /lib64"
+ for dirPath in $DIRS; do
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
+index f76b5b354..3abf4036c 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
+@@ -46,7 +46,7 @@ references:
+     nist: CM-5,CM-5(6),CM-5(6).1
+     srg: SRG-OS-000259-GPOS-00100
+     stigid@ol8: OL08-00-010331
+-    stigid@rhel8: RHEL-08-010331
++    stigid@almalinux8: RHEL-08-010331
+     stigid@sle12: SLES-12-010872
+     stigid@sle15: SLES-15-010352
+     stigid@ubuntu2004: UBTU-20-010427
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
+index 5f8dcd2eb..7980d87b5 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ DIRS="/lib /lib64 /usr/lib /usr/lib64"
+ for dirPath in $DIRS; do
+ 	find "$dirPath" -perm /022 -type d -exec chmod go-w '{}' \;
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
+index c3cd0944b..3c41df40c 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ DIRS="/lib /lib64 /usr/lib /usr/lib64"
+ for dirPath in $DIRS; do
+     chmod -R 755 "$dirPath"
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
+index 90ae74be6..243a8e16e 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ DIRS="/lib /lib64"
+ for dirPath in $DIRS; do
+ 	mkdir -p "$dirPath/testme" && chmod 777  "$dirPath/testme"
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
+index ebaf9b766..858020d51 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ DIRS="/usr/lib /usr/lib64"
+ for dirPath in $DIRS; do
+ 	mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
+index 8e9fc7b8b..7ce862d34 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = restrict
+ # complexity = medium
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
+index 8ecb16700..bad3166e1 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ for SYSCMDFILES in /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin
+ do
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
+index 11733e096..d8d55c32e 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
+@@ -46,7 +46,7 @@ references:
+     nist: CM-5(6),CM-5(6).1
+     srg: SRG-OS-000259-GPOS-00100
+     stigid@ol8: OL08-00-010320
+-    stigid@rhel8: RHEL-08-010320
++    stigid@almalinux8: RHEL-08-010320
+     stigid@sle12: SLES-12-010882
+     stigid@sle15: SLES-15-010361
+     stigid@ubuntu2004: UBTU-20-010458
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
+index bfa87de9e..8e2e64479 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = restrict
+ # complexity = medium
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
+index c01f262cb..2f899a4ae 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
+ find /bin/ \
+ /usr/bin/ \
+ /usr/local/bin/ \
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
+index 563c8a91b..82d19056c 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
+@@ -44,7 +44,7 @@ references:
+     nist-csf: PR.AC-4,PR.DS-5
+     srg: SRG-OS-000259-GPOS-00100
+     stigid@ol8: OL08-00-010310
+-    stigid@rhel8: RHEL-08-010310
++    stigid@almalinux8: RHEL-08-010310
+     stigid@sle12: SLES-12-010879
+     stigid@sle15: SLES-15-010359
+     stigid@ubuntu2004: UBTU-20-010457
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
+index 2f00b19b3..6d4a7e6b0 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
+@@ -45,7 +45,7 @@ references:
+     nist-csf: PR.AC-4,PR.DS-5
+     srg: SRG-OS-000259-GPOS-00100
+     stigid@ol8: OL08-00-010340
+-    stigid@rhel8: RHEL-08-010340
++    stigid@almalinux8: RHEL-08-010340
+     stigid@sle12: SLES-12-010873
+     stigid@sle15: SLES-15-010353
+     stigid@ubuntu2004: UBTU-20-010428
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
+index 9c3fa6fe9..78ab97152 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ 
+ for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64
+ do
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
+index 02867684c..8b274eded 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ 
+ useradd user_test
+ for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
+index 81d8a339e..70345d4e7 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ 
+ useradd user_test
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh
+index 3382568ce..b4f4bd0a0 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+ 
+ useradd user_test
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
+index ab6d35c79..f37c06f86 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = restrict
+ # complexity = medium
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
+index 6eef84def..984fb7f55 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ DIRS="/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin /usr/libexec"
+ for dirPath in $DIRS; do
+ 	find "$dirPath" -perm /022 -exec chmod go-w '{}' \;
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
+index bc98cf038..196623fa3 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
+@@ -44,7 +44,7 @@ references:
+     nist-csf: PR.AC-4,PR.DS-5
+     srg: SRG-OS-000259-GPOS-00100
+     stigid@ol8: OL08-00-010300
+-    stigid@rhel8: RHEL-08-010300
++    stigid@almalinux8: RHEL-08-010300
+     stigid@sle12: SLES-12-010878
+     stigid@sle15: SLES-15-010358
+     stigid@ubuntu2004: UBTU-20-010456
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
+index 82aad077f..03f3313c2 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
+@@ -45,7 +45,7 @@ references:
+     nist-csf: PR.AC-4,PR.DS-5
+     srg: SRG-OS-000259-GPOS-00100
+     stigid@ol8: OL08-00-010330
+-    stigid@rhel8: RHEL-08-010330
++    stigid@almalinux8: RHEL-08-010330
+     stigid@sle12: SLES-12-010871
+     stigid@sle15: SLES-15-010351
+     stigid@ubuntu2004: UBTU-20-010426
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
+index 7dc898b83..285bc507a 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
+@@ -44,7 +44,7 @@ references:
+     nist: CM-5(6),CM-5(6).1
+     srg: SRG-OS-000259-GPOS-00100
+     stigid@ol8: OL08-00-010350
+-    stigid@rhel8: RHEL-08-010350
++    stigid@almalinux8: RHEL-08-010350
+     stigid@sle12: SLES-12-010875
+     stigid@sle15: SLES-15-010355
+     stigid@ubuntu2004: UBTU-20-010430
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
+index 5356d3742..a85c88001 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
+ 
+ for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64
+ do
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
+index 7352b60aa..fc84e065c 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
+ 
+ groupadd group_test
+ for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me
+diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
+index b0d594003..4a71eccda 100644
+--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
+index 52d4fa75d..44ec247a9 100644
+--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
+@@ -26,7 +26,7 @@ references:
+     nist: CM-6(a),AC-6(1)
+     srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000324-GPOS-00125
+     stigid@ol8: OL08-00-010374
+-    stigid@rhel8: RHEL-08-010374
++    stigid@almalinux8: RHEL-08-010374
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_hardlinks", value="1") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
+index 5ce0decba..b7a4243e4 100644
+--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
+index a3c4423d3..3570174cd 100644
+--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
+@@ -28,7 +28,7 @@ references:
+     nist: CM-6(a),AC-6(1)
+     srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000324-GPOS-00125
+     stigid@ol8: OL08-00-010373
+-    stigid@rhel8: RHEL-08-010373
++    stigid@almalinux8: RHEL-08-010373
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_symlinks", value="1") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
+index 4bf7fd182..d1b0cd08e 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
+@@ -45,7 +45,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-3
+     srg: SRG-OS-000095-GPOS-00049
+     stigid@ol8: OL08-00-040025
+-    stigid@rhel8: RHEL-08-040025
++    stigid@almalinux8: RHEL-08-040025
+ 
+ {{{ complete_ocil_entry_module_disable(module="cramfs") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
+index 8ace97c1f..69653f45f 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
+@@ -44,7 +44,7 @@ references:
+     srg: SRG-OS-000114-GPOS-00059,SRG-OS-000378-GPOS-00163,SRG-OS-000480-GPOS-00227,SRG-APP-000141-CTR-000315
+     stigid@ol7: OL07-00-020100
+     stigid@ol8: OL08-00-040080
+-    stigid@rhel8: RHEL-08-040080
++    stigid@almalinux8: RHEL-08-040080
+     stigid@sle12: SLES-12-010580
+     stigid@sle15: SLES-15-010480
+     stigid@ubuntu2004: UBTU-20-010461
+diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
+index d40d550cb..6864e2970 100644
+--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
+@@ -51,7 +51,7 @@ references:
+     srg: SRG-OS-000114-GPOS-00059,SRG-OS-000378-GPOS-00163,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020110
+     stigid@ol8: OL08-00-040070
+-    stigid@rhel8: RHEL-08-040070
++    stigid@almalinux8: RHEL-08-040070
+     stigid@sle12: SLES-12-010590
+     stigid@sle15: SLES-15-010240
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
+index 87623a39c..1031c261a 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
+@@ -26,7 +26,7 @@ references:
+     nist: CM-6(b),CM-6.1(iv)
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010572
+-    stigid@rhel8: RHEL-08-010572
++    stigid@almalinux8: RHEL-08-010572
+ 
+ platform: uefi
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
+index ab03c0740..0290b265c 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
+@@ -31,7 +31,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010571
+-    stigid@rhel8: RHEL-08-010571
++    stigid@almalinux8: RHEL-08-010571
+ 
+ 
+ template:
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
+index a719912d9..9125c291f 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
+@@ -42,7 +42,7 @@ references:
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol7: OL07-00-021024
+     stigid@ol8: OL08-00-040120
+-    stigid@rhel8: RHEL-08-040120
++    stigid@almalinux8: RHEL-08-040120
+ 
+ 
+ template:
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
+index 7db044066..aaec6d676 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
+@@ -44,7 +44,7 @@ references:
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol7: OL07-00-021024
+     stigid@ol8: OL08-00-040122
+-    stigid@rhel8: RHEL-08-040122
++    stigid@almalinux8: RHEL-08-040122
+ 
+ 
+ fixtext: |-
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
+index 489b8d490..c997e4849 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
+@@ -42,7 +42,7 @@ references:
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol7: OL07-00-021024
+     stigid@ol8: OL08-00-040121
+-    stigid@rhel8: RHEL-08-040121
++    stigid@almalinux8: RHEL-08-040121
+ 
+ 
+ template:
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
+index 6890b0be5..065a41791 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
+@@ -27,7 +27,7 @@ references:
+     nist: CM-6(b)
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010590
+-    stigid@rhel8: RHEL-08-010590
++    stigid@almalinux8: RHEL-08-010590
+ 
+ 
+ {{{ complete_ocil_entry_mount_option("/home", "noexec") }}}
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
+index 3e6f52571..21762a831 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
+@@ -37,7 +37,7 @@ references:
+     srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021000
+     stigid@ol8: OL08-00-010570
+-    stigid@rhel8: RHEL-08-010570
++    stigid@almalinux8: RHEL-08-010570
+     stigid@sle12: SLES-12-010790
+     stigid@sle15: SLES-15-040140
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
+index d40dfb95b..d5a41d09a 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
+@@ -45,7 +45,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010580
+-    stigid@rhel8: RHEL-08-010580
++    stigid@almalinux8: RHEL-08-010580
+ 
+ 
+ fixtext: |-
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
+index 8022a0164..efd33c29f 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
+@@ -42,7 +42,7 @@ references:
+     nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010600
+-    stigid@rhel8: RHEL-08-010600
++    stigid@almalinux8: RHEL-08-010600
+ 
+ 
+ ocil_clause: 'a file system found in "/etc/fstab" refers to removable media and it does not have the "nodev" option set'
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
+index ad9189622..2b91cd1e6 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
+@@ -39,7 +39,7 @@ references:
+     nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010610
+-    stigid@rhel8: RHEL-08-010610
++    stigid@almalinux8: RHEL-08-010610
+ 
+ ocil_clause: 'removable media partitions are present'
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
+index f409eaabe..101c0c011 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021010
+     stigid@ol8: OL08-00-010620
+-    stigid@rhel8: RHEL-08-010620
++    stigid@almalinux8: RHEL-08-010620
+     stigid@sle12: SLES-12-010800
+     stigid@sle15: SLES-15-040150
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
+index dc812a92e..7ed0cedca 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
+@@ -41,7 +41,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol8: OL08-00-040123
+-    stigid@rhel8: RHEL-08-040123
++    stigid@almalinux8: RHEL-08-040123
+ 
+ platform: mount[tmp]
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
+index 46aedbad4..f999bcbe7 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
+@@ -40,7 +40,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol8: OL08-00-040125
+-    stigid@rhel8: RHEL-08-040125
++    stigid@almalinux8: RHEL-08-040125
+ 
+ platform: mount[tmp]
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
+index 3a16538b1..b8f9c393e 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
+@@ -41,7 +41,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol8: OL08-00-040124
+-    stigid@rhel8: RHEL-08-040124
++    stigid@almalinux8: RHEL-08-040124
+ 
+ platform: mount[tmp]
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
+index 1a14ae661..f70441647 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
+@@ -32,7 +32,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol8: OL08-00-040129
+-    stigid@rhel8: RHEL-08-040129
++    stigid@almalinux8: RHEL-08-040129
+ 
+ platform: mount[var-log-audit]
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
+index 12fd9b470..f3241c473 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
+@@ -30,7 +30,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol8: OL08-00-040131
+-    stigid@rhel8: RHEL-08-040131
++    stigid@almalinux8: RHEL-08-040131
+ 
+ platform: mount[var-log-audit]
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
+index 06d864887..99135beec 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
+@@ -31,7 +31,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol8: OL08-00-040130
+-    stigid@rhel8: RHEL-08-040130
++    stigid@almalinux8: RHEL-08-040130
+ 
+ platform: mount[var-log-audit]
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
+index 442b0a1e1..c5315f31d 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
+@@ -32,7 +32,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol8: OL08-00-040126
+-    stigid@rhel8: RHEL-08-040126
++    stigid@almalinux8: RHEL-08-040126
+ 
+ platform: mount[var-log]
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
+index e827606dd..cbc9b46ce 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
+@@ -32,7 +32,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol8: OL08-00-040128
+-    stigid@rhel8: RHEL-08-040128
++    stigid@almalinux8: RHEL-08-040128
+ 
+ platform: mount[var-log]
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
+index c83aad907..461b4b057 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
+@@ -33,7 +33,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol8: OL08-00-040127
+-    stigid@rhel8: RHEL-08-040127
++    stigid@almalinux8: RHEL-08-040127
+ 
+ platform: mount[var-log]
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
+index 59e39270d..5c154d333 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ 
+ # Delete particular /etc/fstab's row if /var/tmp is already configured to
+ # represent a mount point (for some device or filesystem other than /tmp)
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
+index 50d698334..69da8f741 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
+@@ -34,7 +34,7 @@ references:
+     disa: CCI-001764
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol8: OL08-00-040132
+-    stigid@rhel8: RHEL-08-040132
++    stigid@almalinux8: RHEL-08-040132
+ 
+ platform: mount[var-tmp]
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
+index 86ee15056..ba75368df 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
+@@ -34,7 +34,7 @@ references:
+     disa: CCI-001764
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol8: OL08-00-040134
+-    stigid@rhel8: RHEL-08-040134
++    stigid@almalinux8: RHEL-08-040134
+ 
+ platform: mount[var-tmp]
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
+index 100582899..a91f84707 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
+@@ -34,7 +34,7 @@ references:
+     disa: CCI-001764
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol8: OL08-00-040133
+-    stigid@rhel8: RHEL-08-040133
++    stigid@almalinux8: RHEL-08-040133
+ 
+ platform: mount[var-tmp]
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
+index d94802273..554e34e00 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
+index ad9f27dd7..994844035 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
+@@ -38,7 +38,7 @@ references:
+     pcidss: Req-3.2
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010675
+-    stigid@rhel8: RHEL-08-010675
++    stigid@almalinux8: RHEL-08-010675
+ 
+ ocil_clause: 'the "ProcessSizeMax" item is missing, commented out, or the value is anything other than "0" and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core" item assigned'
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
+index d94802273..554e34e00 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
+index e102da2b3..944b71d21 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
+@@ -38,7 +38,7 @@ references:
+     pcidss: Req-3.2
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010674
+-    stigid@rhel8: RHEL-08-010674
++    stigid@almalinux8: RHEL-08-010674
+ 
+ ocil_clause: Storage is not set to none or is commented out and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core" item assigned
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
+index 32651fa92..b68ea1c66 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+ SECURITY_LIMITS_FILE="/etc/security/limits.conf"
+ 
+ if grep -qE '^\s*\*\s+hard\s+core' $SECURITY_LIMITS_FILE; then
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
+index 41cbd1197..481afa583 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
+index f7a5fa08a..9d931fb6e 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
+@@ -38,7 +38,7 @@ references:
+     nist-csf: DE.CM-1,PR.DS-4
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010673
+-    stigid@rhel8: RHEL-08-010673
++    stigid@almalinux8: RHEL-08-010673
+ 
+ ocil_clause: 'the "core" item is missing, commented out, or the value is anything other than "0" and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core"'
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
+index 429f6fe9c..245a55c5a 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
+@@ -29,7 +29,7 @@ references:
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010672
+-    stigid@rhel8: RHEL-08-010672
++    stigid@almalinux8: RHEL-08-010672
+ 
+ ocil_clause: unit systemd-coredump.socket is not masked or running
+ 
+@@ -51,7 +51,7 @@ template:
+     name: socket_disabled
+     vars:
+         socketname: systemd-coredump
+-{{% if product in ["ol8", "rhel8"] %}}
++{{% if product in ["ol8", "rhel8", "almalinux8"] %}}
+         packagename: systemd
+ {{% else %}}
+         packagename: systemd-udev
+diff --git a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
+index c191c94e8..ccbe51679 100644
+--- a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
++++ b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ {{{ bash_instantiate_variables("var_umask_for_daemons") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
+index 415b0486d..02b1e991a 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
+index 772868e53..e9b536129 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
+@@ -28,7 +28,7 @@ references:
+     nist: SC-30,SC-30(2),SC-30(5),CM-6(a)
+     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000433-GPOS-00192,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040283
+-    stigid@rhel8: RHEL-08-040283
++    stigid@almalinux8: RHEL-08-040283
+     stigid@sle12: SLES-12-030320
+     stigid@sle15: SLES-15-010540
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh
+index 70189666c..22f9e966b 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh
++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ # Clean sysctl config directories
+ rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh
+index 209395fa9..23cce30a8 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh
++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ # Clean sysctl config directories
+ rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
+index 7a4c107b2..22e209120 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
+index cf6b71a2f..a1d7a4065 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
+@@ -37,7 +37,7 @@ references:
+     srg: SRG-OS-000433-GPOS-00193,SRG-OS-000480-GPOS-00227,SRG-APP-000450-CTR-001105
+     stigid@ol7: OL07-00-040201
+     stigid@ol8: OL08-00-010430
+-    stigid@rhel8: RHEL-08-010430
++    stigid@almalinux8: RHEL-08-010430
+     stigid@sle12: SLES-12-030330
+     stigid@sle15: SLES-15-010550
+     stigid@ubuntu2004: UBTU-20-010448
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
+index 8d64e30f3..dee3c56d2 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
+@@ -37,7 +37,7 @@ references:
+     nist-csf: PR.IP-1
+     srg: SRG-OS-000433-GPOS-00192,SRG-APP-000450-CTR-001105
+     stigid@ol8: OL08-00-010420
+-    stigid@rhel8: RHEL-08-010420
++    stigid@almalinux8: RHEL-08-010420
+     stigid@ubuntu2004: UBTU-20-010447
+     stigid@ubuntu2204: UBTU-22-213025
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
+index 6d87da5f2..021acd31f 100755
+--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
++++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ cp /proc/cpuinfo /tmp/cpuinfo
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
+index 3260539b3..29d22d491 100755
+--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
++++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ cp /proc/cpuinfo /tmp/cpuinfo
+diff --git a/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml
+index 8507ac283..5bed242df 100644
+--- a/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml
+@@ -20,7 +20,7 @@ references:
+     nist: CM-7 (a),CM-7 (5) (b)
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000370-GPOS-00155
+     stigid@ol8: OL08-00-040020
+-    stigid@rhel8: RHEL-08-040020
++    stigid@almalinux8: RHEL-08-040020
+ 
+ platform: system_with_kernel
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
+index 5140236fd..0ebe35402 100644
+--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
+@@ -28,7 +28,7 @@ references:
+     nist: CM-6(a)
+     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
+     stigid@ol8: OL08-00-010421
+-    stigid@rhel8: RHEL-08-010421
++    stigid@almalinux8: RHEL-08-010421
+ 
+ ocil_clause: 'page allocator poisoning is not enabled'
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
+index c2ea1a898..46a463b73 100644
+--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
+@@ -28,7 +28,7 @@ references:
+     nist: CM-6(a)
+     srg: SRG-OS-000433-GPOS-00192,SRG-OS-000134-GPOS-00068
+     stigid@ol8: OL08-00-010423
+-    stigid@rhel8: RHEL-08-010423
++    stigid@almalinux8: RHEL-08-010423
+ 
+ ocil_clause: 'SLUB/SLAB poisoning is not enabled'
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
+index 88c683445..fa9b2020d 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
+index b555eca8f..3aa33caff 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
+@@ -28,7 +28,7 @@ references:
+     nist: SC-7(10)
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010671
+-    stigid@rhel8: RHEL-08-010671
++    stigid@almalinux8: RHEL-08-010671
+ 
+ ocil_clause:  |-
+     the returned line does not have a value of "|/bin/false", or a line is not
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
+index 36e025cc3..e97acde11 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
+index 7ad7a4b5f..1274520ca 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
+@@ -28,7 +28,7 @@ references:
+     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069,SRG-APP-000243-CTR-000600
+     stigid@ol7: OL07-00-010375
+     stigid@ol8: OL08-00-010375
+-    stigid@rhel8: RHEL-08-010375
++    stigid@almalinux8: RHEL-08-010375
+     stigid@sle12: SLES-12-010375
+     stigid@sle15: SLES-15-010375
+     stigid@ubuntu2004: UBTU-20-010401
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
+index 505b3c12b..cdf18e6dd 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
+index ae651f6df..1cf773e70 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
+@@ -22,7 +22,7 @@ references:
+     nist: CM-6
+     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000366-GPOS-00153
+     stigid@ol8: OL08-00-010372
+-    stigid@rhel8: RHEL-08-010372
++    stigid@almalinux8: RHEL-08-010372
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kexec_load_disabled", value="1") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
+index 0541e59a7..50020c28c 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
+index d4143e029..4b95ee738 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
+@@ -24,7 +24,7 @@ references:
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069,SRG-APP-000243-CTR-000600
+     stigid@ol8: OL08-00-010376
+-    stigid@rhel8: RHEL-08-010376
++    stigid@almalinux8: RHEL-08-010376
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.perf_event_paranoid", value="2") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
+index 2e24d9211..7b706bb32 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
+index 874bc113e..19d513681 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
+@@ -22,7 +22,7 @@ references:
+     nist: AC-6,SC-7(10)
+     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040281
+-    stigid@rhel8: RHEL-08-040281
++    stigid@almalinux8: RHEL-08-040281
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.unprivileged_bpf_disabled", value="1") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
+index ceafd4839..7006e2066 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
+index e6e25147a..e9db03401 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
+@@ -26,7 +26,7 @@ references:
+     nist: SC-7(10)
+     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040282
+-    stigid@rhel8: RHEL-08-040282
++    stigid@almalinux8: RHEL-08-040282
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.yama.ptrace_scope", value="1") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
+index 7519b7740..af6c30abd 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
+index 2b4394608..c94003cf9 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
+@@ -23,7 +23,7 @@ references:
+     nist: CM-6,SC-7(10)
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040286
+-    stigid@rhel8: RHEL-08-040286
++    stigid@almalinux8: RHEL-08-040286
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.core.bpf_jit_harden", value="2") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
+index fdd4fb83e..3274d5b36 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
+index ae6678e66..dd45e6327 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
+@@ -35,7 +35,7 @@ references:
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040284
+-    stigid@rhel8: RHEL-08-040284
++    stigid@almalinux8: RHEL-08-040284
+ 
+ ocil: |
+     Verify that {{{ full_name }}} disables the use of user namespaces with the following commands:
+diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
+index 4be24a89d..76c0cc6df 100644
+--- a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
+index 735354a2d..0c13b196e 100644
+--- a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
+ 
+ sed -i --follow-symlinks "s/selinux=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/*
+ sed -i --follow-symlinks "s/enforcing=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/*
+diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
+index 2520d3dcc..ed0bc9538 100644
+--- a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
++++ b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ 
+ # Package libselinux cannot be uninstalled normally
+ # as it would cause removal of sudo package which is
+diff --git a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
+index 5c6e7417e..93471f2bb 100644
+--- a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
++++ b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
+@@ -32,7 +32,7 @@ references:
+     disa: CCI-000366,CCI-001084
+     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
+     stigid@ol8: OL08-00-010171
+-    stigid@rhel8: RHEL-08-010171
++    stigid@almalinux8: RHEL-08-010171
+ 
+ ocil_clause: 'the policycoreutils package is not installed'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
+index 5b45fae3f..c66669977 100644
+--- a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
++++ b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
+index b0e1de6ba..e08be5aa9 100644
+--- a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
++++ b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
+index 3369554bc..5b17bcd70 100644
+--- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml
++++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
+@@ -50,7 +50,7 @@ references:
+     srg: SRG-OS-000445-GPOS-00199,SRG-APP-000233-CTR-000585
+     stigid@ol7: OL07-00-020220
+     stigid@ol8: OL08-00-010450
+-    stigid@rhel8: RHEL-08-010450
++    stigid@almalinux8: RHEL-08-010450
+ 
+ ocil_clause: 'the loaded policy name is not "{{{ xccdf_value("var_selinux_policy_name") }}}"'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
+index 9db746638..a2e3b6c7b 100644
+--- a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
++++ b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
+index 78c1d4f61..0fc55b9c0 100644
+--- a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
++++ b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/selinux/selinux_state/rule.yml b/linux_os/guide/system/selinux/selinux_state/rule.yml
+index 237064080..bebc238b5 100644
+--- a/linux_os/guide/system/selinux/selinux_state/rule.yml
++++ b/linux_os/guide/system/selinux/selinux_state/rule.yml
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000445-GPOS-00199,SRG-OS-000134-GPOS-00068
+     stigid@ol7: OL07-00-020210
+     stigid@ol8: OL08-00-010170
+-    stigid@rhel8: RHEL-08-010170
++    stigid@almalinux8: RHEL-08-010170
+ 
+ ocil_clause: 'SELINUX is not set to enforcing'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
+index 9d751d635..058fc3bf6 100644
+--- a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
++++ b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
+@@ -40,7 +40,7 @@ references:
+     srg: SRG-OS-000324-GPOS-00125
+     stigid@ol7: OL07-00-020020
+     stigid@ol8: OL08-00-040400
+-    stigid@rhel8: RHEL-08-040400
++    stigid@almalinux8: RHEL-08-040400
+ 
+ ocil_clause: 'non-admin users are not confined correctly'
+ 
+diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
+index dcd2011ed..c75ef3ead 100644
+--- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
+@@ -80,7 +80,7 @@ references:
+     nist@sle15: SC-28,SC-28.1
+     srg: SRG-OS-000405-GPOS-00184,SRG-OS-000185-GPOS-00079,SRG-OS-000404-GPOS-00183
+     stigid@ol8: OL08-00-010030
+-    stigid@rhel8: RHEL-08-010030
++    stigid@almalinux8: RHEL-08-010030
+     stigid@sle12: SLES-12-010450
+     stigid@sle15: SLES-15-010330
+     stigid@ubuntu2004: UBTU-20-010414
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
+index 44f415f05..b181d9e15 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
+@@ -41,7 +41,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021310
+     stigid@ol8: OL08-00-010800
+-    stigid@rhel8: RHEL-08-010800
++    stigid@almalinux8: RHEL-08-010800
+     stigid@sle12: SLES-12-010850
+     stigid@sle15: SLES-15-040200
+ 
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
+index 4ac7375e0..7d8c344ef 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
+@@ -37,7 +37,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021340
+     stigid@ol8: OL08-00-010543
+-    stigid@rhel8: RHEL-08-010543
++    stigid@almalinux8: RHEL-08-010543
+ 
+ {{{ complete_ocil_entry_separate_partition(part="/tmp") }}}
+ 
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
+index 509a3ae7e..0afb7b143 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
+@@ -40,7 +40,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021320
+     stigid@ol8: OL08-00-010540
+-    stigid@rhel8: RHEL-08-010540
++    stigid@almalinux8: RHEL-08-010540
+     stigid@sle12: SLES-12-010860
+     stigid@sle15: SLES-15-040210
+ 
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
+index 2aa64e3b0..838ff5c90 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
+@@ -38,7 +38,7 @@ references:
+     nist-csf: PR.PT-1,PR.PT-4
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010541
+-    stigid@rhel8: RHEL-08-010541
++    stigid@almalinux8: RHEL-08-010541
+ 
+ {{{ complete_ocil_entry_separate_partition(part="/var/log") }}}
+ 
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
+index 1cbfe4024..1f18a3ba2 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
+@@ -46,7 +46,7 @@ references:
+     srg: SRG-OS-000341-GPOS-00132,SRG-OS-000480-GPOS-00227,SRG-APP-000357-CTR-000800
+     stigid@ol7: OL07-00-021330
+     stigid@ol8: OL08-00-010542
+-    stigid@rhel8: RHEL-08-010542
++    stigid@almalinux8: RHEL-08-010542
+     stigid@sle12: SLES-12-010870
+     stigid@sle15: SLES-15-030810
+ 
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
+index 0fe3f728a..b78fd700f 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
+@@ -32,7 +32,7 @@ references:
+     disa: CCI-000366
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010544
+-    stigid@rhel8: RHEL-08-010544
++    stigid@almalinux8: RHEL-08-010544
+ 
+ {{{ complete_ocil_entry_separate_partition(part="/var/tmp") }}}
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
+index c3baa1b80..be83f158f 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
+index 917fc7dc4..bc1d7c63c 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
+index 1f62e436c..10278a708 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-010063
+     stigid@ol8: OL08-00-020032
+-    stigid@rhel8: RHEL-08-020032
++    stigid@almalinux8: RHEL-08-020032
+ 
+ ocil_clause: 'disable-user-list has not been configured or is not disabled'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
+index f5d68f1c3..91f02c0d4 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
+index ea6da5dbd..3d2395dd0 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
+@@ -33,7 +33,7 @@ references:
+     disa: CCI-000057,CCI-000056
+     srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
+     stigid@ol8: OL08-00-020050
+-    stigid@rhel8: RHEL-08-020050
++    stigid@almalinux8: RHEL-08-020050
+ 
+ ocil_clause: 'removal-action has not been configured'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
+index 45e6c24aa..e06d9600f 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
+index 6b19c8138..1f656f5a8 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
+index 163bc2196..255da2cff 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
+@@ -36,7 +36,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00229
+     stigid@ol7: OL07-00-010440
+     stigid@ol8: OL08-00-010820
+-    stigid@rhel8: RHEL-08-010820
++    stigid@almalinux8: RHEL-08-010820
+ 
+ ocil_clause: 'GDM allows users to automatically login'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
+index ef2933c52..0d72f6f65 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
+index 52d6589cb..1ce507299 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
+ 
+ if rpm --quiet -q gdm
+ then
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
+index 0ca67c74a..332a5018a 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
+index 60417ff4e..0af05e798 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
+index ac168ef9f..69ecfa6a7 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
+index 51e4063c3..3591b7266 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
+index 33460b61c..04074e66b 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
+index 4e389aa5c..254db9bfe 100644
+--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
+index c3922e5b0..40515598a 100644
+--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
+index 09eed8367..601191b49 100644
+--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
+index bf1efbe61..efa5b96a6 100644
+--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
+index f7c7b4379..95781d5ab 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
+index d3f144c89..ae170b802 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
+index 5b08acff4..d1af90b16 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
+index 1daf160b9..0373651ce 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
+@@ -46,7 +46,7 @@ references:
+     srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012
+     stigid@ol7: OL07-00-010070
+     stigid@ol8: OL08-00-020060
+-    stigid@rhel8: RHEL-08-020060
++    stigid@almalinux8: RHEL-08-020060
+     stigid@sle12: SLES-12-010080
+     stigid@sle15: SLES-15-010120
+     stigid@ubuntu2204: UBTU-22-271025
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
+index 9d034e519..2c45806b4 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
+index 4341b6a35..88da01dd6 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
+@@ -38,7 +38,7 @@ references:
+     srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012
+     stigid@ol7: OL07-00-010110
+     stigid@ol8: OL08-00-020031
+-    stigid@rhel8: RHEL-08-020031
++    stigid@almalinux8: RHEL-08-020031
+     stigid@ubuntu2204: UBTU-22-271025
+ 
+ ocil_clause: 'the screensaver lock delay is missing, or is set to a value greater than {{{ xccdf_value("var_screensaver_lock_delay") }}}'
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
+index d04e6893f..5b9cba007 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
+index 654825af0..015e80773 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
+@@ -54,7 +54,7 @@ references:
+     srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
+     stigid@ol7: OL07-00-010060
+     stigid@ol8: OL08-00-020030,OL08-00-020082
+-    stigid@rhel8: RHEL-08-020030
++    stigid@almalinux8: RHEL-08-020030
+     stigid@sle12: SLES-12-010060
+     stigid@sle15: SLES-15-010100
+     stigid@ubuntu2004: UBTU-20-010004
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
+index 34ff91ab3..875abf68d 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
+index 2a5e4079a..02c981e1e 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
+@@ -36,7 +36,7 @@ references:
+     pcidss: Req-8.1.8
+     srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
+     stigid@ol7: OL07-00-010062
+-    stigid@rhel8: RHEL-08-020082
++    stigid@almalinux8: RHEL-08-020082
+ 
+ ocil_clause: 'screensaver locking is not locked'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
+index 4dbe2b3c8..7313b6bcd 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
+index 606e00c5f..792db4ca4 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
+index ed7d98843..a41cb7151 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
+index 9cc43aab3..c3b1eef55 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
+@@ -38,7 +38,7 @@ references:
+     srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012
+     stigid@ol7: OL07-00-010081
+     stigid@ol8: OL08-00-020080
+-    stigid@rhel8: RHEL-08-020080
++    stigid@almalinux8: RHEL-08-020080
+ 
+ ocil_clause: 'GNOME3 session settings are not locked or configured properly'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
+index c379700ad..6d91cec21 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
+index d0b55e52f..9a20f4f0c 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
+@@ -41,7 +41,7 @@ references:
+     srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012
+     stigid@ol7: OL07-00-010082
+     stigid@ol8: OL08-00-020081
+-    stigid@rhel8: RHEL-08-020081
++    stigid@almalinux8: RHEL-08-020081
+     stigid@sle12: SLES-12-010080
+     stigid@sle15: SLES-15-010120
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
+index 9830ea565..c0913adb5 100644
+--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
+index 4c84a707c..9c2a07a78 100644
+--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
+@@ -45,7 +45,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020231
+     stigid@ol8: OL08-00-040171
+-    stigid@rhel8: RHEL-08-040171
++    stigid@almalinux8: RHEL-08-040171
+     stigid@ubuntu2004: UBTU-20-010459
+     stigid@ubuntu2204: UBTU-22-271030
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
+index fa4f578ef..f0d0708d1 100644
+--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/group.yml b/linux_os/guide/system/software/gnome/group.yml
+index c7617bc43..7de8de33c 100644
+--- a/linux_os/guide/system/software/gnome/group.yml
++++ b/linux_os/guide/system/software/gnome/group.yml
+@@ -12,7 +12,7 @@ description: |-
+     {{% if 'ol' in product %}}
+     Oracle Linux Graphical environment.
+     {{% else %}}
+-    Red Hat Graphical environment.
++    AlmaLinux Graphical environment.
+     {{% endif %}}
+     


+     For more information on GNOME and the GNOME Project, see {{{ weblink(link="https://www.gnome.org") }}}.
+diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
+index e0b7e6db5..e493211ea 100644
+--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
+@@ -4,6 +4,7 @@
+         The operating system installed on the system is supported by a vendor that provides security patches.
+       ") }}}
+     
++      
+       
+       
+       
+diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
+index 8b47069e6..1c71866b7 100644
+--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
+@@ -11,6 +11,9 @@ description: |-
+ {{% elif product in ["sle12", "sle15", "slmicro5"] %}}
+     SUSE Linux Enterprise is supported by SUSE. As the SUSE Linux Enterprise
+     vendor, SUSE is responsible for providing security patches.
++{{% elif product == "almalinux8" %}}
++    AlmaLinux is supported by AlmaLinux. As the AlmaLinux
++    vendor, AlmaLinux is responsible for providing security patches.
+ {{% else %}}
+     Red Hat Enterprise Linux is supported by Red Hat, Inc. As the Red Hat Enterprise
+     Linux vendor, Red Hat, Inc. is responsible for providing security patches.
+@@ -48,7 +51,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020250
+     stigid@ol8: OL08-00-010000
+-    stigid@rhel8: RHEL-08-010000
++    stigid@almalinux8: RHEL-08-010000
+     stigid@sle12: SLES-12-010000
+     stigid@sle15: SLES-15-010000
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
+index da8686d40..78ac0f50b 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
+@@ -32,7 +32,7 @@ references:
+     nist: SC-13,SC-12(2),SC-12(3)
+     srg: SRG-OS-000423-GPOS-00187,SRG-OS-000426-GPOS-00190
+     stigid@ol8: OL08-00-010020
+-    stigid@rhel8: RHEL-08-010020
++    stigid@almalinux8: RHEL-08-010020
+ 
+ ocil_clause: |-
+     BIND is installed and the BIND config file doesn't contain the
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh
+index c7385d2c3..637496acd 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = bind
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ 
+ BIND_CONF='/etc/named.conf'
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
+index b00bbfe21..39dbf3036 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ {{{ bash_package_remove("bind") }}}
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
+index 4f9c749eb..46fcc4703 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
+@@ -1,7 +1,7 @@
+ #!/bin/bash
+ # packages = bind
+ # 
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # We don't remediate anything if the config file is missing completely.
+ # remediation = none
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh
+index 34a32a73b..d8e25d681 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = bind
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ BIND_CONF='/etc/named.conf'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh
+index 290e5fb07..e32e0a312 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = bind
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ 
+ BIND_CONF='/etc/named.conf'
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml
+index dd096ab41..b180ed3b3 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
+index e5b8bd84f..443aae23e 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
+@@ -68,7 +68,7 @@ references:
+     ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1
+     srg: SRG-OS-000396-GPOS-00176,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
+     stigid@ol8: OL08-00-010020
+-    stigid@rhel8: RHEL-08-010020
++    stigid@almalinux8: RHEL-08-010020
+ 
+ ocil_clause: 'cryptographic policy is not configured or is configured incorrectly'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/cis_l2.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/cis_l2.pass.sh
+index 7fca85ed5..53274ec25 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/cis_l2.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/cis_l2.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_cis,xccdf_org.ssgproject.content_profile_cis_workstation_l2
+ # packages = crypto-policies-scripts
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
+index b607202c5..621420882 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # packages = crypto-policies-scripts
+ 
+ # IMPORTANT: This is a false negative scenario.
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh
+index e5b598342..539ea8f3c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # packages = crypto-policies-scripts
+ 
+ update-crypto-policies --set "DEFAULT"
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
+index 7be3c82f3..776f79f4c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # packages = crypto-policies-scripts
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh
+index 261dc3f96..e6a2f5d0e 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
+ # packages = crypto-policies-scripts
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh
+index 356aa3ffe..05dd9be57 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
+ # packages = crypto-policies-scripts
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh
+index 06bd713dd..8de885e50 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # packages = crypto-policies-scripts
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
+index 56a081eca..a5383733b 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # packages = crypto-policies-scripts
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
+index a2107d146..b6d9804d2 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_e8
+ # packages = crypto-policies-scripts
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh
+index b06e035fa..679e23ee7 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_standard
+ # packages = crypto-policies-scripts
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
+index 6679f94bd..f2246ba0c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # packages = crypto-policies-scripts
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh
+index 9461c3ddd..5b5b06ac9 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
+ # packages = crypto-policies-scripts
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
+index 55b77f667..19f3893df 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
+@@ -29,7 +29,7 @@ references:
+     nist: AC-17(2)
+     srg: SRG-OS-000250-GPOS-00093,SRG-OS-000423-GPOS-00187
+     stigid@ol8: OL08-00-010295
+-    stigid@rhel8: RHEL-08-010295
++    stigid@almalinux8: RHEL-08-010295
+ 
+ ocil_clause: 'cryptographic policy for gnutls is not configured or is configured incorrectly'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh
+index 79d8682d3..5b928e18e 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ configfile=/etc/crypto-policies/back-ends/gnutls.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh
+index 3084ec761..a783dddd5 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ configfile=/etc/crypto-policies/back-ends/gnutls.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh
+index bfaadc713..0ec5bad41 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ configfile=/etc/crypto-policies/back-ends/gnutls.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh
+index 3776d35aa..8710aef51 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ configfile=/etc/crypto-policies/back-ends/gnutls.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
+index f7785a436..dce2f358a 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
+@@ -30,7 +30,7 @@ references:
+     nist: SC-13,SC-12(2),SC-12(3)
+     srg: SRG-OS-000120-GPOS-00061
+     stigid@ol8: OL08-00-010020
+-    stigid@rhel8: RHEL-08-010020
++    stigid@almalinux8: RHEL-08-010020
+ 
+ ocil_clause: 'the symlink does not exist or points to a different target'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh
+index 4834387dc..1d404fe6e 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ rm -f /etc/krb5.conf.d/crypto-policies
+ ln -s /etc/crypto-policies/back-ends/krb5.config /etc/krb5.conf.d/crypto-policies
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh
+index 97ccc0590..e3fdc77d5 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ rm -f /etc/krb5.conf.d/crypto-policies
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh
+index 4eb5348f2..9047445c5 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ rm -f /etc/krb5.conf.d/crypto-policies
+ ln -s /etc/crypto-policies/back-ends/openssh.config /etc/krb5.conf.d/crypto-policies
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
+index eebc3f626..40cc3e8fb 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
+@@ -36,7 +36,7 @@ references:
+     pcidss: Req-2.2
+     srg: SRG-OS-000033-GPOS-00014
+     stigid@ol8: OL08-00-010020
+-    stigid@rhel8: RHEL-08-010020
++    stigid@almalinux8: RHEL-08-010020
+ 
+ ocil_clause: |-
+     the "IPsec" service is active and the ipsec configuration file does not contain does not contain include /etc/crypto-policies/back-ends/libreswan.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
+index 9379b5ff3..c8fdbd4f5 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ {{{ bash_package_remove("libreswan") }}}
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
+index 439da4978..8dee7191b 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = libreswan
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ 
+ cp ipsec.conf /etc
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh
+index fbc8f1001..722f09cd0 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = libreswan
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ 
+ cp ipsec.conf /etc
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh
+index 70f822342..98e1d34eb 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = libreswan
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ 
+ cp ipsec.conf /etc
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh
+index 2863c6102..aeeddb9a1 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = libreswan
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ 
+ cp ipsec.conf /etc
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
+index de245380f..e49c24947 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
+@@ -45,7 +45,7 @@ references:
+     pcidss: Req-2.2
+     srg: SRG-OS-000250-GPOS-00093
+     stigid@ol8: OL08-00-010293
+-    stigid@rhel8: RHEL-08-010293
++    stigid@almalinux8: RHEL-08-010293
+ 
+ ocil_clause: |-
+     the OpenSSL config file doesn't contain the whole section,
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/include_with_equal_sign.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/include_with_equal_sign.pass.sh
+index 8ccb6cef9..306b29698 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/include_with_equal_sign.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/include_with_equal_sign.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ . common.sh
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh
+index edeca90f0..1d8175d82 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_sle
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_sle
+ 
+ . common.sh
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
+index 8c509ef32..6cd8e06da 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_sle
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_sle
+ 
+ . common.sh
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh
+index 1c9342e23..00fb77fb1 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_sle
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_sle
+ 
+ . common.sh
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
+index 1b2ea8d80..7795d5a96 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_sle
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_sle
+ 
+ . common.sh
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
+index 189529be0..770a9a9fa 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
+@@ -45,7 +45,7 @@ references:
+     nist: AC-17(2)
+     srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
+     stigid@ol8: OL08-00-010294
+-    stigid@rhel8: RHEL-08-010294
++    stigid@almalinux8: RHEL-08-010294
+ 
+ ocil_clause: 'cryptographic policy for openssl is not configured or is configured incorrectly'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh
+index 48ccb9b98..80b0cdbbc 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh
+index 8d84292b3..05fcc9167 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+index 3a17e7865..cff7622e9 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh
+index 209a6bd40..2330ede55 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+index 26d67f1e9..bda103475 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh
+index a8fb8a6b8..34b4b351d 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh
+index 1593ce8ae..e42f42388 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
+index d16504f26..e843d36e2 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
+@@ -33,7 +33,7 @@ references:
+     pcidss: Req-2.2
+     srg: SRG-OS-000250-GPOS-00093
+     stigid@ol8: OL08-00-010287
+-    stigid@rhel8: RHEL-08-010287
++    stigid@almalinux8: RHEL-08-010287
+ 
+ ocil_clause: 'the CRYPTO_POLICY variable is set or is not commented out in the /etc/sysconfig/sshd'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh
+index 96ae6a064..399d9d334 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ #
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSH_CONF="/etc/sysconfig/sshd"
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/case_insensitive_present.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/case_insensitive_present.fail.sh
+index 6ab33f749..b0c449c19 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/case_insensitive_present.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/case_insensitive_present.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ #
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSH_CONF="/etc/sysconfig/sshd"
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh
+index bcea9badc..bc91e59e7 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ #
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSH_CONF="/etc/sysconfig/sshd"
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh
+index ea6d23ee1..f4a5a4954 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ #
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSH_CONF="/etc/sysconfig/sshd"
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh
+index a6e7c89da..56fa0013a 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ #
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSH_CONF="/etc/sysconfig/sshd"
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml
+index d530f4b76..b5fdd0b2b 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh
+index cd7c4fb6c..1deb135a3 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora
+ 
+ cp="Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
+ file="/etc/crypto-policies/local.d/opensslcnf-ospp.config"
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh
+index 0debb6c70..f7e5d9219 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh
+index b1f745b69..2925fc550 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+index a01e5d137..ecd34e6ff 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh
+index d6fa6598a..f33cb3177 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+index 573375dce..52fe85013 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh
+index eecad423a..cd8e604cd 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh
+index 7a3b7c32e..0eddf01d5 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh
+index 17bf0e679..c633df0b2 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh
+index 9b8e954f2..8edf32e22 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh
+index 63538daac..3e042aa8c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh
+index 4460f1910..bcab9c7fc 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh
+index 7c54b4244..9e4901824 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "#Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh
+index 9da3614e8..3f045e64a 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh
+index 3c198dd33..d264cb914 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh
+index 05bccf0f0..2913e604e 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Ciphers aes256-ctr,aes256-cbc,aes128-ctr,aes128-cbc\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh
+index 7a7b44aa6..6c8973d32 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh
+index 352c09202..fe1391030 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ rm -f "$file"
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh
+index 7e433ef02..bc80daa1e 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh
+index 5b9c44d10..e8e69c071 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh
+index 40957c0fc..5127c2810 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh
+index ec44ce925..0975f5fea 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh
+index 1310f724a..151331971 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "RekeyLimit 512M 1h\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh
+index d4ec1fe7a..92a5a4592 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh
+index 91976a672..ca683377e 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh
+index 259cf23a8..a20d92846 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh
+index c933ac991..c54c8242c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh
+index 7ff44b61f..156ce61c7 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh
+index 24e709eae..9689bc392 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh
+index a25f9a304..ce8219f3f 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh
+index 269d73db7..c1c74c14e 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh
+index 2f7ca2692..2710f6ec6 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh
+index 77ea3eaa6..c0c59c20e 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh
+index 3e1a9f78d..e9a3d3806 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh
+index b6ff5881d..5198a6486 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
+index 3234911f5..7ed556afc 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
+index 6db8f9654..2f0172991 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ {{{ bash_instantiate_variables("sshd_approved_ciphers") }}}
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
+index 5ddb29f3e..4674919b5 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
+@@ -31,7 +31,7 @@ references:
+     nist: AC-17(2)
+     srg: SRG-OS-000033-GPOS-00014,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174,SRG-OS-000423-GPOS-00187
+     stigid@ol8: OL08-00-010020
+-    stigid@rhel8: RHEL-08-010020
++    stigid@almalinux8: RHEL-08-010020
+ 
+ ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
+index c657d38e4..6a12ab44f 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+ 
+ sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
+index 47db65982..b826d6fe5 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+ 
+ sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
+index 48df6a59e..ca967abaf 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+ 
+ sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
+index 5d8ccfabc..ed3e31268 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
+index 3ed3703ad..5b4b186c4 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
+index 8581790de..89e68984c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+ 
+ sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
+index ccc41132d..39381d3b6 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+ 
+ incorrect_sshd_approved_ciphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
+index 1a198d67d..7efa3afeb 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
+index e83aeb894..f64e72e60 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
+index 365136d0c..e7f764dda 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ {{{ bash_instantiate_variables("sshd_approved_ciphers") }}}
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
+index 5d5b47d86..e45953b86 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
+@@ -31,7 +31,7 @@ references:
+     nist: AC-17(2)
+     srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093
+     stigid@ol8: OL08-00-010291
+-    stigid@rhel8: RHEL-08-010291
++    stigid@almalinux8: RHEL-08-010291
+ 
+ ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
+index 34b69406a..7156acfe3 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com
+ 
+ sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
+index 60b4616ce..66961be70 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
+index 3eca150b3..499776123 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
+index f8659efcf..0e0b65548 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # variables = sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh
+index 7a9a2a5e9..25cf3fd35 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora
+ 
+ cp="CRYPTO_POLICY='-oCiphers=aes256-ctr,aes128-ctr,aes256-cbc,aes128-cbc -oMACs=hmac-sha2-512,hmac-sha2-256 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 -oPubkeyAcceptedKeyTypes=rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256'"
+ file=/etc/crypto-policies/local.d/opensshserver-ospp.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
+index d0541b7ab..e3f476840 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
+index 44434606d..503b9d3c8 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+index a92227669..60b7a02f9 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
+index b1e285f9b..c2bd5f7bc 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
+index 754195e43..371659769 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+index 8bf264dcd..4a1bb0cec 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
+index a76346699..a3d5a1af0 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
+index 1928d2cfe..6914ed91d 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
+index c1ea94ce0..39eadbefe 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
+index 451da4db3..5d373e6b9 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ {{{ bash_instantiate_variables("sshd_approved_macs") }}}
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
+index 902ef3559..d25a25aca 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
+@@ -29,7 +29,7 @@ references:
+     nist: AC-17(2)
+     srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093
+     stigid@ol8: OL08-00-010290
+-    stigid@rhel8: RHEL-08-010020
++    stigid@almalinux8: RHEL-08-010020
+ 
+ ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
+index 49d18486f..68d29d5b9 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+ 
+ sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
+index b068e2ea4..8ed8a05b8 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+ 
+ sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
+index f57f42270..f91ed8976 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+ 
+ sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
+index 32d81d353..f2a71b8a4 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
+index be78ed116..7fd821a4d 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
+index 999463e1c..a9fb3f572 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+ 
+ sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
+index 0114a63ab..0666082d0 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
+index 4f335aebc..73c481b02 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
+index 6a0e45947..3ce060968 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
+index 18388a11a..cb12e1345 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ {{{ bash_instantiate_variables("sshd_approved_macs") }}}
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
+index d7c054c99..d2b719876 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
+@@ -29,7 +29,7 @@ references:
+     nist: AC-17(2)
+     srg: SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093
+     stigid@ol8: OL08-00-010290
+-    stigid@rhel8: RHEL-08-010290
++    stigid@almalinux8: RHEL-08-010290
+ 
+ ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
+index df9a2844e..922af22a9 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+ 
+ sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
+index eef727791..d61b46cde 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
+index ec6f07dbc..9b8681014 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
+index ee314357d..080606320 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh
+index beec02c93..878ed4ced 100644
+--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
+ 
+ cat > /etc/profile.d/openssl-rand.sh <<- 'EOM'
+ {{{ openssl_strong_entropy_config_file() }}}
+diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh
+index e7902ee46..a8026607d 100644
+--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ cat > /etc/profile.d/openssl-rand.sh <<- 'EOM'
+ # provide a default -rand /dev/random option to openssl commands that
+diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh
+index cddf984f1..b89f77662 100644
+--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ rm -f /etc/profile.d/openssl-rand.sh
+diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh
+index 298c79dc0..b84d9c805 100644
+--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ echo "wrong data" > /etc/profile.d/openssl-rand.sh
+diff --git a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
+index 0447bf2c4..43627ebd3 100644
+--- a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
+index 88d8a4312..dde17fabc 100644
+--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
+@@ -33,7 +33,7 @@ references:
+     disa: CCI-001263,CCI-000366
+     nist: SI-2(2)
+     srg: SRG-OS-000191-GPOS-00080
+-    stigid@rhel8: RHEL-08-010001
++    stigid@almalinux8: RHEL-08-010001
+     stigid@ubuntu2004: UBTU-20-010415
+ 
+ ocil_clause: 'the package is not installed'
+diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml
+index 9647791ef..9f70b30d4 100644
+--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = true
+ # strategy = restrict
+ # complexity = medium
+diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh
+index 5da0c99e6..57ac7592b 100644
+--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,Red Hat Virtualization 4
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,Red Hat Virtualization 4
+ 
+ fips-mode-setup --enable
+ FIPS_CONF="/etc/dracut.conf.d/40-fips.conf"
+diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
+index ea4eb058f..aa7ea64f6 100644
+--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
+@@ -31,7 +31,7 @@ references:
+     ospp: FCS_RBG_EXT.1
+     srg: SRG-OS-000478-GPOS-00223
+     stigid@ol8: OL08-00-010020
+-    stigid@rhel8: RHEL-08-010020
++    stigid@almalinux8: RHEL-08-010020
+ 
+ ocil_clause: 'the Dracut FIPS module is not enabled'
+ 
+diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh
+index 9c232fc94..f3d71ee21 100644
+--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh
++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = crypto-policies-scripts
+-# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_ol
+ 
+ fips-mode-setup --enable
+ FIPS_CONF="/etc/dracut.conf.d/40-fips.conf"
+diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh
+index b92e82236..138d2c997 100644
+--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh
++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = crypto-policies-scripts
+-# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_ol
+ 
+ fips-mode-setup --enable
+ FIPS_CONF="/etc/dracut.conf.d/40-fips.conf"
+diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
+index 267fc6b0d..19f208051 100644
+--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
++++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
+@@ -27,7 +27,7 @@
+             
+           
+-          {{% if product in ["ol8", "rhel8"] %}}
++          {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
+           
+           {{% else %}}
+@@ -79,7 +79,7 @@ to a crypto policy module that further restricts the modified crypto policy.">
+   {{%- endif %}}
+   
+ 
+-  {{% if product in ["ol8","rhel8"] %}}
++  {{% if product in ["ol8","rhel8", "almalinux8"] %}}
+   
+diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
+index 29cafb8cc..da1feb8e1 100644
+--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
++++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
+@@ -46,7 +46,7 @@ references:
+     ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1,FCS_RBG_EXT.1
+     srg: SRG-OS-000478-GPOS-00223,SRG-OS-000396-GPOS-00176
+     stigid@ol8: OL08-00-010020
+-    stigid@rhel8: RHEL-08-010020
++    stigid@almalinux8: RHEL-08-010020
+ 
+ ocil_clause: 'FIPS mode is not enabled'
+ 
+diff --git a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
+index b99066920..8bbeff033 100644
+--- a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
++++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
+@@ -32,7 +32,7 @@ references:
+     nist: SC-12(2),SC-12(3),IA-7,SC-13,CM-6(a),SC-12
+     srg: SRG-OS-000033-GPOS-00014,SRG-OS-000125-GPOS-00065,SRG-OS-000250-GPOS-00093,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174,SRG-OS-000396-GPOS-00176,SRG-OS-000423-GPOS-00187,SRG-OS-000478-GPOS-00223
+     stigid@ol8: OL08-00-010020
+-    stigid@rhel8: RHEL-08-010020
++    stigid@almalinux8: RHEL-08-010020
+ 
+ ocil_clause: 'crypto.fips_enabled is not 1'
+ 
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
+index b320fccb5..5e1c5b637 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
+ 
+ {{% if 'sle' in product or 'slmicro' in produc %}}
+ zypper -q --no-remote ref
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
+index 8b0fc6c63..4be148425 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
+@@ -61,7 +61,7 @@ references:
+     srg: SRG-OS-000445-GPOS-00199
+     stigid@ol7: OL07-00-020029
+     stigid@ol8: OL08-00-010359
+-    stigid@rhel8: RHEL-08-010359
++    stigid@almalinux8: RHEL-08-010359
+     stigid@sle12: SLES-12-010499
+     stigid@sle15: SLES-15-010419
+     stigid@ubuntu2004: UBTU-20-010450
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
+index c78b92690..39bab2902 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
+index eb25eaa3a..1c4e85445 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
+index 054ccc597..bb33da7f5 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
+@@ -43,7 +43,7 @@ references:
+     nist: AU-9(3),AU-9(3).1
+     srg: SRG-OS-000278-GPOS-00108
+     stigid@ol8: OL08-00-030650
+-    stigid@rhel8: RHEL-08-030650
++    stigid@almalinux8: RHEL-08-030650
+     stigid@sle12: SLES-12-010540
+     stigid@sle15: SLES-15-030630
+     stigid@ubuntu2004: UBTU-20-010205
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
+index 1b0c304be..fe181733a 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # packages = aide
+ 
+ aide --init
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
+index 236c0cebf..f91dce305 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # packages = aide
+ 
+ declare -a bins
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh
+index 7f422b6b2..efdd460cc 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # packages = aide
+ 
+ declare -a bins
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
+index d76b93657..35c7a2400 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # packages = aide
+ 
+ aide --init
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
+index dfa5c1b6c..60ac94141 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ 
+ {{{ bash_package_install("aide") }}}
+ 
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
+index 457b1c08a..c31223f2d 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
+@@ -47,7 +47,7 @@ references:
+     srg: SRG-OS-000363-GPOS-00150,SRG-OS-000446-GPOS-00200,SRG-OS-000447-GPOS-00201
+     stigid@ol7: OL07-00-020040
+     stigid@ol8: OL08-00-010360
+-    stigid@rhel8: RHEL-08-010360
++    stigid@almalinux8: RHEL-08-010360
+     stigid@sle12: SLES-12-010510
+     stigid@sle15: SLES-15-010570
+ 
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
+index 34a114520..b22a658da 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ 
+ {{{ bash_package_install("aide") }}}
+ 
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
+index 62dd8a51e..3b4c8a8dd 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = aide
+-# platform = Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol
+ 
+ 
+ cat >/etc/aide.conf </etc/aide.conf </etc/aide.conf </etc/aide.conf </etc/aide.conf </etc/aide.conf <> /etc/sudoers
+diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
+index 39ec72b52..a2849d3b4 100644
+--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # variables = var_sudo_umask=0027
+ 
+ echo "Defaults use_pty,umask=0027,noexec" >> /etc/sudoers
+diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh
+index 0e5aed5d0..c75edccd5 100644
+--- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ # Make sure sudo is owned by root group
+diff --git a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
+index c72f29c20..0a8a82e1a 100644
+--- a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
+@@ -38,7 +38,7 @@ references:
+     srg: SRG-OS-000373-GPOS-00156,SRG-OS-000373-GPOS-00157,SRG-OS-000373-GPOS-00158
+     stigid@ol7: OL07-00-010350
+     stigid@ol8: OL08-00-010381
+-    stigid@rhel8: RHEL-08-010381
++    stigid@almalinux8: RHEL-08-010381
+     stigid@sle12: SLES-12-010110
+     stigid@sle15: SLES-15-010450
+ 
+diff --git a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
+index 1a68d6454..8d702f3b7 100644
+--- a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
+@@ -38,7 +38,7 @@ references:
+     srg: SRG-OS-000373-GPOS-00156,SRG-OS-000373-GPOS-00157,SRG-OS-000373-GPOS-00158
+     stigid@ol7: OL07-00-010340
+     stigid@ol8: OL08-00-010380
+-    stigid@rhel8: RHEL-08-010380
++    stigid@almalinux8: RHEL-08-010380
+     stigid@sle12: SLES-12-010110
+     stigid@sle15: SLES-15-010450
+ 
+diff --git a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
+index 04d3ad280..38dd80953 100644
+--- a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
+@@ -37,7 +37,7 @@ references:
+     srg: SRG-OS-000373-GPOS-00156,SRG-OS-000373-GPOS-00157,SRG-OS-000373-GPOS-00158
+     stigid@ol7: OL07-00-010343
+     stigid@ol8: OL08-00-010384
+-    stigid@rhel8: RHEL-08-010384
++    stigid@almalinux8: RHEL-08-010384
+     stigid@sle12: SLES-12-010113
+     stigid@sle15: SLES-15-020102
+ 
+diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
+index 6dc971d80..ea823aeed 100644
+--- a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
+@@ -32,7 +32,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-010341
+     stigid@ol8: OL08-00-010382
+-    stigid@rhel8: RHEL-08-010382
++    stigid@almalinux8: RHEL-08-010382
+     stigid@sle12: SLES-12-010111
+     stigid@sle15: SLES-15-020101
+ 
+diff --git a/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml b/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml
+index 00f7c6b01..3fcee6354 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml
+@@ -34,7 +34,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-010339
+     stigid@ol8: OL08-00-010379
+-    stigid@rhel8: RHEL-08-010379
++    stigid@almalinux8: RHEL-08-010379
+     stigid@sle12: SLES-12-010109
+     stigid@sle15: SLES-15-020099
+ 
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
+index 4500f23e9..7174bbdd3 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
+@@ -37,7 +37,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-010342
+     stigid@ol8: OL08-00-010383
+-    stigid@rhel8: RHEL-08-010383
++    stigid@almalinux8: RHEL-08-010383
+     stigid@sle12: SLES-12-010112
+     stigid@sle15: SLES-15-020103
+ 
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh
+index 4cf3ce661..296d0b930 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
+ # packages = sudo
+ 
+ echo 'Defaults !targetpw' >> /etc/sudoers
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
+index ee448e531..13b381ede 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
+ # packages = sudo
+ 
+ touch /etc/sudoers.d/empty
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
+index ef3750b2f..ccef4017d 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
+ # packages = sudo
+ 
+ echo 'Defaults !targetpw' >> /etc/sudoers
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh
+index ebbcef34d..0e3a3d43a 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
+ # packages = sudo
+ 
+ echo 'Defaults !targetpw' >> /etc/sudoers
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
+index 3794bb647..e8d9bbaa6 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_slmicro
++# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_slmicro
+ # packages = sudo
+ 
+ echo 'Defaults !targetpw' >> /etc/sudoers
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh
+index 81b218e1a..b8114e674 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
+ # packages = sudo
+ 
+ echo 'Defaults !targetpw' >> /etc/sudoers
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh
+index 60354bba5..aebe5505f 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
+ # packages = sudo
+ 
+ echo 'Defaults !targetpw' >> /etc/sudoers
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
+index c8e38ccd0..7955c2d54 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
+ # packages = sudo
+ 
+ touch /etc/sudoers.d/empty
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
+index 4454ed38e..97a9346e2 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
+ # packages = sudo
+ 
+ touch /etc/sudoers.d/empty
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
+index 1de6b3bbb..06eadc9e9 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
+ # packages = sudo
+ 
+ touch /etc/sudoers.d/empty
+diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml
+index 0c9ac75e3..d54c3bf0c 100644
+--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml
+@@ -19,7 +19,7 @@ identifiers:
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="abrt-addon-ccpp") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml
+index 2dc267c10..201fae6fc 100644
+--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml
+@@ -19,7 +19,7 @@ identifiers:
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="abrt-addon-kerneloops") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml
+index d801538ef..67e739ddc 100644
+--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml
+@@ -15,7 +15,7 @@ severity: low
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="abrt-addon-python") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml
+index ba990a148..0be012ec8 100644
+--- a/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml
+@@ -19,7 +19,7 @@ identifiers:
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="abrt-cli") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml
+index 67e715345..e3e9ad0a5 100644
+--- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml
+@@ -18,7 +18,7 @@ identifiers:
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="abrt-plugin-sosreport") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
+index 5f33752d3..155ef0f5c 100644
+--- a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
+@@ -20,7 +20,7 @@ references:
+     disa: CCI-000366,CCI-000381
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040370
+-    stigid@rhel8: RHEL-08-040370
++    stigid@almalinux8: RHEL-08-040370
+ 
+ {{{ complete_ocil_entry_package(package="gssproxy") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
+index 152061a7d..91eb3575f 100644
+--- a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
+@@ -21,7 +21,7 @@ references:
+     disa: CCI-000366,CCI-000381
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040380
+-    stigid@rhel8: RHEL-08-040380
++    stigid@almalinux8: RHEL-08-040380
+ 
+ {{{ complete_ocil_entry_package(package="iprutils") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml
+index 41d6e72da..7714313fe 100644
+--- a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml
+@@ -22,7 +22,7 @@ references:
+     disa: CCI-000803
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000120-GPOS-00061
+     stigid@ol8: OL08-00-010162
+-    stigid@rhel8: RHEL-08-010162
++    stigid@almalinux8: RHEL-08-010162
+ 
+ platforms:
+ {{%- if "rhel" in product %}}
+diff --git a/linux_os/guide/system/software/system-tools/package_libreport-plugin-logger_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_libreport-plugin-logger_removed/rule.yml
+index f368ebbbe..dda7480b6 100644
+--- a/linux_os/guide/system/software/system-tools/package_libreport-plugin-logger_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_libreport-plugin-logger_removed/rule.yml
+@@ -19,7 +19,7 @@ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+     stigid@ol8: OL08-00-040001
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="libreport-plugin-logger") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_libreport-plugin-rhtsupport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_libreport-plugin-rhtsupport_removed/rule.yml
+index 55e11e45e..d940adb5e 100644
+--- a/linux_os/guide/system/software/system-tools/package_libreport-plugin-rhtsupport_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_libreport-plugin-rhtsupport_removed/rule.yml
+@@ -18,7 +18,7 @@ identifiers:
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="libreport-plugin-rhtsupport") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_python3-abrt-addon_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_python3-abrt-addon_removed/rule.yml
+index 5a020f452..a3769b969 100644
+--- a/linux_os/guide/system/software/system-tools/package_python3-abrt-addon_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_python3-abrt-addon_removed/rule.yml
+@@ -18,7 +18,7 @@ identifiers:
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="python3-abrt-addon") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
+index 400e92922..b3eb3baa9 100644
+--- a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
+@@ -21,7 +21,7 @@ references:
+     disa: CCI-000366
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-010472
+-    stigid@rhel8: RHEL-08-010472
++    stigid@almalinux8: RHEL-08-010472
+ 
+ ocil_clause: 'the package is not installed'
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
+index 0e6096fd0..155f7e727 100644
+--- a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
+@@ -23,7 +23,7 @@ references:
+     disa: CCI-000366,CCI-000381
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
+     stigid@ol8: OL08-00-040390
+-    stigid@rhel8: RHEL-08-040390
++    stigid@almalinux8: RHEL-08-040390
+ 
+ {{{ complete_ocil_entry_package(package="tuned") }}}
+ 
+diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
+index e25b2e615..5ef42594e 100644
+--- a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
+index 742c2e452..c7fdd0009 100644
+--- a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
+ 
+ {{% if 'sle' in product or 'slmicro' in product %}}
+ {{{ bash_replace_or_append('/etc/zypp/zypp.conf', '^solver.upgradeRemoveDroppedPackages', 'true', '%s=%s') }}}
+diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
+index e247a6762..f0838be22 100644
+--- a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
+@@ -46,7 +46,7 @@ references:
+     srg: SRG-OS-000437-GPOS-00194
+     stigid@ol7: OL07-00-020200
+     stigid@ol8: OL08-00-010440
+-    stigid@rhel8: RHEL-08-010440
++    stigid@almalinux8: RHEL-08-010440
+     stigid@sle12: SLES-12-010570
+     stigid@sle15: SLES-15-010560
+     stigid@ubuntu2004: UBTU-20-010449
+diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh
+index 4cba82b3c..1d8495018 100644
+--- a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh
++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ file={{{ pkg_manager_config_file }}}
+ 
+diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh
+index 3b3bd71f7..d54501d5c 100644
+--- a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh
++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ file={{{ pkg_manager_config_file }}}
+ 
+diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh
+index 8f2e4fac8..20d00061a 100644
+--- a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh
++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_wrong_value.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ file={{{ pkg_manager_config_file }}}
+ 
+diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
+index d74db7b2b..b44ee67b3 100644
+--- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
++++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,Oracle Linux 8
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
+index ba0c54f3f..1890b7708 100644
+--- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
++++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,Oracle Linux 8
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
+new file mode 100644
+index 000000000..7912da04b
+--- /dev/null
++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
+@@ -0,0 +1,39 @@
++# platform=multi_platform_almalinux
++# reboot = false
++# strategy = restrict
++# complexity = medium
++# disruption = medium
++- name: "Read permission of GPG key directory"
++  stat:
++    path: /etc/pki/rpm-gpg/
++  register: gpg_key_directory_permission
++  check_mode: no
++
++# It should fail if it doesn't find any fingerprints in file - maybe file was not parsed well.
++
++- name: Read signatures in GPG key
++  # According to /usr/share/doc/gnupg2/DETAILS fingerprints are in "fpr" record in field 10
++  command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux"
++  args:
++    warn: False
++  changed_when: False
++  register: gpg_fingerprints
++  check_mode: no
++
++- name: Set Fact - Installed GPG Fingerprints
++  set_fact:
++    gpg_installed_fingerprints: "{{ gpg_fingerprints.stdout | regex_findall('^pub.*\n(?:^fpr[:]*)([0-9A-Fa-f]*)', '\\1') | list }}"
++
++- name: Set Fact - Valid fingerprints
++  set_fact:
++    gpg_valid_fingerprints: ("{{{ release_key_fingerprint }}}" "{{{ auxiliary_key_fingerprint }}}")
++
++- name: Import AlmaLinux GPG key
++  rpm_key:
++    state: present
++    key: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
++  when:
++   - gpg_key_directory_permission.stat.mode <= '0755'
++   - (gpg_installed_fingerprints | difference(gpg_valid_fingerprints)) | length == 0
++   - gpg_installed_fingerprints | length > 0
++   - ansible_distribution == "AlmaLinux"
+diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
+new file mode 100644
+index 000000000..817ee6141
+--- /dev/null
++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
+@@ -0,0 +1,27 @@
++# platform = multi_platform_almalinux
++readonly ALMALINUX_FINGERPRINT="{{{ release_key_fingerprint }}}"
++readonly ALMALINUX_AUXILIARY_FINGERPRINT="{{{ auxiliary_key_fingerprint }}}"
++
++# Location of the key we would like to import (once it's integrity verified)
++readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux"
++
++RPM_GPG_DIR_PERMS=$(stat -c %a "$(dirname "$ALMALINUX_RELEASE_KEY")")
++
++# Verify /etc/pki/rpm-gpg directory permissions are safe
++if [ "${RPM_GPG_DIR_PERMS}" -le "755" ]
++then
++  # If they are safe, try to obtain fingerprints from the key file
++  # (to ensure there won't be e.g. CRC error)
++  readarray -t GPG_OUT < <(gpg --show-keys --with-fingerprint --with-colons "$REDHAT_RELEASE_KEY" | grep -A1 "^pub" | grep "^fpr" | cut -d ":" -f 10)
++  GPG_RESULT=$?
++  # No CRC error, safe to proceed
++  if [ "${GPG_RESULT}" -eq "0" ]
++  then
++    # Filter just hexadecimal fingerprints from gpg's output from
++    # processing of a key file
++    echo "${GPG_OUT[*]}" | grep -vE "${ALMALINUX_FINGERPRINT}|${ALMALINUX_AUXILIARY_FINGERPRINT}" || {
++      # If $ALMALINUX_RELEASE_KEY file doesn't contain any keys with unknown fingerprint, import it
++      rpm --import "${ALMALINUX_RELEASE_KEY}"
++    }
++  fi
++fi
+diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml
+new file mode 100644
+index 000000000..cbc55c2d7
+--- /dev/null
++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml
+@@ -0,0 +1,55 @@
++
++  
++    
++      AlmaLinux gpg-pubkey Package Installed
++      
++        multi_platform_almalinux
++      
++      The AlmaLinux key packages are required to be installed.
++    
++    
++      
++        
++          
++        
++        
++        
++          
++        
++      
++    
++  
++
++  
++  
++    gpg-pubkey
++  
++
++  
++  
++    
++    
++  
++
++  
++    {{{ pkg_release }}}
++    {{{ pkg_version }}}
++  
++
++  
++  
++    
++    
++  
++  
++    {{{ aux_pkg_release }}}
++    {{{ aux_pkg_version }}}
++  
++
++
+diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
+new file mode 100644
+index 000000000..11cebb049
+--- /dev/null
++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
+@@ -0,0 +1,44 @@
++documentation_complete: true
++
++title: 'Ensure AlmaLinux GPG Key Installed'
++
++description: |-
++    To ensure the system can cryptographically verify base software
++    packages come from AlmaLinux, the AlmaLinux GPG key must properly be installed.
++    To install the AlmaLinux GPG key, run:
++    
$ sudo rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux

++    If the system is not connected to the Internet,
++    then install the AlmaLinux GPG key from trusted media such as
++    the AlmaLinux installation CD-ROM or DVD. Assuming the disc is mounted
++    in /media/cdrom, use the following command as the root user to import
++    it into the keyring:
++    
$ sudo rpm --import /media/cdrom/RPM-GPG-KEY-AlmaLinux

++
++rationale: |-
++    Changes to software components can have significant effects on the
++    overall security of the operating system. This requirement ensures
++    the software has not been tampered with and that it has been provided
++    by a trusted vendor. The AlmaLinux GPG key is necessary to
++    cryptographically verify packages are from AlmaLinux.
++
++severity: high
++
++references:
++    cis: 1.2.2
++    disa: CCI-001749
++    nist: CM-5(3),SI-7,SC-12,SC-12(3),CM-6(a),CM-11(a),CM-11(b)
++    nist-csf: PR.DS-6,PR.DS-8,PR.IP-1
++    pcidss: Req-6.2
++    isa-62443-2013: 'SR 3.1,SR 3.3,SR 3.4,SR 3.8,SR 7.6'
++    isa-62443-2009: 4.3.4.3.2,4.3.4.3.3,4.3.4.4.4
++    cobit5: APO01.06,BAI03.05,BAI06.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS06.02
++    iso27001-2013: A.11.2.4,A.12.1.2,A.12.2.1,A.12.5.1,A.12.6.2,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4
++    cis-csc: 11,2,3,9
++
++ocil_clause: 'the AlmaLinux GPG Key is not installed'
++
++ocil: |-
++    To ensure that the GPG key is installed, run:
++    
$ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey

++    The command should return the string below:
++    
gpg(AlmaLinux <packager@almalinux.org>

+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
+index 4366d9faa..4a3043290 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
+@@ -1,3 +1,3 @@
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
+ 
+ {{{ bash_replace_or_append( pkg_manager_config_file , '^gpgcheck', '1') }}}
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
+index d3fe7d0fb..771ea7ea1 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
+@@ -56,7 +56,7 @@ references:
+     srg: SRG-OS-000366-GPOS-00153
+     stigid@ol7: OL07-00-020050
+     stigid@ol8: OL08-00-010370
+-    stigid@rhel8: RHEL-08-010370
++    stigid@almalinux8: RHEL-08-010370
+     stigid@sle12: SLES-12-010550
+     stigid@sle15: SLES-15-010430
+ 
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
+index 0d38f08a0..3c48a4f53 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
+@@ -40,7 +40,7 @@ references:
+     srg: SRG-OS-000366-GPOS-00153
+     stigid@ol7: OL07-00-020060
+     stigid@ol8: OL08-00-010371
+-    stigid@rhel8: RHEL-08-010371
++    stigid@almalinux8: RHEL-08-010371
+ 
+ ocil_clause: 'there is no process to validate certificates for local packages that is approved by the organization'
+ 
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
+index a653565f5..0e8220272 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
+index 07e02fa47..ee1d023d9 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+ {{% if product in ["sle12", "sle15"] %}}
+ sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/zypp/repos.d/*
+ {{% else %}}
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
+index 5a3ce069c..50a31bfe4 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
+@@ -43,7 +43,7 @@ references:
+     pcidss: Req-6.2
+     srg: SRG-OS-000366-GPOS-00153
+     stigid@ol8: OL08-00-010370
+-    stigid@rhel8: RHEL-08-010370
++    stigid@almalinux8: RHEL-08-010370
+ 
+ ocil_clause: 'GPG checking is disabled'
+ 
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
+index 37e47e4d4..a852e856f 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
+ 
+ sed -i 's/gpgcheck\s*=.*/gpgcheck=0/g' /etc/yum.repos.d/*
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
+index 04ff6e577..b97d75469 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
+ 
+ sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
+diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
+index 86d0cb5d3..9cb7152f3 100644
+--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
++++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
+@@ -53,7 +53,7 @@ references:
+     ospp: FPT_TUD_EXT.1,FPT_TUD_EXT.2
+     pcidss: Req-6.2
+     srg: SRG-OS-000366-GPOS-00153
+-    stigid@rhel8: RHEL-08-010019
++    stigid@almalinux8: RHEL-08-010019
+ 
+ ocil_clause: 'the Red Hat GPG Key is not installed'
+ 
+diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
+index e77380808..ecda8e8c8 100644
+--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
++++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
+@@ -16,6 +16,11 @@ description: |-
+     
$ sudo yum update

+     If the system is not configured to use one of these sources, updates (in the form of RPM packages)
+     can be manually downloaded from the ULN and installed using rpm.
++{{% elif product in ["almalinux8"] %}}
++    Run the following command to install updates:
++    
$ sudo yum update

++    If the system is not configured to use repos, updates (in the form of RPM packages)
++    can be manually downloaded from the repos and installed using rpm.
+ {{% elif product in ["sle12", "sle15", "slmicro5"] %}}
+     If the system is configured for online updates, invoking the following command will list available
+     security updates:
+@@ -60,7 +65,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020260
+     stigid@ol8: OL08-00-010010
+-    stigid@rhel8: RHEL-08-010010
++    stigid@almalinux8: RHEL-08-010010
+     stigid@sle12: SLES-12-010010
+     stigid@sle15: SLES-15-010010
+ 
+diff --git a/products/almalinux8/CMakeLists.txt b/products/almalinux8/CMakeLists.txt
+new file mode 100644
+index 000000000..511fdc1c4
+--- /dev/null
++++ b/products/almalinux8/CMakeLists.txt
+@@ -0,0 +1,33 @@
++# Sometimes our users will try to do: "cd almalinux8; cmake ." That needs to error in a nice way.
++if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
++    message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!")
++endif()
++
++set(PRODUCT "almalinux8")
++
++ssg_build_product(${PRODUCT})
++
++ssg_build_html_ref_tables("${PRODUCT}" "table-${PRODUCT}-{ref_id}refs" "anssi;cis;cui;nist;pcidss")
++
++ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-ospp" "${PRODUCT}" "ospp" "nist")
++ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-standard" "${PRODUCT}" "standard" "nist")
++ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-stig" "${PRODUCT}" "stig" "nist")
++
++ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_minimal" "${PRODUCT}" "anssi_bp28_minimal" "anssi")
++ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_enhanced" "${PRODUCT}" "anssi_bp28_enhanced" "anssi")
++ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_intermediary" "${PRODUCT}" "anssi_bp28_intermediary" "anssi")
++ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_high" "${PRODUCT}" "anssi_bp28_high" "anssi")
++
++ssg_build_html_cce_table(${PRODUCT})
++
++ssg_build_html_srgmap_tables(${PRODUCT})
++
++ssg_build_html_stig_tables(${PRODUCT})
++ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig")
++ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig_gui")
++
++#ssg_build_html_stig_tables(${PRODUCT} "ospp")
++
++if(SSG_CENTOS_DERIVATIVES_ENABLED)
++    ssg_build_derivative_product(${PRODUCT} "centos" "centos8")
++endif()
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg
+new file mode 100644
+index 000000000..15fb35079
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg
+@@ -0,0 +1,144 @@
++# SCAP Security Guide ANSSI BP-028 (enhanced) profile kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2021-01-28
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   grub2-mkpasswd-pbkdf2
++# to see how to create encrypted password form for different plaintext password
++bootloader --append="audit=1 audit_backlog_limit=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow
++# Ensure /usr Located On Separate Partition
++logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=6536 --fsoptions="nodev"
++# Ensure /opt Located On Separate Partition
++logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
++# Ensure /srv Located On Separate Partition
++logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg
+new file mode 100644
+index 000000000..5fba1c1b5
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg
+@@ -0,0 +1,149 @@
++# SCAP Security Guide ANSSI BP-028 (high) profile kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2020-12-10
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   grub2-mkpasswd-pbkdf2
++# to see how to create encrypted password form for different plaintext password
++bootloader --append="audit=1 audit_backlog_limit=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow
++# Ensure /usr Located On Separate Partition
++logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=6536 --fsoptions="nodev"
++# Ensure /opt Located On Separate Partition
++logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
++# Ensure /srv Located On Separate Partition
++logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_high
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg
+new file mode 100644
+index 000000000..6091d8dc6
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg
+@@ -0,0 +1,145 @@
++# SCAP Security Guide ANSSI BP-028 (intermediary) profile kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2021-01-28
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   grub2-mkpasswd-pbkdf2
++# to see how to create encrypted password form for different plaintext password
++bootloader
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow
++# Ensure /usr Located On Separate Partition
++logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=6536 --fsoptions="nodev"
++# Ensure /opt Located On Separate Partition
++logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
++# Ensure /srv Located On Separate Partition
++logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg
+new file mode 100644
+index 000000000..d71690cfe
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg
+@@ -0,0 +1,108 @@
++# SCAP Security Guide ANSSI BP-028 (minimal) profile kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2021-01-28
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --bootproto dhcp
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   grub2-mkpasswd-pbkdf2
++# to see how to create encrypted password form for different plaintext password
++bootloader
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++autopart
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg
+new file mode 100644
+index 000000000..302e05c0b
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg
+@@ -0,0 +1,141 @@
++# SCAP Security Guide CIS profile (Level 2 - Server) kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2021-08-12
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
++# encrypted password form for different plaintext password
++bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++#
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_cis
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg
+new file mode 100644
+index 000000000..f9b7ad73c
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg
+@@ -0,0 +1,141 @@
++# SCAP Security Guide CIS profile (Level 1 - Server) kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2021-08-12
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
++# encrypted password form for different plaintext password
++bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++#
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_cis_server_l1
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg
+new file mode 100644
+index 000000000..4527fae73
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg
+@@ -0,0 +1,141 @@
++# SCAP Security Guide CIS profile (Level 1 - Workstation) kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2021-08-12
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
++# encrypted password form for different plaintext password
++bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++#
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_cis_workstation_l1
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg
+new file mode 100644
+index 000000000..9d2e50709
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg
+@@ -0,0 +1,141 @@
++# SCAP Security Guide CIS profile (Level 2 - Workstation) kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2021-08-12
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
++# encrypted password form for different plaintext password
++bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++#
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_cis_workstation_l2
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg
+new file mode 100644
+index 000000000..e25cd22b4
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg
+@@ -0,0 +1,139 @@
++# SCAP Security Guide CUI profile kickstart for AlmaLinux 8
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --bootproto dhcp
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Refer to e.g.
++#   grub2-mkpasswd-pbkdf2
++# to see how to create encrypted password form for different plaintext password
++bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_cui
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg
+new file mode 100644
+index 000000000..754e3d6f7
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg
+@@ -0,0 +1,120 @@
++# SCAP Security Guide Essential Eight profile kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2019-11-13
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
++# encrypted password form for different plaintext password
++bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++autopart
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_e8
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg
+new file mode 100644
+index 000000000..561f0aab9
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg
+@@ -0,0 +1,120 @@
++# SCAP Security Guide HIPAA profile kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2020-05-25
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
++# encrypted password form for different plaintext password
++bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++autopart
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_hipaa
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg
+new file mode 100644
+index 000000000..ed30b2d72
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg
+@@ -0,0 +1,119 @@
++# SCAP Security Guide ISM Official profile kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2021-08-16
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++#
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++bootloader
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++autopart
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_ism_o
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg
+new file mode 100644
+index 000000000..d74607ae9
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg
+@@ -0,0 +1,139 @@
++# SCAP Security Guide OSPP profile kickstart for AlmaLinux 8
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --bootproto dhcp
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Refer to e.g.
++#   grub2-mkpasswd-pbkdf2
++# to see how to create encrypted password form for different plaintext password
++bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_ospp
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg
+new file mode 100644
+index 000000000..eda7c7be4
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg
+@@ -0,0 +1,134 @@
++# SCAP Security Guide PCI-DSS profile kickstart for AlmaLinux 8
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url	        the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   grub2-mkpasswd-pbkdf2
++# to see how to create encrypted password form for different plaintext password
++bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=11264 --grow
++# CCE-26557-9: Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# CCE-26435-8: Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++# CCE-26639-5: Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# CCE-26215-4: Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# CCE-26436-6: Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_pci-dss
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg
+new file mode 100644
+index 000000000..22c981ee2
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg
+@@ -0,0 +1,141 @@
++# SCAP Security Guide STIG profile kickstart for AlmaLinux 8
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --bootproto dhcp
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   grub2-mkpasswd-pbkdf2
++# to see how to create encrypted password form for different plaintext password
++bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_stig
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg
+new file mode 100644
+index 000000000..091ef836e
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg
+@@ -0,0 +1,143 @@
++# SCAP Security Guide STIG with GUI profile kickstart for AlmaLinux 8
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++# For more information see the following documentation:
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard --vckeymap us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --bootproto dhcp
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   grub2-mkpasswd-pbkdf2
++# to see how to create encrypted password form for different plaintext password
++bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_stig_gui
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++@Server with GUI
++
++%end
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/overlays/srg_support.xml b/products/almalinux8/overlays/srg_support.xml
+new file mode 100644
+index 000000000..08c87ea68
+--- /dev/null
++++ b/products/almalinux8/overlays/srg_support.xml
+@@ -0,0 +1,173 @@
++
+diff --git a/products/almalinux8/product.yml b/products/almalinux8/product.yml
+new file mode 100644
+index 000000000..fc3e37660
+--- /dev/null
++++ b/products/almalinux8/product.yml
+@@ -0,0 +1,53 @@
++product: almalinux8
++full_name: AlmaLinux 8
++type: platform
++
++families:
++  - rhel
++  - rhel-like
++
++major_version_ordinal: 8
++
++benchmark_id: ALMALINUX-8
++benchmark_root: "../../linux_os/guide"
++components_root: "../../components"
++
++profiles_root: "./profiles"
++
++pkg_manager: "yum"
++
++init_system: "systemd"
++
++# The fingerprints below are retrieved from https://almalinux.org/security/
++pkg_release: "5ffd890e"
++pkg_version: "3abb34f8"
++aux_pkg_release: "6525146f"
++aux_pkg_version: "ced7258b"
++
++release_key_fingerprint: "5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8"
++auxiliary_key_fingerprint: "BC5EDDCADF502C077F1582882AE81E8ACED7258B"
++oval_feed_url: "https://security.almalinux.org/oval/org.almalinux.alsa-8.xml.bz2"
++
++groups:
++  dedicated_ssh_keyowner:
++    name: ssh_keys
++
++faillock_path: "/var/log/faillock"
++
++cpes_root: "../../shared/applicability"
++cpes:
++  - almalinux8:
++      name: "cpe:/o:almalinux:almalinux:8"
++      title: "AlmaLinux 8"
++      check_id: installed_OS_is_almalinux8
++
++
++# Mapping of CPE platform to package
++platform_package_overrides:
++  login_defs: "shadow-utils"
++
++
++reference_uris:
++  cis: 'https://www.cisecurity.org/benchmark/almalinuxos_linux/'
++
++journald_conf_dir_path: /etc/systemd/journald.conf.d
+diff --git a/products/almalinux8/profiles/anssi_bp28_enhanced.profile b/products/almalinux8/profiles/anssi_bp28_enhanced.profile
+new file mode 100644
+index 000000000..f580bb611
+--- /dev/null
++++ b/products/almalinux8/profiles/anssi_bp28_enhanced.profile
+@@ -0,0 +1,52 @@
++documentation_complete: true
++
++metadata:
++    SMEs:
++        - marcusburghardt
++        - yuumasato
++
++title: 'ANSSI-BP-028 (enhanced)'
++
++description: |-
++    This profile contains configurations that align to ANSSI-BP-028 v2.0 at the enhanced hardening level.
++
++    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
++    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
++
++    A copy of the ANSSI-BP-028 can be found at the ANSSI website:
++    https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
++
++    An English version of the ANSSI-BP-028 can also be found at the ANSSI website:
++    https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system
++
++selections:
++    - anssi:all:enhanced
++    - var_password_hashing_algorithm=SHA512
++    - var_password_pam_unix_rounds=65536
++    - '!timer_logrotate_enabled'
++    # disable R45: Enable AppArmor security profiles
++    - '!apparmor_configured'
++    - '!all_apparmor_profiles_enforced'
++    - '!grub2_enable_apparmor'
++    - '!package_apparmor_installed'
++    - '!package_pam_apparmor_installed'
++    # Following rules once had a prodtype incompatible with the rhel8 product
++    - '!cracklib_accounts_password_pam_minlen'
++    - '!sysctl_fs_protected_fifos'
++    - '!accounts_passwords_pam_tally2_deny_root'
++    - '!audit_rules_privileged_commands_rmmod'
++    - '!package_dracut-fips-aesni_installed'
++    - '!audit_rules_privileged_commands_modprobe'
++    - '!chronyd_configure_pool_and_server'
++    - '!accounts_passwords_pam_tally2'
++    - '!cracklib_accounts_password_pam_ucredit'
++    - '!cracklib_accounts_password_pam_dcredit'
++    - '!cracklib_accounts_password_pam_lcredit'
++    - '!sysctl_fs_protected_regular'
++    - '!grub2_mds_argument'
++    - '!cracklib_accounts_password_pam_ocredit'
++    - '!grub2_page_alloc_shuffle_argument'
++    - '!accounts_passwords_pam_tally2_unlock_time'
++    - '!audit_rules_privileged_commands_insmod'
++    - '!ensure_oracle_gpgkey_installed'
++    - '!package_kea_removed'
+diff --git a/products/almalinux8/profiles/anssi_bp28_high.profile b/products/almalinux8/profiles/anssi_bp28_high.profile
+new file mode 100644
+index 000000000..0c492e830
+--- /dev/null
++++ b/products/almalinux8/profiles/anssi_bp28_high.profile
+@@ -0,0 +1,59 @@
++documentation_complete: true
++
++metadata:
++    SMEs:
++        - marcusburghardt
++        - yuumasato
++
++title: 'ANSSI-BP-028 (high)'
++
++description: |-
++    This profile contains configurations that align to ANSSI-BP-028 v2.0 at the high hardening level.
++
++    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
++    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
++
++    A copy of the ANSSI-BP-028 can be found at the ANSSI website:
++    https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
++
++    An English version of the ANSSI-BP-028 can also be found at the ANSSI website:
++    https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system
++
++selections:
++    - anssi:all:high
++    - var_password_hashing_algorithm=SHA512
++    - var_password_pam_unix_rounds=65536
++    # the following rule renders UEFI systems unbootable
++    - '!sebool_secure_mode_insmod'
++    - '!timer_logrotate_enabled'
++    # disable R45: Enable AppArmor security profiles
++    - '!apparmor_configured'
++    - '!all_apparmor_profiles_enforced'
++    - '!grub2_enable_apparmor'
++    - '!package_apparmor_installed'
++    - '!package_pam_apparmor_installed'
++    # Following rules once had a prodtype incompatible with the rhel8 product
++    - '!kernel_config_gcc_plugin_structleak_byref_all'
++    - '!accounts_passwords_pam_tally2_deny_root'
++    - '!aide_periodic_checking_systemd_timer'
++    - '!audit_rules_privileged_commands_rmmod'
++    - '!grub2_mds_argument'
++    - '!audit_rules_privileged_commands_modprobe'
++    - '!package_dracut-fips-aesni_installed'
++    - '!cracklib_accounts_password_pam_lcredit'
++    - '!sysctl_fs_protected_regular'
++    - '!cracklib_accounts_password_pam_ocredit'
++    - '!kernel_config_gcc_plugin_stackleak'
++    - '!audit_rules_privileged_commands_insmod'
++    - '!chronyd_configure_pool_and_server'
++    - '!accounts_passwords_pam_tally2'
++    - '!cracklib_accounts_password_pam_ucredit'
++    - '!kernel_config_legacy_vsyscall_xonly'
++    - '!kernel_config_gcc_plugin_randstruct'
++    - '!accounts_passwords_pam_tally2_unlock_time'
++    - '!cracklib_accounts_password_pam_minlen'
++    - '!sysctl_fs_protected_fifos'
++    - '!cracklib_accounts_password_pam_dcredit'
++    - '!grub2_page_alloc_shuffle_argument'
++    - '!ensure_oracle_gpgkey_installed'
++    - '!package_kea_removed'
+diff --git a/products/almalinux8/profiles/anssi_bp28_intermediary.profile b/products/almalinux8/profiles/anssi_bp28_intermediary.profile
+new file mode 100644
+index 000000000..7e6adfe6b
+--- /dev/null
++++ b/products/almalinux8/profiles/anssi_bp28_intermediary.profile
+@@ -0,0 +1,40 @@
++documentation_complete: true
++
++metadata:
++    SMEs:
++        - marcusburghardt
++        - yuumasato
++
++title: 'ANSSI-BP-028 (intermediary)'
++
++description: |-
++    This profile contains configurations that align to ANSSI-BP-028 v2.0 at the intermediary hardening level.
++
++    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
++    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
++
++    A copy of the ANSSI-BP-028 can be found at the ANSSI website:
++    https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
++
++    An English version of the ANSSI-BP-028 can also be found at the ANSSI website:
++    https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system
++
++selections:
++  - anssi:all:intermediary
++  - var_password_hashing_algorithm=SHA512
++  - var_password_pam_unix_rounds=65536
++  # Following rules once had a prodtype incompatible with the rhel8 product
++  - '!cracklib_accounts_password_pam_minlen'
++  - '!accounts_passwords_pam_tally2_deny_root'
++  - '!grub2_mds_argument'
++  - '!sysctl_fs_protected_fifos'
++  - '!accounts_passwords_pam_tally2'
++  - '!cracklib_accounts_password_pam_ucredit'
++  - '!cracklib_accounts_password_pam_dcredit'
++  - '!cracklib_accounts_password_pam_lcredit'
++  - '!sysctl_fs_protected_regular'
++  - '!cracklib_accounts_password_pam_ocredit'
++  - '!grub2_page_alloc_shuffle_argument'
++  - '!accounts_passwords_pam_tally2_unlock_time'
++  - '!ensure_oracle_gpgkey_installed'
++  - '!package_kea_removed'
+diff --git a/products/almalinux8/profiles/anssi_bp28_minimal.profile b/products/almalinux8/profiles/anssi_bp28_minimal.profile
+new file mode 100644
+index 000000000..772d31035
+--- /dev/null
++++ b/products/almalinux8/profiles/anssi_bp28_minimal.profile
+@@ -0,0 +1,36 @@
++documentation_complete: true
++
++metadata:
++    SMEs:
++        - marcusburghardt
++        - yuumasato
++
++title: 'ANSSI-BP-028 (minimal)'
++
++description: |-
++    This profile contains configurations that align to ANSSI-BP-028 v2.0 at the minimal hardening level.
++
++    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
++    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
++
++    A copy of the ANSSI-BP-028 can be found at the ANSSI website:
++    https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
++
++    An English version of the ANSSI-BP-028 can also be found at the ANSSI website:
++    https://cyber.gouv.fr/publications/configuration-recommendations-gnulinux-system
++
++selections:
++  - anssi:all:minimal
++  - var_password_hashing_algorithm=SHA512
++  - var_password_pam_unix_rounds=65536
++  # Following rules once had a prodtype incompatible with the rhel8 product
++  - '!cracklib_accounts_password_pam_minlen'
++  - '!accounts_passwords_pam_tally2_deny_root'
++  - '!accounts_passwords_pam_tally2'
++  - '!cracklib_accounts_password_pam_ucredit'
++  - '!cracklib_accounts_password_pam_dcredit'
++  - '!cracklib_accounts_password_pam_lcredit'
++  - '!cracklib_accounts_password_pam_ocredit'
++  - '!accounts_passwords_pam_tally2_unlock_time'
++  - '!ensure_oracle_gpgkey_installed'
++  - '!package_kea_removed'
+diff --git a/products/almalinux8/profiles/cis.profile b/products/almalinux8/profiles/cis.profile
+new file mode 100644
+index 000000000..40d3e5ceb
+--- /dev/null
++++ b/products/almalinux8/profiles/cis.profile
+@@ -0,0 +1,26 @@
++documentation_complete: true
++
++metadata:
++    version: 3.0.0
++    SMEs:
++        - marcusburghardt
++        - vojtapolasek
++        - yuumasato
++
++reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
++
++title: 'CIS AlmaLinux OS 8 Benchmark for Level 2 - Server'
++
++description: |-
++    This profile defines a baseline that aligns to the "Level 2 - Server"
++    configuration from the Center for Internet Security® 
++    AlmaLinux OS 8 Benchmarkâ„¢, v3.0.0, released 2023-10-30.
++
++    This profile includes Center for Internet Security®
++    AlmaLinux OS 8 CIS Benchmarksâ„¢ content.
++
++selections:
++    - cis_rhel8:all:l2_server
++    # Following rules once had a prodtype incompatible with the rhel8 product
++    - '!file_owner_at_allow'
++    - '!package_dnsmasq_removed'
+diff --git a/products/almalinux8/profiles/cis_server_l1.profile b/products/almalinux8/profiles/cis_server_l1.profile
+new file mode 100644
+index 000000000..a8bc574f1
+--- /dev/null
++++ b/products/almalinux8/profiles/cis_server_l1.profile
+@@ -0,0 +1,26 @@
++documentation_complete: true
++
++metadata:
++    version: 3.0.0
++    SMEs:
++        - marcusburghardt
++        - vojtapolasek
++        - yuumasato
++
++reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
++
++title: 'CIS AlmaLinux OS 8 Benchmark for Level 1 - Server'
++
++description: |-
++    This profile defines a baseline that aligns to the "Level 1 - Server"
++    configuration from the Center for Internet Security® 
++    AlmaLinux OS 8 Benchmarkâ„¢, v3.0.0, released 2023-10-30.
++
++    This profile includes Center for Internet Security®
++    AlmaLinux OS 8 CIS Benchmarksâ„¢ content.
++
++selections:
++    - cis_rhel8:all:l1_server
++    # Following rules once had a prodtype incompatible with the rhel8 product
++    - '!file_owner_at_allow'
++    - '!package_dnsmasq_removed'
+diff --git a/products/almalinux8/profiles/cis_workstation_l1.profile b/products/almalinux8/profiles/cis_workstation_l1.profile
+new file mode 100644
+index 000000000..a670f00be
+--- /dev/null
++++ b/products/almalinux8/profiles/cis_workstation_l1.profile
+@@ -0,0 +1,26 @@
++documentation_complete: true
++
++metadata:
++    version: 3.0.0
++    SMEs:
++        - marcusburghardt
++        - vojtapolasek
++        - yuumasato
++
++reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
++
++title: 'CIS AlmaLinux OS 8 Benchmark for Level 1 - Workstation'
++
++description: |-
++    This profile defines a baseline that aligns to the "Level 1 - Workstation"
++    configuration from the Center for Internet Security® 
++    AlmaLinux OS 8 Benchmarkâ„¢, v3.0.0, released 2023-10-30.
++
++    This profile includes Center for Internet Security®
++    AlmaLinux OS 8 CIS Benchmarksâ„¢ content.
++
++selections:
++    - cis_rhel8:all:l1_workstation
++    # Following rules once had a prodtype incompatible with the rhel8 product
++    - '!file_owner_at_allow'
++    - '!package_dnsmasq_removed'
+diff --git a/products/almalinux8/profiles/cis_workstation_l2.profile b/products/almalinux8/profiles/cis_workstation_l2.profile
+new file mode 100644
+index 000000000..d6e882959
+--- /dev/null
++++ b/products/almalinux8/profiles/cis_workstation_l2.profile
+@@ -0,0 +1,26 @@
++documentation_complete: true
++
++metadata:
++    version: 3.0.0
++    SMEs:
++        - marcusburghardt
++        - vojtapolasek
++        - yuumasato
++
++reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
++
++title: 'CIS AlmaLinux OS 8 Benchmark for Level 2 - Workstation'
++
++description: |-
++    This profile defines a baseline that aligns to the "Level 2 - Workstation"
++    configuration from the Center for Internet Security® 
++    AlmaLinux OS 8 Benchmarkâ„¢, v3.0.0, released 2023-10-30.
++
++    This profile includes Center for Internet Security®
++    AlmaLinux OS 8 CIS Benchmarksâ„¢ content.
++
++selections:
++    - cis_rhel8:all:l2_workstation
++    # Following rules once had a prodtype incompatible with the rhel8 product
++    - '!file_owner_at_allow'
++    - '!package_dnsmasq_removed'
+diff --git a/products/almalinux8/profiles/cjis.profile b/products/almalinux8/profiles/cjis.profile
+new file mode 100644
+index 000000000..21af964ea
+--- /dev/null
++++ b/products/almalinux8/profiles/cjis.profile
+@@ -0,0 +1,146 @@
++documentation_complete: true
++
++hidden: true
++
++metadata:
++    version: 5.4
++    SMEs:
++        - ggbecker
++
++reference: https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center
++
++title: 'Criminal Justice Information Services (CJIS) Security Policy'
++
++description: |-
++    This profile is derived from FBI's CJIS v5.4
++    Security Policy. A copy of this policy can be found at the CJIS Security
++    Policy Resource Center:
++
++    https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center
++
++selections:
++    - service_auditd_enabled
++    - grub2_audit_argument
++    - auditd_data_retention_num_logs
++    - auditd_data_retention_max_log_file
++    - auditd_data_retention_max_log_file_action
++    - auditd_data_retention_space_left_action
++    - auditd_data_retention_admin_space_left_action
++    - auditd_data_retention_action_mail_acct
++    - auditd_audispd_syslog_plugin_activated
++    - audit_rules_time_adjtimex
++    - audit_rules_time_settimeofday
++    - audit_rules_time_stime
++    - audit_rules_time_clock_settime
++    - audit_rules_time_watch_localtime
++    - audit_rules_usergroup_modification
++    - audit_rules_networkconfig_modification
++    - file_permissions_var_log_audit
++    - file_ownership_var_log_audit
++    - audit_rules_mac_modification
++    - audit_rules_dac_modification_chmod
++    - audit_rules_dac_modification_chown
++    - audit_rules_dac_modification_fchmod
++    - audit_rules_dac_modification_fchmodat
++    - audit_rules_dac_modification_fchown
++    - audit_rules_dac_modification_fchownat
++    - audit_rules_dac_modification_fremovexattr
++    - audit_rules_dac_modification_fsetxattr
++    - audit_rules_dac_modification_lchown
++    - audit_rules_dac_modification_lremovexattr
++    - audit_rules_dac_modification_lsetxattr
++    - audit_rules_dac_modification_removexattr
++    - audit_rules_dac_modification_setxattr
++    - audit_rules_login_events
++    - audit_rules_session_events
++    - audit_rules_unsuccessful_file_modification
++    - audit_rules_privileged_commands
++    - audit_rules_media_export
++    - audit_rules_file_deletion_events
++    - audit_rules_sysadmin_actions
++    - audit_rules_kernel_module_loading
++    - audit_rules_immutable
++    - account_unique_name
++    - gid_passwd_group_same
++    - accounts_password_all_shadowed
++    - no_empty_passwords
++    - display_login_attempts
++    - var_accounts_maximum_age_login_defs=90
++    - var_password_pam_unix_remember=10
++    - var_account_disable_post_pw_expiration=0
++    - var_password_pam_minlen=12
++    - var_accounts_minimum_age_login_defs=1
++    - var_password_pam_difok=6
++    - var_accounts_max_concurrent_login_sessions=3
++    - account_disable_post_pw_expiration
++    - accounts_password_pam_minlen
++    - accounts_minimum_age_login_defs
++    - accounts_password_pam_difok
++    - var_authselect_profile=sssd
++    - enable_authselect
++    - accounts_max_concurrent_login_sessions
++    - var_password_hashing_algorithm_pam=sha512
++    - set_password_hashing_algorithm_systemauth
++    - set_password_hashing_algorithm_passwordauth
++    - set_password_hashing_algorithm_logindefs
++    - set_password_hashing_algorithm_libuserconf
++    - file_owner_etc_shadow
++    - file_groupowner_etc_shadow
++    - file_permissions_etc_shadow
++    - file_owner_etc_group
++    - file_groupowner_etc_group
++    - file_permissions_etc_group
++    - file_owner_etc_passwd
++    - file_groupowner_etc_passwd
++    - file_permissions_etc_passwd
++    - file_owner_grub2_cfg
++    - file_groupowner_grub2_cfg
++    - var_password_pam_retry=5
++    - var_accounts_passwords_pam_faillock_deny=5
++    - var_accounts_passwords_pam_faillock_unlock_time=600
++    - dconf_db_up_to_date
++    - dconf_gnome_screensaver_idle_delay
++    - dconf_gnome_session_idle_user_locks
++    - dconf_gnome_screensaver_idle_activation_enabled
++    - dconf_gnome_screensaver_lock_enabled
++    - dconf_gnome_screensaver_mode_blank
++    - sshd_allow_only_protocol2
++    - sshd_set_idle_timeout
++    - var_sshd_set_keepalive=1
++    - sshd_set_keepalive_0
++    - disable_host_auth
++    - sshd_disable_root_login
++    - sshd_disable_empty_passwords
++    - sshd_enable_warning_banner
++    - sshd_do_not_permit_user_env
++    - var_system_crypto_policy=fips
++    - configure_crypto_policy
++    - configure_ssh_crypto_policy
++    - kernel_module_dccp_disabled
++    - kernel_module_sctp_disabled
++    - service_firewalld_enabled
++    - set_firewalld_default_zone
++    - firewalld_sshd_port_enabled
++    - sshd_idle_timeout_value=30_minutes
++    - inactivity_timeout_value=30_minutes
++    - sysctl_net_ipv4_conf_default_accept_source_route
++    - sysctl_net_ipv4_tcp_syncookies
++    - sysctl_net_ipv4_conf_all_send_redirects
++    - sysctl_net_ipv4_conf_default_send_redirects
++    - sysctl_net_ipv4_conf_all_accept_redirects
++    - sysctl_net_ipv4_conf_default_accept_redirects
++    - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
++    - var_password_pam_ocredit=1
++    - var_password_pam_dcredit=1
++    - var_password_pam_ucredit=1
++    - var_password_pam_lcredit=1
++    - package_aide_installed
++    - aide_build_database
++    - aide_periodic_cron_checking
++    - rpm_verify_permissions
++    - rpm_verify_hashes
++    - ensure_almalinux_gpgkey_installed
++    - ensure_gpgcheck_globally_activated
++    - ensure_gpgcheck_never_disabled
++    - security_patches_up_to_date
++    - kernel_module_bluetooth_disabled
+diff --git a/products/almalinux8/profiles/cui.profile b/products/almalinux8/profiles/cui.profile
+new file mode 100644
+index 000000000..5fd48dbdc
+--- /dev/null
++++ b/products/almalinux8/profiles/cui.profile
+@@ -0,0 +1,33 @@
++documentation_complete: true
++
++metadata:
++    version: TBD
++    SMEs:
++        - ggbecker
++
++title: 'Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)'
++
++description: |-
++    From NIST 800-171, Section 2.2:
++    Security requirements for protecting the confidentiality of CUI in nonfederal
++    information systems and organizations have a well-defined structure that
++    consists of:
++
++    (i) a basic security requirements section;
++    (ii) a derived security requirements section.
++
++    The basic security requirements are obtained from FIPS Publication 200, which
++    provides the high-level and fundamental security requirements for federal
++    information and information systems. The derived security requirements, which
++    supplement the basic security requirements, are taken from the security controls
++    in NIST Special Publication 800-53.
++
++    This profile configures AlmaLinux 8 to the NIST Special
++    Publication 800-53 controls identified for securing Controlled Unclassified
++    Information (CUI)."
++
++extends: ospp
++
++selections:
++    - inactivity_timeout_value=10_minutes
++    - var_system_crypto_policy=fips
+diff --git a/products/almalinux8/profiles/default.profile b/products/almalinux8/profiles/default.profile
+new file mode 100644
+index 000000000..912b50837
+--- /dev/null
++++ b/products/almalinux8/profiles/default.profile
+@@ -0,0 +1,718 @@
++documentation_complete: true
++
++hidden: true
++
++title: Default Profile for AlmaLinux 8
++
++description: |-
++    This profile contains all the rules that once belonged to the
++    rhel8 product via 'prodtype'. This profile won't
++    be rendered into an XCCDF Profile entity, nor it will select any
++    of these rules by default. The only purpose of this profile
++    is to keep a rule in the product's XCCDF Benchmark.
++
++selections:
++    - sebool_nfsd_anon_write
++    - sebool_squid_connect_any
++    - sebool_polipo_connect_all_unreserved
++    - audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write
++    - mount_option_var_tmp_bind
++    - sebool_selinuxuser_use_ssh_chroot
++    - sebool_condor_tcp_network_connect
++    - aide_use_fips_hashes
++    - sebool_xserver_object_manager
++    - mount_option_home_grpquota
++    - sebool_mpd_enable_homedirs
++    - auditd_data_retention_max_log_file_action_stig
++    - sebool_logadm_exec_content
++    - install_mcafee_antivirus
++    - httpd_configure_documentroot
++    - auditd_audispd_encrypt_sent_records
++    - audit_rules_unsuccessful_file_modification_openat_rule_order
++    - sebool_logwatch_can_network_connect_mail
++    - sebool_mpd_use_nfs
++    - sebool_virt_use_sanlock
++    - disable_anacron
++    - kernel_module_vfat_disabled
++    - sebool_xguest_use_bluetooth
++    - sebool_puppetagent_manage_all_files
++    - sebool_staff_use_svirt
++    - audit_rules_successful_file_modification_lsetxattr
++    - sebool_daemons_enable_cluster_mode
++    - package_samba-common_installed
++    - sebool_httpd_enable_cgi
++    - harden_openssl_crypto_policy
++    - dir_perms_world_writable_system_owned
++    - xwindows_remove_packages
++    - package_avahi_removed
++    - package_cups_removed
++    - package_iptables-services_removed
++    - sebool_httpd_can_network_memcache
++    - sebool_git_system_use_nfs
++    - sudoers_no_root_target
++    - enable_ldap_client
++    - sebool_httpd_can_connect_zabbix
++    - sebool_samba_portmapper
++    - audit_rules_etc_shadow_open
++    - sebool_httpd_graceful_shutdown
++    - httpd_limit_java_files
++    - sebool_ftpd_use_fusefs
++    - service_cups_disabled
++    - sebool_selinuxuser_ping
++    - package_pigz_removed
++    - sebool_unconfined_chrome_sandbox_transition
++    - avahi_prevent_port_sharing
++    - package_ntpdate_removed
++    - sebool_gitosis_can_sendmail
++    - set_loopback_traffic
++    - ntpd_specify_multiple_servers
++    - firewalld_sshd_disabled
++    - audit_rules_unsuccessful_file_modification_renameat
++    - sebool_pcp_read_generic_logs
++    - package_abrt-plugin-rhtsupport_removed
++    - sebool_httpd_run_ipa
++    - sebool_selinuxuser_share_music
++    - file_groupowner_var_log_syslog
++    - httpd_configure_perl_taint
++    - service_netfs_disabled
++    - sebool_dbadm_manage_user_files
++    - sebool_smbd_anon_write
++    - auditd_audispd_configure_remote_server
++    - service_ypserv_disabled
++    - sebool_nagios_run_sudo
++    - sebool_dbadm_exec_content
++    - package_ntp_installed
++    - package_cron_installed
++    - sebool_abrt_anon_write
++    - dconf_gnome_screensaver_idle_activation_locked
++    - audit_rules_successful_file_modification_unlinkat
++    - httpd_entrust_passwords
++    - httpd_proxy_support
++    - package_audit-audispd-plugins_installed
++    - sebool_xserver_clients_write_xshm
++    - service_rpcidmapd_disabled
++    - sebool_xdm_exec_bootloader
++    - sebool_httpd_serve_cobbler_files
++    - httpd_configure_log_format
++    - sebool_use_ecryptfs_home_dirs
++    - sebool_container_connect_any
++    - sebool_sge_domain_can_network_connect
++    - sebool_staff_exec_content
++    - file_permissions_home_dirs
++    - audit_rules_privileged_commands_newgidmap
++    - sebool_ssh_chroot_rw_homedirs
++    - sebool_virt_use_xserver
++    - no_netrc_files
++    - sebool_mozilla_plugin_use_spice
++    - package_libcap-ng-utils_installed
++    - sebool_abrt_handle_event
++    - sebool_tmpreaper_use_nfs
++    - sebool_httpd_can_connect_ldap
++    - ftp_restrict_to_anon
++    - sebool_mmap_low_allowed
++    - sebool_glance_use_fusefs
++    - sebool_httpd_dontaudit_search_dirs
++    - sebool_named_tcp_bind_http_port
++    - auditd_audispd_network_failure_action
++    - sebool_wine_mmap_zero_ignore
++    - sebool_cluster_use_execmem
++    - audit_rules_privileged_commands_usernetctl
++    - dconf_gnome_disable_user_admin
++    - sebool_ftpd_use_nfs
++    - sebool_httpd_use_fusefs
++    - service_iptables_enabled
++    - sebool_tor_bind_all_unreserved_ports
++    - httpd_configure_banner_page
++    - httpd_install_mod_ssl
++    - sebool_httpd_use_openstack
++    - sebool_icecast_use_any_tcp_ports
++    - sebool_virt_sandbox_use_all_caps
++    - audit_rules_unsuccessful_file_modification_rename
++    - package_binutils_installed
++    - sebool_openshift_use_nfs
++    - sebool_mailman_use_fusefs
++    - sebool_nfs_export_all_rw
++    - service_sysstat_disabled
++    - sebool_httpd_dbus_avahi
++    - dir_perms_etc_httpd_conf
++    - logwatch_configured_splithosts
++    - mount_option_smb_client_signing
++    - grub2_no_removeable_media
++    - audit_rules_successful_file_modification_open_o_trunc_write
++    - httpd_no_compilers_in_prod
++    - sebool_mplayer_execstack
++    - sebool_virt_sandbox_use_mknod
++    - audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order
++    - sebool_fcron_crond
++    - sebool_httpd_read_user_content
++    - sebool_samba_domain_controller
++    - service_sshd_disabled
++    - sebool_cobbler_anon_write
++    - audit_rules_successful_file_modification_openat_o_trunc_write
++    - audit_rules_successful_file_modification_removexattr
++    - sebool_xdm_write_home
++    - sebool_httpd_mod_auth_pam
++    - audit_rules_successful_file_modification_fchownat
++    - service_httpd_disabled
++    - sebool_pppd_for_user
++    - sebool_rsync_export_all_ro
++    - audit_rules_successful_file_modification_open_o_creat
++    - install_hids
++    - sebool_authlogin_radius
++    - httpd_configure_remote_session_encryption
++    - sebool_swift_can_network
++    - dhcp_server_disable_ddns
++    - sudo_restrict_others_executable_permission
++    - sshd_disable_pubkey_auth
++    - sebool_tor_can_network_relay
++    - postfix_server_banner
++    - sebool_virt_use_samba
++    - nfs_fixed_statd_port
++    - audit_privileged_commands_reboot
++    - sysctl_kernel_core_uses_pid
++    - install_mcafee_hbss_pa
++    - sebool_spamassassin_can_network
++    - package_syslogng_installed
++    - sebool_selinuxuser_postgresql_connect_enabled
++    - sebool_virt_sandbox_use_sys_admin
++    - httpd_ldap_support
++    - network_disable_zeroconf
++    - sebool_irssi_use_full_network
++    - sebool_sysadm_exec_content
++    - sebool_polipo_use_cifs
++    - sebool_samba_load_libgfapi
++    - package_rpcbind_removed
++    - sebool_samba_run_unconfined
++    - sebool_webadm_manage_user_files
++    - cups_disable_browsing
++    - service_certmonger_disabled
++    - sebool_zoneminder_run_sudo
++    - sebool_ftpd_anon_write
++    - sebool_rsync_anon_write
++    - install_mcafee_hbss_accm
++    - mount_option_proc_hidepid
++    - sebool_nfs_export_all_ro
++    - audit_rules_unsuccessful_file_modification_chown
++    - sebool_selinuxuser_udp_server
++    - sebool_cups_execmem
++    - httpd_enable_loglevel
++    - network_ipv6_disable_rpc
++    - sebool_httpd_execmem
++    - sebool_httpd_sys_script_anon_write
++    - audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write
++    - sebool_ftpd_use_cifs
++    - audit_rules_etc_shadow_open_by_handle_at
++    - sebool_mysql_connect_any
++    - audit_rules_privileged_commands_pt_chown
++    - sebool_httpd_can_sendmail
++    - sebool_prosody_bind_http_port
++    - sebool_httpd_use_sasl
++    - sssd_memcache_timeout
++    - configure_opensc_card_drivers
++    - sebool_tftp_home_dir
++    - sebool_gssd_read_tmp
++    - sebool_squid_use_tproxy
++    - sebool_httpd_ssi_exec
++    - sebool_use_lpd_server
++    - httpd_restrict_root_directory
++    - audit_rules_successful_file_modification_open_by_handle_at_o_creat
++    - grub2_nousb_argument
++    - sebool_unconfined_login
++    - account_use_centralized_automated_auth
++    - httpd_configure_valid_server_cert
++    - sebool_xdm_bind_vnc_tcp_port
++    - sebool_deny_ptrace
++    - sebool_postgresql_selinux_transmit_client_label
++    - sysctl_net_ipv6_conf_all_disable_ipv6
++    - sebool_smartmon_3ware
++    - dconf_gnome_login_retries
++    - dhcp_server_configure_logging
++    - audit_rules_unsuccessful_file_modification_setxattr
++    - sudo_vdsm_nopasswd
++    - sebool_global_ssp
++    - package_iptables-services_installed
++    - service_smb_disabled
++    - sebool_virt_rw_qemu_ga_data
++    - sebool_selinuxuser_tcp_server
++    - package_inetutils-telnetd_removed
++    - audit_rules_successful_file_modification_openat
++    - audit_rules_unsuccessful_file_modification_fchmod
++    - service_ntpd_enabled
++    - file_permissions_httpd_server_conf_files
++    - sebool_httpd_use_gpg
++    - sysconfig_networking_bootproto_ifcfg
++    - sebool_spamd_enable_home_dirs
++    - package_openldap-servers_removed
++    - avahi_disable_publishing
++    - audit_rules_successful_file_modification_fchmod
++    - dns_server_disable_dynamic_updates
++    - sebool_fenced_can_network_connect
++    - sebool_virt_use_nfs
++    - sebool_lsmd_plugin_connect_any
++    - account_passwords_pam_faillock_dir
++    - package_iptables_installed
++    - httpd_configure_script_permissions
++    - sebool_authlogin_yubikey
++    - sebool_authlogin_nsswitch_use_ldap
++    - dconf_gnome_disable_geolocation
++    - sebool_httpd_run_preupgrade
++    - sebool_httpd_use_cifs
++    - sebool_telepathy_tcp_connect_generic_network_ports
++    - httpd_cache_support
++    - dir_perms_var_log_httpd
++    - nfs_fixed_lockd_udp_port
++    - sebool_entropyd_use_audio
++    - accounts_users_home_files_ownership
++    - sebool_httpd_enable_ftp_server
++    - sebool_postgresql_selinux_users_ddl
++    - http_configure_log_file_ownership
++    - xwindows_runlevel_target
++    - package_talk-server_removed
++    - kernel_module_ipv6_option_disabled
++    - sebool_cobbler_use_nfs
++    - sebool_mozilla_plugin_can_network_connect
++    - httpd_restrict_web_directory
++    - sebool_ftpd_full_access
++    - sebool_mcelog_foreground
++    - sebool_xguest_exec_content
++    - sebool_daemons_dump_core
++    - audit_rules_successful_file_modification_renameat
++    - uefi_no_removeable_media
++    - kernel_module_cfg80211_disabled
++    - sebool_git_cgi_use_cifs
++    - sebool_virt_sandbox_use_netlink
++    - enable_dconf_user_profile
++    - service_dhcpd_disabled
++    - smb_server_disable_root
++    - service_nfslock_disabled
++    - auditd_data_retention_admin_space_left_percentage
++    - sebool_openvpn_run_unconfined
++    - package_sssd_installed
++    - sebool_gluster_anon_write
++    - audit_rules_successful_file_modification_open
++    - sebool_secure_mode_insmod
++    - sebool_nscd_use_shm
++    - sebool_ksmtuned_use_cifs
++    - sebool_nagios_run_pnp4nagios
++    - sebool_selinuxuser_direct_dri_enabled
++    - sebool_haproxy_connect_any
++    - audit_rules_etc_shadow_openat
++    - dns_server_authenticate_zone_transfers
++    - sebool_pppd_can_insmod
++    - sebool_glance_api_can_network
++    - httpd_serversignature_off
++    - accounts_passwords_pam_faillock_enforce_local
++    - sebool_mozilla_plugin_use_bluejeans
++    - sebool_mozilla_read_content
++    - restrict_nfs_clients_to_privileged_ports
++    - sebool_virt_use_usb
++    - sebool_virt_use_execmem
++    - install_antivirus
++    - sebool_virt_read_qemu_ga_data
++    - service_vsftpd_disabled
++    - sebool_user_exec_content
++    - sebool_gluster_export_all_ro
++    - sebool_mcelog_server
++    - package_nss-tools_installed
++    - sebool_mount_anyfile
++    - sebool_sge_use_nfs
++    - service_saslauthd_disabled
++    - sebool_daemons_use_tty
++    - sebool_mcelog_client
++    - sebool_rsync_client
++    - sebool_privoxy_connect_any
++    - postfix_client_configure_relayhost
++    - audit_privileged_commands_init
++    - sebool_httpd_builtin_scripting
++    - iptables_sshd_disabled
++    - grub2_ipv6_disable_argument
++    - etc_system_fips_exists
++    - dconf_gnome_disable_thumbnailers
++    - sebool_varnishd_connect_any
++    - ensure_gpgcheck_repo_metadata
++    - audit_rules_for_ospp
++    - package_rsh_removed
++    - network_ipv6_privacy_extensions
++    - dconf_gnome_enable_smartcard_auth
++    - httpd_servertokens_prod
++    - service_postfix_enabled
++    - package_openssh-server_removed
++    - timer_logrotate_enabled
++    - httpd_limit_available_methods
++    - sebool_httpd_can_connect_mythtv
++    - audit_rules_successful_file_modification_lchown
++    - sebool_tftp_anon_write
++    - dhcp_server_deny_decline
++    - sebool_cobbler_can_network_connect
++    - sebool_samba_export_all_ro
++    - service_cron_enabled
++    - httpd_webdav
++    - service_rhnsd_disabled
++    - httpd_configure_max_keepalive_requests
++    - audit_rules_successful_file_modification_unlink
++    - wireless_disable_in_bios
++    - no_all_squash_exports
++    - sebool_use_samba_home_dirs
++    - audit_rules_etc_gshadow_openat
++    - service_ufw_enabled
++    - package_psacct_installed
++    - network_disable_ddns_interfaces
++    - nfs_no_anonymous
++    - dir_permissions_binary_dirs
++    - sebool_xend_run_blktap
++    - dconf_gnome_disable_wifi_notification
++    - package_nis_removed
++    - httpd_server_side_includes
++    - audit_rules_etc_passwd_open
++    - dhcp_client_restrict_options
++    - sebool_openvpn_can_network_connect
++    - httpd_server_configuration_display
++    - account_emergency_expire_date
++    - sebool_unconfined_mozilla_plugin_transition
++    - audit_rules_unsuccessful_file_modification_lremovexattr
++    - file_permissions_var_log_syslog
++    - sebool_git_cgi_enable_homedirs
++    - dovecot_configure_ssl_cert
++    - audit_rules_etc_passwd_open_by_handle_at
++    - audit_rules_privileged_commands_at
++    - sebool_virt_use_fusefs
++    - avahi_ip_only
++    - kernel_module_iwlmvm_disabled
++    - service_ntp_enabled
++    - file_owner_var_log_syslog
++    - service_ip6tables_enabled
++    - sebool_logging_syslogd_run_nagios_plugins
++    - sebool_mozilla_plugin_use_gps
++    - service_slapd_disabled
++    - partition_for_web_content
++    - audit_rules_unsuccessful_file_modification_open_o_trunc_write
++    - package_tar_installed
++    - httpd_private_server_on_separate_subnet
++    - use_root_squashing_all_exports
++    - sebool_ftpd_connect_all_unreserved
++    - configure_user_data_backups
++    - dir_ownership_binary_dirs
++    - nfs_fixed_lockd_tcp_port
++    - sebool_mcelog_exec_scripts
++    - httpd_configure_tls
++    - sysctl_net_ipv4_tcp_invalid_ratelimit
++    - sebool_xserver_execmem
++    - snmpd_not_default_password
++    - service_nftables_enabled
++    - sysctl_net_ipv6_conf_default_disable_ipv6
++    - sebool_cron_userdomain_transition
++    - sebool_collectd_tcp_network_connect
++    - sebool_httpd_enable_homedirs
++    - sebool_httpd_unified
++    - service_ypbind_disabled
++    - selinux_all_devicefiles_labeled
++    - audit_rules_privileged_commands_newuidmap
++    - ldap_client_tls_cacertpath
++    - sebool_zabbix_can_network
++    - audit_rules_unsuccessful_file_modification_chmod
++    - sebool_gpg_web_anon_write
++    - fapolicyd_prevent_home_folder_access
++    - no_legacy_plus_entries_etc_passwd
++    - sebool_sanlock_use_nfs
++    - httpd_restrict_critical_directories
++    - ldap_client_start_tls
++    - sebool_racoon_read_shadow
++    - audit_rules_successful_file_modification_fsetxattr
++    - sssd_enable_pam_services
++    - service_sssd_enabled
++    - service_psacct_enabled
++    - audit_rules_successful_file_modification_fremovexattr
++    - httpd_remove_backups
++    - service_netconsole_disabled
++    - file_permissions_httpd_server_conf_d_files
++    - audit_rules_successful_file_modification_rename
++    - sebool_guest_exec_content
++    - sebool_selinuxuser_mysql_connect_enabled
++    - sebool_antivirus_use_jit
++    - sebool_ksmtuned_use_nfs
++    - audit_rules_successful_file_modification_setxattr
++    - sssd_ldap_configure_tls_ca
++    - grub2_systemd_debug-shell_argument_absent
++    - sebool_polipo_session_bind_all_unreserved_ports
++    - sebool_secure_mode_policyload
++    - sebool_webadm_read_user_files
++    - auditd_data_disk_full_action_stig
++    - audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat
++    - audit_rules_unsuccessful_file_modification_fsetxattr
++    - avahi_restrict_published_information
++    - sebool_git_session_users
++    - sebool_exim_manage_user_files
++    - sshd_enable_gssapi_auth
++    - httpd_digest_authentication
++    - sebool_minidlna_read_generic_user_content
++    - audit_rules_etc_group_openat
++    - umask_for_daemons
++    - sebool_httpd_can_network_connect_cobbler
++    - service_mdmonitor_disabled
++    - audit_rules_unsuccessful_file_modification_fchownat
++    - sebool_openvpn_enable_homedirs
++    - zipl_enable_selinux
++    - bios_disable_usb_boot
++    - audit_rules_unsuccessful_file_modification_open_o_creat
++    - kernel_config_ipv6
++    - service_rpcgssd_disabled
++    - audit_rules_successful_file_modification_chown
++    - audit_rules_successful_file_modification_fchmodat
++    - sebool_dhcpc_exec_iptables
++    - httpd_public_resources_not_shared
++    - audit_rules_unsuccessful_file_modification_removexattr
++    - sebool_telepathy_connect_all_ports
++    - httpd_enable_error_logging
++    - httpd_disable_mime_types
++    - sebool_postgresql_can_rsync
++    - audit_rules_unsuccessful_file_modification_openat_o_trunc_write
++    - httpd_install_mod_security
++    - package_telnetd_removed
++    - sebool_httpd_setrlimit
++    - service_dovecot_disabled
++    - service_cockpit_disabled
++    - no_legacy_plus_entries_etc_group
++    - mount_option_boot_noauto
++    - nfs_fixed_mountd_port
++    - sebool_git_cgi_use_nfs
++    - httpd_remove_robots_file
++    - sebool_git_system_use_cifs
++    - sebool_httpd_use_nfs
++    - sshd_enable_pubkey_auth
++    - audit_rules_unsuccessful_file_modification_lchown
++    - dconf_gnome_disable_wifi_create
++    - audit_rules_successful_file_modification_fchown
++    - sssd_ldap_configure_tls_ca_dir
++    - sebool_git_system_enable_homedirs
++    - sebool_httpd_can_check_spam
++    - package_pcsc-lite_installed
++    - sebool_mpd_use_cifs
++    - sebool_xen_use_nfs
++    - zipl_systemd_debug-shell_argument_absent
++    - sebool_samba_enable_home_dirs
++    - service_named_disabled
++    - service_syslogng_enabled
++    - sebool_sanlock_use_fusefs
++    - account_passwords_pam_faillock_audit
++    - sebool_ssh_keysign
++    - httpd_require_client_certs
++    - sebool_zebra_write_config
++    - sebool_kerberos_enabled
++    - httpd_disable_content_symlinks
++    - package_sssd-ipa_installed
++    - sebool_irc_use_any_tcp_ports
++    - audit_rules_etc_gshadow_open_by_handle_at
++    - sebool_samba_export_all_rw
++    - httpd_anonymous_content_sharing
++    - audit_rules_successful_file_modification_truncate
++    - dhcp_server_minimize_served_info
++    - file_permissions_httpd_server_modules_files
++    - httpd_mime_magic
++    - audit_rules_successful_file_modification_open_by_handle_at
++    - sebool_tmpreaper_use_samba
++    - sebool_xdm_sysadm_login
++    - sebool_samba_create_home_dirs
++    - sebool_login_console_enabled
++    - sebool_secadm_exec_content
++    - httpd_configure_firewall
++    - sssd_ldap_configure_tls_reqcert
++    - audit_rules_successful_file_modification_chmod
++    - sebool_nis_enabled
++    - ftp_log_transactions
++    - sebool_cvs_read_shadow
++    - audit_rules_unsuccessful_file_modification_lsetxattr
++    - sebool_xend_run_qemu
++    - auditd_data_disk_error_action_stig
++    - sebool_virt_use_comm
++    - installed_OS_is_FIPS_certified
++    - mcafee_antivirus_definitions_updated
++    - network_ipv6_default_gateway
++    - sebool_httpd_can_network_connect
++    - sebool_virt_sandbox_use_audit
++    - sshd_disable_root_password_login
++    - set_firewalld_appropriate_zone
++    - harden_sshd_crypto_policy
++    - package_telnetd-ssl_removed
++    - network_ipv6_disable_interfaces
++    - package_vsftpd_installed
++    - sebool_puppetmaster_use_db
++    - audit_rules_successful_file_modification_ftruncate
++    - logwatch_configured_hostlimit
++    - dns_server_disable_zone_transfers
++    - no_insecure_locks_exports
++    - dconf_gnome_disable_power_settings
++    - package_abrt-plugin-logger_removed
++    - sebool_mozilla_plugin_bind_unreserved_ports
++    - package_MFEhiplsm_installed
++    - sebool_fenced_can_ssh
++    - sebool_glance_use_execmem
++    - audit_rules_etc_passwd_openat
++    - sebool_rsync_full_access
++    - httpd_server_activity_status
++    - snmpd_no_rwusers
++    - httpd_ignore_htaccess_files
++    - service_pcscd_enabled
++    - mount_option_home_usrquota
++    - sebool_logging_syslogd_can_sendmail
++    - service_quota_nld_disabled
++    - sebool_ftpd_use_passive_mode
++    - sebool_cluster_can_network_connect
++    - sebool_cdrecord_read_content
++    - sebool_antivirus_can_scan_system
++    - rsyslog_logging_configured
++    - sebool_httpd_manage_ipa
++    - audit_rules_dac_modification_umount
++    - sebool_samba_share_nfs
++    - sebool_domain_kernel_load_modules
++    - package_389-ds-base_removed
++    - mount_option_krb_sec_remote_filesystems
++    - sebool_logging_syslogd_use_tty
++    - audit_rules_etc_group_open
++    - ftp_disable_uploads
++    - sebool_secure_mode
++    - set_iptables_default_rule_forward
++    - httpd_enable_log_config
++    - service_rsh_disabled
++    - zipl_vsyscall_argument
++    - audit_rules_unsuccessful_file_modification_openat_o_creat
++    - dovecot_enable_ssl
++    - sebool_awstats_purge_apache_log_files
++    - ftp_home_partition
++    - httpd_url_correction
++    - sebool_httpd_tmp_exec
++    - sebool_sanlock_use_samba
++    - audit_privileged_commands_poweroff
++    - force_opensc_card_drivers
++    - audit_rules_successful_file_modification_creat
++    - sebool_domain_fd_use
++    - package_avahi-autoipd_removed
++    - sebool_httpd_can_connect_ftp
++    - sebool_httpd_anon_write
++    - root_path_default
++    - sebool_dhcpd_use_ldap
++    - httpd_antivirus_scan_uploads
++    - coreos_enable_selinux_kernel_argument
++    - sebool_postgresql_selinux_unconfined_dbadm
++    - kernel_disable_entropy_contribution_for_solid_state_drives
++    - sebool_use_fusefs_home_dirs
++    - sebool_abrt_upload_watch_anon_write
++    - dconf_gnome_disable_restart_shutdown
++    - audit_rules_successful_file_modification_lremovexattr
++    - sebool_virt_transition_userdomain
++    - sshd_use_priv_separation
++    - sudo_add_passwd_timeout
++    - package_freeradius_removed
++    - avahi_check_ttl
++    - audit_privileged_commands_shutdown
++    - service_tftp_disabled
++    - sebool_httpd_tty_comm
++    - sebool_dbadm_read_user_files
++    - service_rpcsvcgssd_disabled
++    - audit_rules_unsuccessful_file_modification_unlink
++    - auditd_audispd_disk_full_action
++    - httpd_enable_system_logging
++    - httpd_encrypt_file_uploads
++    - sssd_ssh_known_hosts_timeout
++    - sebool_exim_read_user_files
++    - ftp_limit_users
++    - sebool_zarafa_setrlimit
++    - kernel_module_mac80211_disabled
++    - sebool_kdumpgui_run_bootloader
++    - service_portreserve_disabled
++    - chronyd_or_ntpd_specify_remote_server
++    - rsyslog_accept_remote_messages_tcp
++    - sebool_httpd_verify_dns
++    - ip6tables_rules_for_open_ports
++    - set_nftables_table
++    - accounts_password_pam_enforce_local
++    - usbguard_allow_hub
++    - sebool_polipo_use_nfs
++    - sebool_exim_can_connect_db
++    - package_libreport-plugin-rhtsupport_removed
++    - sebool_unprivuser_use_svirt
++    - sssd_run_as_sssd_user
++    - sebool_httpd_run_stickshift
++    - httpd_nipr_accredited_dmz
++    - set_ipv6_loopback_traffic
++    - package_systemd-journal-remote_installed
++    - ftp_configure_firewall
++    - sssd_ldap_start_tls
++    - sebool_cron_can_relabel
++    - httpd_mod_rewrite
++    - network_ipv6_static_address
++    - package_libreswan_installed
++    - audit_rules_unsuccessful_file_modification_fremovexattr
++    - sebool_httpd_dbus_sssd
++    - sebool_xguest_connect_network
++    - package_geolite2-country_removed
++    - audit_rules_etc_group_open_by_handle_at
++    - sebool_daemons_use_tcp_wrapper
++    - httpd_disable_anonymous_ftp_access
++    - sebool_use_nfs_home_dirs
++    - dhcp_server_deny_bootp
++    - sebool_conman_can_network
++    - sebool_logrotate_use_nfs
++    - audit_rules_unsuccessful_file_modification_fchown
++    - sebool_httpd_can_network_connect_db
++    - sebool_gluster_export_all_rw
++    - package_vim_installed
++    - sebool_named_write_master_zones
++    - sebool_postfix_local_write_mail_spool
++    - httpd_cgi_support
++    - sebool_xguest_mount_media
++    - bios_assign_password
++    - service_cpupower_disabled
++    - sebool_selinuxuser_rw_noexattrfile
++    - sebool_cron_system_cronjob_use_shares
++    - sebool_virt_use_rawip
++    - sebool_pcp_bind_all_unreserved_ports
++    - install_mcafee_cma_rt
++    - no_root_webbrowsing
++    - audit_rules_etc_gshadow_open
++    - sebool_saslauthd_read_shadow
++    - service_rhsmcertd_disabled
++    - sebool_mock_enable_homedirs
++    - ntpd_specify_remote_server
++    - audit_rules_successful_file_modification_openat_o_creat
++    - kernel_module_iwlwifi_disabled
++    - sebool_zoneminder_anon_write
++    - sshd_enable_x11_forwarding
++    - dconf_gnome_screensaver_user_info
++    - require_smb_client_signing
++    - sshd_disable_rhosts_rsa
++    - sebool_neutron_can_network
++    - dovecot_disable_plaintext_auth
++    - sebool_ftpd_connect_db
++    - sebool_httpd_mod_auth_ntlm_winbind
++    - sebool_samba_share_fusefs
++    - harden_ssh_client_crypto_policy
++    - sebool_cobbler_use_cifs
++    - sebool_httpd_can_network_relay
++    - package_geolite2-city_removed
++    - set_iptables_default_rule
++    - sebool_piranha_lvs_can_network_connect
++    - cups_disable_printserver
++    - usbguard_allow_hid
++    - package_talk_removed
++    - no_legacy_plus_entries_etc_shadow
++    - sebool_git_session_bind_all_unreserved_ports
++    - service_acpid_disabled
++    - rsyslog_accept_remote_messages_udp
++    - sebool_boinc_execmem
++    - service_nails_enabled
++    - audit_rules_unsuccessful_file_modification_unlinkat
++    - disable_logwatch_for_logserver
++    - sebool_fips_mode
++    - audit_rules_unsuccessful_file_modification_open_rule_order
++    - ftp_present_banner
++    - audit_rules_unsuccessful_file_modification_fchmodat
++    - sebool_polipo_session_users
++    - sebool_cluster_manage_all_files
++    - iptables_rules_for_open_ports
++    - dovecot_configure_ssl_key
++    - banner_etc_motd
++    - banner_etc_issue_net
++    - agent_mfetpd_running
++    - configure_bashrc_tmux
++    - configure_tmux_lock_keybinding
++    - package_mcafeetp_installed
+diff --git a/products/almalinux8/profiles/e8.profile b/products/almalinux8/profiles/e8.profile
+new file mode 100644
+index 000000000..491958fdd
+--- /dev/null
++++ b/products/almalinux8/profiles/e8.profile
+@@ -0,0 +1,152 @@
++documentation_complete: true
++
++metadata:
++    SMEs:
++        - shaneboulden
++        - tjbutt58
++
++reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers 
++
++title: 'Australian Cyber Security Centre (ACSC) Essential Eight'
++
++description: |-
++  This profile contains configuration checks for AlmaLinux 8
++  that align to the Australian Cyber Security Centre (ACSC) Essential Eight.
++
++  A copy of the Essential Eight in Linux Environments guide can be found at the
++  ACSC website:
++
++  https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers
++
++selections:
++
++  ### Remove obsolete packages
++  - package_talk_removed
++  - package_talk-server_removed
++  - package_xinetd_removed
++  - service_xinetd_disabled
++  - package_ypbind_removed
++  - package_telnet_removed
++  - service_telnet_disabled
++  - package_telnet-server_removed
++  - package_rsh_removed
++  - package_rsh-server_removed
++  - service_zebra_disabled
++  - package_quagga_removed
++  - service_avahi-daemon_disabled
++  - package_squid_removed
++  - service_squid_disabled
++
++  ### Software update
++  - ensure_almalinux_gpgkey_installed
++  - ensure_gpgcheck_never_disabled
++  - ensure_gpgcheck_local_packages
++  - ensure_gpgcheck_globally_activated
++  - security_patches_up_to_date
++  - dnf-automatic_security_updates_only
++
++  ### System security settings
++  - sysctl_kernel_randomize_va_space
++  - sysctl_kernel_exec_shield
++  - sysctl_kernel_kptr_restrict
++  - sysctl_kernel_dmesg_restrict
++  - sysctl_kernel_kexec_load_disabled
++  - sysctl_kernel_yama_ptrace_scope
++  - sysctl_kernel_unprivileged_bpf_disabled
++  - sysctl_net_core_bpf_jit_harden
++
++  ### SELinux
++  - var_selinux_state=enforcing
++  - selinux_state
++  - var_selinux_policy_name=targeted
++  - selinux_policytype
++
++  ### Filesystem integrity
++  - rpm_verify_hashes
++  - rpm_verify_permissions
++  - rpm_verify_ownership
++  - file_permissions_unauthorized_sgid
++  - file_permissions_unauthorized_suid
++  - file_permissions_unauthorized_world_writable
++  - dir_perms_world_writable_sticky_bits
++  - file_permissions_library_dirs
++  - file_ownership_binary_dirs
++  - file_permissions_binary_dirs
++  - file_ownership_library_dirs
++
++  ### Passwords
++  - var_authselect_profile=sssd
++  - enable_authselect
++  - no_empty_passwords
++
++  ### Partitioning
++  - mount_option_dev_shm_nodev
++  - mount_option_dev_shm_nosuid
++  - mount_option_dev_shm_noexec
++
++  ### Network
++  - package_firewalld_installed
++  - service_firewalld_enabled
++  - network_sniffer_disabled
++
++  ### Admin privileges
++  - accounts_no_uid_except_zero
++  - sudo_remove_nopasswd
++  - sudo_remove_no_authenticate
++  - sudo_require_authentication
++
++  ### Audit
++  - package_rsyslog_installed
++  - service_rsyslog_enabled
++  - service_auditd_enabled
++  - var_auditd_flush=incremental_async
++  - auditd_data_retention_flush
++  - auditd_local_events
++  - auditd_write_logs
++  - auditd_log_format
++  - auditd_freq
++  - auditd_name_format
++  - audit_rules_login_events_tallylog
++  - audit_rules_login_events_faillock
++  - audit_rules_login_events_lastlog
++  - audit_rules_login_events
++  - audit_rules_time_adjtimex
++  - audit_rules_time_clock_settime
++  - audit_rules_time_watch_localtime
++  - audit_rules_time_settimeofday
++  - audit_rules_time_stime
++  - audit_rules_execution_restorecon
++  - audit_rules_execution_chcon
++  - audit_rules_execution_semanage
++  - audit_rules_execution_setsebool
++  - audit_rules_execution_setfiles
++  - audit_rules_execution_seunshare
++  - audit_rules_sysadmin_actions
++  - audit_rules_networkconfig_modification
++  - audit_rules_usergroup_modification
++  - audit_rules_dac_modification_chmod
++  - audit_rules_dac_modification_chown
++  - audit_rules_kernel_module_loading
++
++  ### Secure access
++  - sshd_disable_root_login
++  - sshd_disable_gssapi_auth
++  - sshd_print_last_log
++  - sshd_do_not_permit_user_env
++  - sshd_disable_rhosts
++  - sshd_set_loglevel_info
++  - sshd_disable_empty_passwords
++  - sshd_disable_user_known_hosts
++  - sshd_enable_strictmodes
++
++  # See also: https://www.cyber.gov.au/acsc/view-all-content/guidance/asd-approved-cryptographic-algorithms
++  - var_system_crypto_policy=default_nosha1
++  - configure_crypto_policy
++  - configure_ssh_crypto_policy
++
++  ### Application whitelisting
++  - package_fapolicyd_installed
++  - service_fapolicyd_enabled
++
++  ### Backup
++  - package_rear_installed
+diff --git a/products/almalinux8/profiles/hipaa.profile b/products/almalinux8/profiles/hipaa.profile
+new file mode 100644
+index 000000000..f4c77f241
+--- /dev/null
++++ b/products/almalinux8/profiles/hipaa.profile
+@@ -0,0 +1,166 @@
++documentation_complete: True
++
++metadata:
++    SMEs:
++        - jjaswanson4
++
++reference: https://www.hhs.gov/hipaa/for-professionals/index.html
++
++title: 'Health Insurance Portability and Accountability Act (HIPAA)'
++
++description: |-
++    The HIPAA Security Rule establishes U.S. national standards to protect individuals’
++    electronic personal health information that is created, received, used, or
++    maintained by a covered entity. The Security Rule requires appropriate
++    administrative, physical and technical safeguards to ensure the
++    confidentiality, integrity, and security of electronic protected health
++    information.
++
++    This profile configures AlmaLinux 8 to the HIPAA Security
++    Rule identified for securing of electronic protected health information.
++    Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s).   
++
++selections:
++    - grub2_password
++    - grub2_uefi_password
++    - file_groupowner_grub2_cfg
++    - file_owner_grub2_cfg
++    - grub2_disable_interactive_boot
++    - no_direct_root_logins
++    - no_empty_passwords
++    - require_singleuser_auth
++    - restrict_serial_port_logins
++    - securetty_root_login_console_only
++    - service_debug-shell_disabled
++    - disable_ctrlaltdel_reboot
++    - disable_ctrlaltdel_burstaction
++    - dconf_db_up_to_date
++    - dconf_gnome_remote_access_credential_prompt
++    - dconf_gnome_remote_access_encryption
++    - sshd_disable_empty_passwords
++    - sshd_disable_root_login
++    - libreswan_approved_tunnels
++    - no_rsh_trust_files
++    - package_rsh-server_removed
++    - package_talk_removed
++    - package_talk-server_removed
++    - package_telnet_removed
++    - package_telnet-server_removed
++    - package_xinetd_removed
++    - service_crond_enabled
++    - service_rexec_disabled
++    - service_rlogin_disabled
++    - service_telnet_disabled
++    - service_xinetd_disabled
++    - service_zebra_disabled
++    - use_kerberos_security_all_exports
++    - var_authselect_profile=sssd
++    - enable_authselect
++    - disable_host_auth
++    - sshd_allow_only_protocol2
++    - sshd_disable_compression
++    - sshd_disable_gssapi_auth
++    - sshd_disable_kerb_auth
++    - sshd_do_not_permit_user_env
++    - sshd_enable_strictmodes
++    - sshd_enable_warning_banner
++    - var_sshd_set_keepalive=1
++    - sshd_set_keepalive_0
++    - encrypt_partitions
++    - var_system_crypto_policy=fips
++    - configure_crypto_policy
++    - configure_ssh_crypto_policy
++    - var_selinux_policy_name=targeted
++    - var_selinux_state=enforcing
++    - grub2_enable_selinux
++    - sebool_selinuxuser_execheap
++    - sebool_selinuxuser_execmod
++    - sebool_selinuxuser_execstack
++    - selinux_confinement_of_daemons
++    - selinux_policytype
++    - selinux_state
++    - service_kdump_disabled
++    - sysctl_fs_suid_dumpable
++    - sysctl_kernel_dmesg_restrict
++    - sysctl_kernel_exec_shield
++    - sysctl_kernel_randomize_va_space
++    - rpm_verify_hashes
++    - rpm_verify_permissions
++    - ensure_almalinux_gpgkey_installed
++    - ensure_gpgcheck_globally_activated
++    - ensure_gpgcheck_never_disabled
++    - ensure_gpgcheck_local_packages
++    - grub2_audit_argument
++    - service_auditd_enabled
++    - audit_rules_privileged_commands_sudo
++    - audit_rules_privileged_commands_su
++    - audit_rules_immutable
++    - kernel_module_usb-storage_disabled
++    - service_autofs_disabled
++    - auditd_audispd_syslog_plugin_activated
++    - rsyslog_remote_loghost
++    - auditd_data_retention_flush
++    - audit_rules_dac_modification_chmod
++    - audit_rules_dac_modification_chown
++    - audit_rules_dac_modification_fchmodat
++    - audit_rules_dac_modification_fchmod
++    - audit_rules_dac_modification_fchownat
++    - audit_rules_dac_modification_fchown
++    - audit_rules_dac_modification_fremovexattr
++    - audit_rules_dac_modification_fsetxattr
++    - audit_rules_dac_modification_lchown
++    - audit_rules_dac_modification_lremovexattr
++    - audit_rules_dac_modification_lsetxattr
++    - audit_rules_dac_modification_removexattr
++    - audit_rules_dac_modification_setxattr
++    - audit_rules_execution_chcon
++    - audit_rules_execution_restorecon
++    - audit_rules_execution_semanage
++    - audit_rules_execution_setsebool
++    - audit_rules_file_deletion_events_renameat
++    - audit_rules_file_deletion_events_rename
++    - audit_rules_file_deletion_events_rmdir
++    - audit_rules_file_deletion_events_unlinkat
++    - audit_rules_file_deletion_events_unlink
++    - audit_rules_kernel_module_loading_delete
++    - audit_rules_kernel_module_loading_init
++    - audit_rules_login_events_faillock
++    - audit_rules_login_events_lastlog
++    - audit_rules_login_events_tallylog
++    - audit_rules_mac_modification
++    - audit_rules_media_export
++    - audit_rules_networkconfig_modification
++    - audit_rules_privileged_commands_chage
++    - audit_rules_privileged_commands_chsh
++    - audit_rules_privileged_commands_crontab
++    - audit_rules_privileged_commands_gpasswd
++    - audit_rules_privileged_commands_newgrp
++    - audit_rules_privileged_commands_pam_timestamp_check
++    - audit_rules_privileged_commands_passwd
++    - audit_rules_privileged_commands_postdrop
++    - audit_rules_privileged_commands_postqueue
++    - audit_rules_privileged_commands_ssh_keysign
++    - audit_rules_privileged_commands_sudoedit
++    - audit_rules_privileged_commands_umount
++    - audit_rules_privileged_commands_unix_chkpwd
++    - audit_rules_privileged_commands_userhelper
++    - audit_rules_session_events
++    - audit_rules_sysadmin_actions
++    - audit_rules_system_shutdown
++    - var_audit_failure_mode=panic
++    - audit_rules_time_adjtimex
++    - audit_rules_time_clock_settime
++    - audit_rules_time_settimeofday
++    - audit_rules_time_stime
++    - audit_rules_time_watch_localtime
++    - audit_rules_unsuccessful_file_modification_creat
++    - audit_rules_unsuccessful_file_modification_ftruncate
++    - audit_rules_unsuccessful_file_modification_openat
++    - audit_rules_unsuccessful_file_modification_open_by_handle_at
++    - audit_rules_unsuccessful_file_modification_open
++    - audit_rules_unsuccessful_file_modification_truncate
++    - audit_rules_usergroup_modification_group
++    - audit_rules_usergroup_modification_gshadow
++    - audit_rules_usergroup_modification_opasswd
++    - audit_rules_usergroup_modification_passwd
++    - audit_rules_usergroup_modification_shadow
+diff --git a/products/almalinux8/profiles/ism_o.profile b/products/almalinux8/profiles/ism_o.profile
+new file mode 100644
+index 000000000..2eee6cf30
+--- /dev/null
++++ b/products/almalinux8/profiles/ism_o.profile
+@@ -0,0 +1,139 @@
++documentation_complete: true
++
++metadata:
++    SMEs:
++        - shaneboulden
++        - wcushen
++        - eliseelk
++        - sashperso
++        - anjuskantha
++
++reference: https://www.cyber.gov.au/ism
++
++title: 'Australian Cyber Security Centre (ACSC) ISM Official'
++
++description: |-
++  This profile contains configuration checks for AlmaLinux 8
++  that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM)
++  with the applicability marking of OFFICIAL.
++
++  The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning 
++  AlmaLinux security controls with the ISM, which can be used to select controls 
++  specific to an organisation's security posture and risk profile.
++
++  A copy of the ISM can be found at the ACSC website:
++
++  https://www.cyber.gov.au/ism
++
++extends: e8
++
++selections:
++
++  ## Operating system configuration
++  ## Identifiers 1491
++  - no_shelllogin_for_systemaccounts
++
++  ## Local administrator accounts
++  ## Identifiers 1382 / 1410
++  - accounts_password_all_shadowed
++  - package_sudo_installed
++
++  ## Content filtering & Anti virus
++  ## Identifiers  0576 / 1341 / 1034 / 1417 / 1288
++  - package_aide_installed
++
++  ## Software firewall
++  ## Identifiers 1416
++  - configure_firewalld_ports
++  ## Removing due to build error
++  ## - configure_firewalld_rate_limiting
++  - firewalld_sshd_port_enabled
++  - set_firewalld_default_zone
++
++  ## Endpoint device control software
++  ## Identifiers 1418
++  - package_usbguard_installed
++  - service_usbguard_enabled
++  - usbguard_allow_hid_and_hub
++
++  ## Authentication hardening
++  ## Identifiers 1546 / 0974 / 1173 / 1504 / 1505 / 1401 / 1559 / 1560
++  ## 1561 / 1546 / 0421 / 1557 / 0422 / 1558 / 1403 / 0431
++  - sshd_max_auth_tries_value=5
++  - disable_host_auth
++  - require_emergency_target_auth
++  - require_singleuser_auth
++  - sshd_disable_kerb_auth
++  - sshd_set_max_auth_tries
++
++  ## Password authentication & Protecting credentials
++  ## Identifiers 0421 / 0431 / 0418 / 1402
++  - var_password_pam_minlen=14
++  - var_accounts_password_warn_age_login_defs=7
++  - var_accounts_minimum_age_login_defs=1
++  - var_accounts_maximum_age_login_defs=60
++  - var_authselect_profile=sssd
++  - enable_authselect
++  - accounts_password_warn_age_login_defs
++  - accounts_maximum_age_login_defs
++  - accounts_minimum_age_login_defs
++  - accounts_passwords_pam_faillock_interval
++  - accounts_passwords_pam_faillock_unlock_time
++  - accounts_passwords_pam_faillock_deny
++  - accounts_passwords_pam_faillock_deny_root
++  - accounts_password_pam_minlen
++
++  ## Centralised logging facility
++  ## Identifiers 1405 / 0988 
++  - rsyslog_cron_logging
++  - rsyslog_files_groupownership
++  - rsyslog_files_ownership
++  - rsyslog_files_permissions
++  - rsyslog_nolisten
++  - rsyslog_remote_loghost
++  - rsyslog_remote_tls
++  - rsyslog_remote_tls_cacert
++  - package_chrony_installed
++  - service_chronyd_enabled
++  - chronyd_or_ntpd_specify_multiple_servers
++  - chronyd_specify_remote_server
++  - service_chronyd_or_ntpd_enabled
++
++  ## Events to be logged
++  ## Identifiers 0580 / 0584 / 0582 / 0585 / 0586 / 0846 / 0957
++  - sshd_print_last_log
++  - sebool_auditadm_exec_content
++  - audit_rules_privileged_commands
++  - audit_rules_session_events
++  - audit_rules_unsuccessful_file_modification
++  - audit_access_failed
++  - audit_access_success
++
++  ## Web application & Database servers
++  ## Identifiers 1552 / 1277
++  - openssl_use_strong_entropy
++
++  ## Network design and configuration
++  ## Identifiers 1055 / 1311 
++  - network_nmcli_permissions
++  - service_snmpd_disabled
++  - snmpd_use_newer_protocol
++
++  ## Wireless networks
++  ## Identifiers 1315
++  - wireless_disable_interfaces
++
++  ## ASD Approved Cryptographic Algorithms
++  ## Identifiers 0471 / 0472 / 0473 / 0474 / 0475 / 0476 / 0477 / 
++  ## 0479 / 0480 / 0481 / 0489 / 0497 / 0994 / 0998 / 1001 /  1139 / 
++  ## 1372 / 1373 / 1374 / 1375
++  - enable_fips_mode
++  - var_system_crypto_policy=fips
++  - configure_crypto_policy
++
++  ## Secure Shell access
++  ## Identifiers 0484 / 1506 / 1449 / 0487
++  - sshd_allow_only_protocol2
++  - sshd_enable_warning_banner
++  - sshd_disable_x11_forwarding
++  - file_permissions_sshd_private_key
+diff --git a/products/almalinux8/profiles/ospp.profile b/products/almalinux8/profiles/ospp.profile
+new file mode 100644
+index 000000000..094c14a62
+--- /dev/null
++++ b/products/almalinux8/profiles/ospp.profile
+@@ -0,0 +1,437 @@
++documentation_complete: true
++
++metadata:
++    version: 4.2.1
++    SMEs:
++        - ggbecker
++        - matusmarhefka
++
++reference: https://www.niap-ccevs.org/Profile/Info.cfm?PPID=442&id=442
++
++title: 'Protection Profile for General Purpose Operating Systems'
++
++description: |-
++    This profile reflects mandatory configuration controls identified in the
++    NIAP Configuration Annex to the Protection Profile for General Purpose
++    Operating Systems (Protection Profile Version 4.2.1).
++
++    This configuration profile is consistent with CNSSI-1253, which requires
++    U.S. National Security Systems to adhere to certain configuration
++    parameters. Accordingly, this configuration profile is suitable for
++    use in U.S. National Security Systems.
++
++selections:
++
++    #######################################################
++    ### GENERAL REQUIREMENTS
++    ### Things needed to meet OSPP functional requirements.
++    #######################################################
++
++    ### Partitioning
++    - mount_option_home_nodev
++    - mount_option_home_nosuid
++    - mount_option_tmp_nodev
++    - mount_option_tmp_noexec
++    - mount_option_tmp_nosuid
++    - partition_for_var_tmp
++    - mount_option_var_tmp_nodev
++    - mount_option_var_tmp_noexec
++    - mount_option_var_tmp_nosuid
++    - mount_option_dev_shm_nodev
++    - mount_option_dev_shm_noexec
++    - mount_option_dev_shm_nosuid
++    - mount_option_nodev_nonroot_local_partitions
++    - mount_option_boot_nodev
++    - mount_option_boot_nosuid
++    - partition_for_home
++    - partition_for_var
++    - mount_option_var_nodev
++    - partition_for_var_log
++    - mount_option_var_log_nodev
++    - mount_option_var_log_nosuid
++    - mount_option_var_log_noexec
++    - partition_for_var_log_audit
++    - mount_option_var_log_audit_nodev
++    - mount_option_var_log_audit_nosuid
++    - mount_option_var_log_audit_noexec
++
++    ### Services
++    # sshd
++    - sshd_disable_root_login
++    - sshd_enable_strictmodes
++    - disable_host_auth
++    - sshd_disable_empty_passwords
++    - sshd_disable_kerb_auth
++    - sshd_disable_gssapi_auth
++    - var_sshd_set_keepalive=1
++    - sshd_set_keepalive_0
++    - sshd_enable_warning_banner
++    - sshd_rekey_limit
++    - var_rekey_limit_size=1G
++    - var_rekey_limit_time=1hour
++    - sshd_use_strong_rng
++    - openssl_use_strong_entropy
++
++    # Time Server
++    - chronyd_client_only
++    - chronyd_no_chronyc_network
++
++    ### Network Settings
++    - sysctl_net_ipv6_conf_all_accept_ra
++    - sysctl_net_ipv6_conf_default_accept_ra
++    - sysctl_net_ipv4_conf_all_accept_redirects
++    - sysctl_net_ipv4_conf_default_accept_redirects
++    - sysctl_net_ipv6_conf_all_accept_redirects
++    - sysctl_net_ipv6_conf_default_accept_redirects
++    - sysctl_net_ipv4_conf_all_accept_source_route
++    - sysctl_net_ipv4_conf_default_accept_source_route
++    - sysctl_net_ipv6_conf_all_accept_source_route
++    - sysctl_net_ipv6_conf_default_accept_source_route
++    - sysctl_net_ipv4_conf_all_secure_redirects
++    - sysctl_net_ipv4_conf_default_secure_redirects
++    - sysctl_net_ipv4_conf_all_send_redirects
++    - sysctl_net_ipv4_conf_default_send_redirects
++    - sysctl_net_ipv4_conf_all_log_martians
++    - sysctl_net_ipv4_conf_default_log_martians
++    - sysctl_net_ipv4_conf_all_rp_filter
++    - sysctl_net_ipv4_conf_default_rp_filter
++    - sysctl_net_ipv4_icmp_ignore_bogus_error_responses
++    - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
++    - sysctl_net_ipv4_ip_forward
++    - sysctl_net_ipv4_tcp_syncookies
++
++    ### systemd
++    - disable_ctrlaltdel_reboot
++    - disable_ctrlaltdel_burstaction
++    - service_debug-shell_disabled
++
++    ### umask
++    - var_accounts_user_umask=027
++    - accounts_umask_etc_profile
++    - accounts_umask_etc_bashrc
++    - accounts_umask_etc_csh_cshrc
++
++    ### Software update
++    - ensure_almalinux_gpgkey_installed
++    - ensure_gpgcheck_globally_activated
++    - ensure_gpgcheck_local_packages
++    - ensure_gpgcheck_never_disabled
++
++    ### Passwords
++    - var_password_pam_difok=4
++    - accounts_password_pam_difok
++    - var_password_pam_maxrepeat=3
++    - accounts_password_pam_maxrepeat
++    - var_password_pam_maxclassrepeat=4
++    - accounts_password_pam_maxclassrepeat
++
++    ### Kernel Config
++    ## Boot prompt
++    - grub2_audit_argument
++    - grub2_audit_backlog_limit_argument
++    - grub2_slub_debug_argument
++    - var_slub_debug_options=P
++    - grub2_page_poison_argument
++    - grub2_vsyscall_argument
++    - grub2_vsyscall_argument.role=unscored
++    - grub2_vsyscall_argument.severity=info
++    - grub2_pti_argument
++    - grub2_kernel_trust_cpu_rng
++
++    ## Security Settings
++    - sysctl_kernel_kptr_restrict
++    - sysctl_kernel_dmesg_restrict
++    - sysctl_kernel_kexec_load_disabled
++    - sysctl_kernel_yama_ptrace_scope
++    - sysctl_kernel_perf_event_paranoid
++    - sysctl_user_max_user_namespaces
++    - sysctl_user_max_user_namespaces.role=unscored
++    - sysctl_user_max_user_namespaces.severity=info
++    - sysctl_kernel_unprivileged_bpf_disabled
++    - sysctl_net_core_bpf_jit_harden
++    - service_kdump_disabled
++
++    ## File System Settings
++    - sysctl_fs_protected_hardlinks
++    - sysctl_fs_protected_symlinks
++
++    ### Audit
++    - service_auditd_enabled
++    - var_auditd_flush=incremental_async
++    - auditd_data_retention_flush
++    - auditd_local_events
++    - auditd_write_logs
++    - auditd_log_format
++    - auditd_freq
++    - auditd_name_format
++
++    ### Module Disabled
++    - kernel_module_cramfs_disabled
++    - kernel_module_bluetooth_disabled
++    - kernel_module_sctp_disabled
++    - kernel_module_firewire-core_disabled
++    - kernel_module_atm_disabled
++    - kernel_module_can_disabled
++    - kernel_module_tipc_disabled
++
++    ### rpcbind
++
++    ### Install Required Packages
++    - package_aide_installed
++    - package_dnf-automatic_installed
++    - package_subscription-manager_installed
++    - package_dnf-plugin-subscription-manager_installed
++    - package_firewalld_installed
++    - package_openscap-scanner_installed
++    - package_policycoreutils_installed
++    - package_sudo_installed
++    - package_usbguard_installed
++    - package_scap-security-guide_installed
++    - package_audit_installed
++    - package_crypto-policies_installed
++    - package_openssh-server_installed
++    - package_openssh-clients_installed
++    - package_policycoreutils-python-utils_installed
++    - package_rsyslog_installed
++    - package_chrony_installed
++    - package_gnutls-utils_installed
++
++    ### Remove Prohibited Packages
++    - package_sendmail_removed
++    - package_iprutils_removed
++    - package_gssproxy_removed
++    - package_nfs-utils_removed
++    - package_krb5-workstation_removed
++    - package_abrt-addon-kerneloops_removed
++    - package_python3-abrt-addon_removed
++    - package_abrt-addon-ccpp_removed
++    - package_abrt-plugin-sosreport_removed
++    - package_abrt-cli_removed
++    - package_libreport-plugin-rhtsupport_removed
++    - package_libreport-plugin-logger_removed
++    - package_abrt_removed
++
++    ### Login
++    - disable_users_coredumps
++    - sysctl_kernel_core_pattern
++    - coredump_disable_storage
++    - coredump_disable_backtraces
++    - service_systemd-coredump_disabled
++    - var_accounts_max_concurrent_login_sessions=10
++    - accounts_max_concurrent_login_sessions
++    - securetty_root_login_console_only
++    - var_authselect_profile=minimal
++    - enable_authselect
++    - var_password_pam_unix_remember=5
++    - accounts_password_pam_unix_remember
++    - use_pam_wheel_for_su
++
++    ### SELinux Configuration
++    - var_selinux_state=enforcing
++    - selinux_state
++    - var_selinux_policy_name=targeted
++    - selinux_policytype
++
++    ### Application Whitelisting (RHEL 8)
++    - package_fapolicyd_installed
++    - service_fapolicyd_enabled
++
++    ### Configure USBGuard
++    - service_usbguard_enabled
++    - configure_usbguard_auditbackend
++    - usbguard_allow_hid_and_hub
++
++
++    ### Enable / Configure FIPS
++    - enable_fips_mode
++    - var_system_crypto_policy=fips_ospp
++    - configure_crypto_policy
++    - configure_ssh_crypto_policy
++    - configure_bind_crypto_policy
++    - configure_openssl_crypto_policy
++    - configure_libreswan_crypto_policy
++    - configure_kerberos_crypto_policy
++    - enable_dracut_fips_module
++
++    #######################################################
++    ### CONFIGURATION ANNEX TO THE PROTECTION PROFILE
++    ### FOR GENERAL PURPOSE OPERATING SYSTEMS
++    ### ANNEX RELEASE 1
++    ### FOR PROTECTION PROFILE VERSIONS 4.2
++    ###
++    ### https://www.niap-ccevs.org/MMO/PP/-442ConfigAnnex-/
++    #######################################################
++
++    ## Configure Minimum Password Length to 12 Characters
++    ## IA-5 (1)(a) / FMT_MOF_EXT.1
++    - var_password_pam_minlen=12
++    - accounts_password_pam_minlen
++
++    ## Require at Least 1 Special Character in Password
++    ## IA-5(1)(a) / FMT_MOF_EXT.1
++    - var_password_pam_ocredit=1
++    - accounts_password_pam_ocredit
++
++    ## Require at Least 1 Numeric Character in Password
++    ## IA-5(1)(a) / FMT_MOF_EXT.1
++    - var_password_pam_dcredit=1
++    - accounts_password_pam_dcredit
++
++    ## Require at Least 1 Uppercase Character in Password
++    ## IA-5(1)(a) / FMT_MOF_EXT.1
++    - var_password_pam_ucredit=1
++    - accounts_password_pam_ucredit
++
++    ## Require at Least 1 Lowercase Character in Password
++    ## IA-5(1)(a) / FMT_MOF_EXT.1
++    - var_password_pam_lcredit=1
++    - accounts_password_pam_lcredit
++
++    ## Enable Screen Lock
++    ## FMT_MOF_EXT.1
++    - package_tmux_installed
++    - configure_bashrc_exec_tmux
++    - no_tmux_in_shells
++    - configure_tmux_lock_command
++    - configure_tmux_lock_after_time
++
++    ## Set Screen Lock Timeout Period to 30 Minutes or Less
++    ## AC-11(a) / FMT_MOF_EXT.1
++    ## We deliberately set sshd timeout to 1 minute before tmux lock timeout
++    - sshd_idle_timeout_value=14_minutes
++    - sshd_set_idle_timeout
++
++    ## Disable Unauthenticated Login (such as Guest Accounts)
++    ## FIA_UAU.1
++    - require_singleuser_auth
++    - grub2_disable_recovery
++    - grub2_uefi_password
++    - no_empty_passwords
++
++    ## Set Maximum Number of Authentication Failures to 3 Within 15 Minutes
++    ## AC-7 / FIA_AFL.1
++    - var_accounts_passwords_pam_faillock_deny=3
++    - accounts_passwords_pam_faillock_deny
++    - var_accounts_passwords_pam_faillock_fail_interval=900
++    - accounts_passwords_pam_faillock_interval
++    - var_accounts_passwords_pam_faillock_unlock_time=never
++    - accounts_passwords_pam_faillock_unlock_time
++
++    ## Enable Host-Based Firewall
++    ## SC-7(12) / FMT_MOF_EXT.1
++    - service_firewalld_enabled
++
++    ## Configure Name/Addres of Remote Management Server
++    ##  From Which to Receive Config Settings
++    ## CM-3(3) / FMT_MOF_EXT.1
++
++    ## Configure the System to Offload Audit Records to a Log
++    ##  Server
++    ## AU-4(1) / FAU_GEN.1.1.c
++    # temporarily dropped
++
++    ## Set Logon Warning Banner
++    ## AC-8(a) / FMT_MOF_EXT.1
++
++    ## Audit All Logons (Success/Failure) and Logoffs (Success)
++    ##  CNSSI 1253 Value or DoD-Specific Values:
++    ##      (1) Logons (Success/Failure)
++    ##      (2) Logoffs (Success)
++    ## AU-2(a) / FAU_GEN.1.1.c
++
++    ## Audit File and Object Events (Unsuccessful)
++    ##  CNSSI 1253 Value or DoD-specific Values:
++    ##      (1) Create (Success/Failure)
++    ##      (2) Access (Success/Failure)
++    ##      (3) Delete (Sucess/Failure)
++    ##      (4) Modify (Success/Failure)
++    ##      (5) Permission Modification (Sucess/Failure)
++    ##      (6) Ownership Modification (Success/Failure)
++    ## AU-2(a) / FAU_GEN.1.1.c
++    ##
++    ##
++    ## (1) Create (Success/Failure)
++    ##      (open with O_CREAT)
++    ## (2) Access (Success/Failure)
++    ## (3) Delete (Success/Failure)
++    ## (4) Modify (Success/Failure)
++    ## (5) Permission Modification (Success/Failure)
++    ## (6) Ownership Modification (Success/Failure)
++
++    ## Audit User and Group Management Events (Success/Failure)
++    ##  CNSSI 1253 Value or DoD-specific Values:
++    ##      (1) User add, delete, modify, disable, enable (Success/Failure)
++    ##      (2) Group/Role add, delete, modify (Success/Failure)
++    ## AU-2(a) / FAU_GEN.1.1.c
++    ##
++    ## Generic User and Group Management Events (Success/Failure)
++    ## Selection of setuid programs that relate to
++    ## user accounts.
++    ##
++    ## CNSSI 1253: (1) User add, delete, modify, disable, enable (Success/Failure)
++    ##
++    ## CNSSI 1252: (2) Group/Role add, delete, modify (Success/Failure)
++    ##
++    ## Audit Privilege or Role Escalation Events (Success/Failure)
++    ##  CNSSI 1253 Value or DoD-specific Values:
++    ##      - Privilege/Role escalation (Success/Failure)
++    ## AU-2(a) / FAU_GEN.1.1.c
++    ## Audit All Audit and Log Data Accesses (Success/Failure)
++    ##  CNSSI 1253 Value or DoD-specific Values:
++    ##      - Audit and log data access (Success/Failure)
++    ## AU-2(a) / FAU_GEN.1.1.c
++    ## Audit Cryptographic Verification of Software (Success/Failure)
++    ##  CNSSI 1253 Value or DoD-specific Values:
++    ##      - Applications (e.g. Firefox, Internet Explorer, MS Office Suite,
++    ##        etc) initialization (Success/Failure)
++    ## AU-2(a) / FAU_GEN.1.1.c
++    ## Audit Kernel Module Loading and Unloading Events (Success/Failure)
++    ## AU-2(a) / FAU_GEN.1.1.c
++    - audit_basic_configuration
++    - audit_immutable_login_uids
++    - audit_create_failed
++    - audit_create_success
++    - audit_modify_failed
++    - audit_modify_success
++    - audit_access_failed
++    - audit_access_success
++    - audit_delete_failed
++    - audit_delete_success
++    - audit_perm_change_failed
++    - audit_perm_change_success
++    - audit_owner_change_failed
++    - audit_owner_change_success
++    - audit_ospp_general
++    - audit_module_load
++
++    ## Enable Automatic Software Updates
++    ## SI-2 / FMT_MOF_EXT.1
++    # Configure dnf-automatic to Install Only Security Updates
++    - dnf-automatic_security_updates_only
++
++    # Configure dnf-automatic to Install Available Updates Automatically
++    - dnf-automatic_apply_updates
++
++    # Enable dnf-automatic Timer
++    - timer_dnf-automatic_enabled
++
++
++    # Prevent Kerberos use by system daemons
++    - kerberos_disable_no_keytab
++
++    # set ssh client rekey limit
++    - ssh_client_rekey_limit
++    - var_ssh_client_rekey_limit_size=1G
++    - var_ssh_client_rekey_limit_time=1hour
++
++# configure ssh client to use strong entropy
++    - ssh_client_use_strong_rng_sh
++    - ssh_client_use_strong_rng_csh
++
++    # zIPl specific rules
++    - zipl_bls_entries_only
++    - zipl_bootmap_is_up_to_date
++    - zipl_audit_argument
++    - zipl_audit_backlog_limit_argument
++    - zipl_slub_debug_argument
++    - zipl_page_poison_argument
+diff --git a/products/almalinux8/profiles/pci-dss.profile b/products/almalinux8/profiles/pci-dss.profile
+new file mode 100644
+index 000000000..522b22fe2
+--- /dev/null
++++ b/products/almalinux8/profiles/pci-dss.profile
+@@ -0,0 +1,59 @@
++documentation_complete: true
++
++metadata:
++    version: '4.0.1'
++    SMEs:
++        - marcusburghardt
++        - mab879
++        - vojtapolasek
++
++reference: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0_1.pdf
++
++title: 'PCI-DSS v4.0.1 Control Baseline for Red Hat Enterprise Linux 8'
++
++description: |-
++    Payment Card Industry - Data Security Standard (PCI-DSS) is a set of
++    security standards designed to ensure the secure handling of payment card
++    data, with the goal of preventing data breaches and protecting sensitive
++    financial information.
++
++    This profile ensures Red Hat Enterprise Linux 8 is configured in alignment
++    with PCI-DSS v4.0.1 requirements.
++
++selections:
++    - pcidss_4:all
++    # More tests are needed to identify which rule is conflicting with rpm_verify_permissions.
++    # https://github.com/ComplianceAsCode/content/issues/11285
++    - '!rpm_verify_permissions'
++    # these rules do not apply to RHEL but they have to keep the prodtype for historical reasons
++    - '!package_audit-audispd-plugins_installed'
++    - '!service_ntp_enabled'
++    - '!ntpd_specify_remote_server'
++    - '!ntpd_specify_multiple_servers'
++    - '!set_ipv6_loopback_traffic'
++    - '!set_loopback_traffic'
++    - '!service_ntpd_enabled'
++    - '!timer_logrotate_enabled'
++    - '!package_talk_removed'
++    - '!package_talk-server_removed'
++    - '!package_rsh_removed'
++    - '!package_rsh-server_removed'
++    # Following rules once had a prodtype incompatible with the rhel8 product
++    - '!cracklib_accounts_password_pam_minlen'
++    - '!nftables_ensure_default_deny_policy'
++    - '!permissions_local_var_log'
++    - '!set_password_hashing_algorithm_commonauth'
++    - '!accounts_passwords_pam_tally2'
++    - '!cracklib_accounts_password_pam_dcredit'
++    - '!cracklib_accounts_password_pam_lcredit'
++    - '!service_timesyncd_enabled'
++    - '!ensure_suse_gpgkey_installed'
++    - '!ensure_shadow_group_empty'
++    - '!mask_nonessential_services'
++    - '!gnome_gdm_disable_unattended_automatic_login'
++    - '!file_owner_at_allow'
++    - '!accounts_passwords_pam_tally2_unlock_time'
++    - '!ensure_firewall_rules_for_open_ports'
++    - '!cracklib_accounts_password_pam_retry'
++    - '!aide_periodic_checking_systemd_timer'
++    - '!package_cryptsetup-luks_installed'
+diff --git a/products/almalinux8/profiles/rht-ccp.profile b/products/almalinux8/profiles/rht-ccp.profile
+new file mode 100644
+index 000000000..79d0208f5
+--- /dev/null
++++ b/products/almalinux8/profiles/rht-ccp.profile
+@@ -0,0 +1,103 @@
++documentation_complete: true
++
++hidden: true
++
++title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)'
++
++description: |-
++    This profile contains the minimum security relevant
++    configuration settings recommended by Red Hat, Inc for
++    Red Hat Enterprise Linux 8 instances deployed by Red Hat Certified
++    Cloud Providers.
++
++selections:
++    - var_selinux_state=enforcing
++    - var_selinux_policy_name=targeted
++    - sshd_idle_timeout_value=5_minutes
++    - var_accounts_minimum_age_login_defs=7
++    - var_accounts_passwords_pam_faillock_deny=5
++    - var_accounts_password_warn_age_login_defs=7
++    - var_password_hashing_algorithm_pam=sha512
++    - var_password_pam_retry=3
++    - var_password_pam_dcredit=1
++    - var_password_pam_ucredit=2
++    - var_password_pam_ocredit=2
++    - var_password_pam_lcredit=2
++    - var_password_pam_difok=3
++    - var_password_pam_unix_remember=5
++    - var_accounts_user_umask=077
++    - login_banner_text=usgcb_default
++    - partition_for_tmp
++    - partition_for_var
++    - partition_for_var_log
++    - partition_for_var_log_audit
++    - selinux_state
++    - selinux_policytype
++    - ensure_almalinux_gpgkey_installed
++    - security_patches_up_to_date
++    - ensure_gpgcheck_globally_activated
++    - ensure_gpgcheck_never_disabled
++    - package_aide_installed
++    - accounts_password_pam_unix_remember
++    - no_shelllogin_for_systemaccounts
++    - no_empty_passwords
++    - accounts_password_all_shadowed
++    - accounts_no_uid_except_zero
++    - accounts_minimum_age_login_defs
++    - accounts_password_warn_age_login_defs
++    - var_authselect_profile=sssd
++    - enable_authselect
++    - accounts_password_pam_retry
++    - accounts_password_pam_dcredit
++    - accounts_password_pam_ucredit
++    - accounts_password_pam_ocredit
++    - accounts_password_pam_lcredit
++    - accounts_password_pam_difok
++    - accounts_passwords_pam_faillock_deny
++    - set_password_hashing_algorithm_systemauth
++    - set_password_hashing_algorithm_passwordauth
++    - set_password_hashing_algorithm_logindefs
++    - set_password_hashing_algorithm_libuserconf
++    - require_singleuser_auth
++    - file_owner_etc_shadow
++    - file_groupowner_etc_shadow
++    - file_permissions_etc_shadow
++    - file_owner_etc_gshadow
++    - file_groupowner_etc_gshadow
++    - file_permissions_etc_gshadow
++    - file_owner_etc_passwd
++    - file_groupowner_etc_passwd
++    - file_permissions_etc_passwd
++    - file_owner_etc_group
++    - file_groupowner_etc_group
++    - file_permissions_etc_group
++    - file_permissions_library_dirs
++    - file_ownership_library_dirs
++    - file_permissions_binary_dirs
++    - file_ownership_binary_dirs
++    - file_permissions_var_log_audit
++    - file_owner_grub2_cfg
++    - file_groupowner_grub2_cfg
++    - file_permissions_grub2_cfg
++    - grub2_password
++    - kernel_module_dccp_disabled
++    - kernel_module_sctp_disabled
++    - service_firewalld_enabled
++    - set_firewalld_default_zone
++    - firewalld_sshd_port_enabled
++    - service_abrtd_disabled
++    - service_telnet_disabled
++    - package_telnet-server_removed
++    - package_telnet_removed
++    - sshd_allow_only_protocol2
++    - sshd_set_idle_timeout
++    - var_sshd_set_keepalive=1
++    - sshd_set_keepalive_0
++    - disable_host_auth
++    - sshd_disable_root_login
++    - sshd_disable_empty_passwords
++    - sshd_enable_warning_banner
++    - sshd_do_not_permit_user_env
++    - var_system_crypto_policy=fips
++    - configure_crypto_policy
++    - configure_ssh_crypto_policy
+diff --git a/products/almalinux8/profiles/standard.profile b/products/almalinux8/profiles/standard.profile
+new file mode 100644
+index 000000000..3c09d50d0
+--- /dev/null
++++ b/products/almalinux8/profiles/standard.profile
+@@ -0,0 +1,91 @@
++documentation_complete: true
++
++hidden: true
++
++title: 'Standard System Security Profile for AlmaLinux 8'
++
++description: |-
++    This profile contains rules to ensure standard security baseline
++    of a AlmaLinux 8 system. Regardless of your system's workload
++    all of these checks should pass.
++
++selections:
++    - ensure_almalinux_gpgkey_installed
++    - ensure_gpgcheck_globally_activated
++    - rpm_verify_permissions
++    - rpm_verify_hashes
++    - security_patches_up_to_date
++    - no_empty_passwords
++    - file_groupowner_etc_group
++    - file_owner_etc_group
++    - file_permissions_etc_group
++    - file_groupowner_etc_passwd
++    - file_owner_etc_passwd
++    - file_permissions_etc_passwd
++    - file_groupowner_etc_shadow
++    - file_owner_etc_shadow
++    - file_permissions_unauthorized_sgid
++    - file_permissions_unauthorized_suid
++    - file_permissions_unauthorized_world_writable
++    - accounts_root_path_dirs_no_write
++    - dir_perms_world_writable_sticky_bits
++    - mount_option_dev_shm_nodev
++    - mount_option_dev_shm_nosuid
++    - partition_for_var_log
++    - partition_for_var_log_audit
++    - package_rsyslog_installed
++    - service_rsyslog_enabled
++    - audit_rules_time_adjtimex
++    - audit_rules_time_settimeofday
++    - audit_rules_time_stime
++    - audit_rules_time_clock_settime
++    - audit_rules_time_watch_localtime
++    - audit_rules_usergroup_modification
++    - audit_rules_networkconfig_modification
++    - audit_rules_mac_modification
++    - audit_rules_dac_modification_chmod
++    - audit_rules_dac_modification_chown
++    - audit_rules_dac_modification_fchmod
++    - audit_rules_dac_modification_fchmodat
++    - audit_rules_dac_modification_fchown
++    - audit_rules_dac_modification_fchownat
++    - audit_rules_dac_modification_fremovexattr
++    - audit_rules_dac_modification_fsetxattr
++    - audit_rules_dac_modification_lchown
++    - audit_rules_dac_modification_lremovexattr
++    - audit_rules_dac_modification_lsetxattr
++    - audit_rules_dac_modification_removexattr
++    - audit_rules_dac_modification_setxattr
++    - audit_rules_unsuccessful_file_modification
++    - audit_rules_privileged_commands
++    - audit_rules_media_export
++    - audit_rules_file_deletion_events
++    - audit_rules_sysadmin_actions
++    - audit_rules_kernel_module_loading
++    - service_abrtd_disabled
++    - service_atd_disabled
++    - service_autofs_disabled
++    - service_ntpdate_disabled
++    - service_oddjobd_disabled
++    - service_qpidd_disabled
++    - service_rdisc_disabled
++    - configure_crypto_policy
++    - configure_bind_crypto_policy
++    - configure_openssl_crypto_policy
++    - configure_libreswan_crypto_policy
++    - configure_ssh_crypto_policy
++    - configure_kerberos_crypto_policy
++    - service_auditd_enabled
++    - gid_passwd_group_same
++    - file_groupowner_efi_grub2_cfg
++    - file_groupowner_grub2_cfg
++    - file_owner_efi_grub2_cfg
++    - file_owner_grub2_cfg
++    - file_permissions_efi_grub2_cfg
++    - file_permissions_grub2_cfg
++    - file_groupowner_efi_user_cfg
++    - file_groupowner_user_cfg
++    - file_owner_efi_user_cfg
++    - file_owner_user_cfg
++    - file_permissions_efi_user_cfg
++    - file_permissions_user_cfg
+diff --git a/products/almalinux8/profiles/stig.profile b/products/almalinux8/profiles/stig.profile
+new file mode 100644
+index 000000000..0ba423604
+--- /dev/null
++++ b/products/almalinux8/profiles/stig.profile
+@@ -0,0 +1,1236 @@
++documentation_complete: true
++
++metadata:
++    version: V2R1
++    SMEs:
++        - mab879
++        - ggbecker
++
++reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
++
++title: 'DISA STIG for Red Hat Enterprise Linux 8'
++
++description: |-
++    This profile contains configuration checks that align to the
++    DISA STIG for Red Hat Enterprise Linux 8 V2R1.
++
++    In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
++    configuration baseline as applicable to the operating system tier of
++    Red Hat technologies that are based on Red Hat Enterprise Linux 8, such as:
++
++    - Red Hat Enterprise Linux Server
++    - Red Hat Enterprise Linux Workstation and Desktop
++    - Red Hat Enterprise Linux for HPC
++    - Red Hat Storage
++    - Red Hat Containers with a Red Hat Enterprise Linux 8 image
++
++selections:
++    ### Variables
++    - var_rekey_limit_size=1G
++    - var_rekey_limit_time=1hour
++    - var_accounts_user_umask=077
++    - var_password_pam_difok=8
++    - var_password_pam_maxrepeat=3
++    - var_password_hashing_algorithm=SHA512
++    - var_password_hashing_algorithm_pam=sha512
++    - var_password_pam_maxclassrepeat=4
++    - var_password_pam_minclass=4
++    - var_accounts_minimum_age_login_defs=1
++    - var_accounts_max_concurrent_login_sessions=10
++    - var_password_pam_remember=5
++    - var_password_pam_remember_control_flag=requisite_or_required
++    - var_selinux_state=enforcing
++    - var_selinux_policy_name=targeted
++    - var_password_pam_unix_rounds=5000
++    - var_password_pam_minlen=15
++    - var_password_pam_ocredit=1
++    - var_password_pam_dcredit=1
++    - var_password_pam_dictcheck=1
++    - var_password_pam_ucredit=1
++    - var_password_pam_lcredit=1
++    - var_password_pam_retry=3
++    - var_password_pam_minlen=15
++    - var_sshd_set_keepalive=1
++    - sshd_approved_macs=stig_extended
++    - sshd_approved_ciphers=stig_extended
++    - sshd_idle_timeout_value=10_minutes
++    - var_accounts_authorized_local_users_regex=rhel8
++    - var_accounts_passwords_pam_faillock_deny=3
++    - var_accounts_passwords_pam_faillock_fail_interval=900
++    - var_accounts_passwords_pam_faillock_unlock_time=never
++    - var_ssh_client_rekey_limit_size=1G
++    - var_ssh_client_rekey_limit_time=1hour
++    - var_accounts_fail_delay=4
++    - var_account_disable_post_pw_expiration=35
++    - var_auditd_action_mail_acct=root
++    - var_time_service_set_maxpoll=18_hours
++    - var_accounts_maximum_age_login_defs=60
++    - var_auditd_space_left_percentage=25pc
++    - var_auditd_space_left_action=email
++    - var_auditd_disk_error_action=rhel8
++    - var_auditd_max_log_file_action=syslog
++    - var_auditd_disk_full_action=rhel8
++    - var_sssd_certificate_verification_digest_function=sha1
++    - login_banner_text=dod_banners
++    - var_authselect_profile=sssd
++    - var_multiple_time_servers=stig
++    - var_time_service_set_maxpoll=18_hours
++
++    ### Enable / Configure FIPS
++    - enable_fips_mode
++    - var_system_crypto_policy=fips
++    - configure_crypto_policy
++    - configure_bind_crypto_policy
++    - configure_libreswan_crypto_policy
++    - configure_kerberos_crypto_policy
++    - enable_dracut_fips_module
++
++    # Other needed rules
++    - enable_authselect
++
++    ### Rules:
++    # RHEL-08-010000
++    - installed_OS_is_vendor_supported
++
++    # RHEL-08-010010
++    - security_patches_up_to_date
++
++    # RHEL-08-010019
++    - ensure_almalinux_gpgkey_installed
++
++    # RHEL-08-010020
++    - sysctl_crypto_fips_enabled
++
++    # RHEL-08-010030
++    - encrypt_partitions
++
++    # RHEL-08-010040
++    - sshd_enable_warning_banner
++
++    # RHEL-08-010049
++    - dconf_gnome_banner_enabled
++
++    # RHEL-08-010050
++    - dconf_gnome_login_banner_text
++
++    # RHEL-08-010060
++    - banner_etc_issue
++
++    # RHEL-08-010070
++    - rsyslog_remote_access_monitoring
++
++    # RHEL-08-010090
++    - sssd_has_trust_anchor
++
++    # RHEL-08-010100
++    - ssh_keys_passphrase_protected
++
++    # RHEL-08-010110
++    - set_password_hashing_algorithm_logindefs
++
++    # RHEL-08-010120
++    - accounts_password_all_shadowed_sha512
++
++    # RHEL-08-010121
++    - no_empty_passwords_etc_shadow
++
++    # RHEL-08-010130
++    - set_password_hashing_min_rounds_logindefs
++
++    # RHEL-08-010140
++    - grub2_uefi_password
++
++    # RHEL-08-010141
++    - grub2_uefi_admin_username
++
++    # RHEL-08-010149
++    - grub2_admin_username
++
++    # RHEL-08-010150
++    - grub2_password
++
++    # RHEL-08-010151
++    - require_singleuser_auth
++
++    # RHEL-08-010152
++    - require_emergency_target_auth
++
++    # RHEL-08-010159
++    - set_password_hashing_algorithm_passwordauth
++
++    # RHEL-08-010160
++    - set_password_hashing_algorithm_systemauth
++
++    # RHEL-08-010161
++    - kerberos_disable_no_keytab
++
++    # RHEL-08-010162
++    - package_krb5-workstation_removed
++
++    # RHEL-08-010170
++    - selinux_state
++
++    # RHEL-08-010171
++    - package_policycoreutils_installed
++
++    # RHEL-08-010190
++    - dir_perms_world_writable_sticky_bits
++
++    # RHEL-08-010200
++    - sshd_set_keepalive
++    # RHEL-08-010201
++    - sshd_set_idle_timeout
++
++    # RHEL-08-010210
++    - file_permissions_var_log_messages
++
++    # RHEL-08-010220
++    - file_owner_var_log_messages
++
++    # RHEL-08-010230
++    - file_groupowner_var_log_messages
++
++    # RHEL-08-010240
++    - file_permissions_var_log
++
++    # RHEL-08-010250
++    - file_owner_var_log
++
++    # RHEL-08-010260
++    - file_groupowner_var_log
++
++    # RHEL-08-010287
++    - configure_ssh_crypto_policy
++
++    # RHEL-08-010290
++    - harden_sshd_macs_openssh_conf_crypto_policy
++    - harden_sshd_macs_opensshserver_conf_crypto_policy
++
++    # RHEL-08-010291
++    - harden_sshd_ciphers_openssh_conf_crypto_policy
++    - harden_sshd_ciphers_opensshserver_conf_crypto_policy
++
++    # RHEL-08-010292
++    - sshd_use_strong_rng
++
++    # RHEL-08-010293
++    - configure_openssl_crypto_policy
++
++    # RHEL-08-010294
++    - configure_openssl_tls_crypto_policy
++
++    # RHEL-08-010295
++    - configure_gnutls_tls_crypto_policy
++
++    # RHEL-08-010300
++    - file_permissions_binary_dirs
++
++    # RHEL-08-010310
++    - file_ownership_binary_dirs
++
++    # RHEL-08-010320
++    - file_groupownership_system_commands_dirs
++
++    # RHEL-08-010330
++    - file_permissions_library_dirs
++
++    # RHEL-08-010331
++    - dir_permissions_library_dirs
++
++    # RHEL-08-010340
++    - file_ownership_library_dirs
++
++    # RHEL-08-010341
++    - dir_ownership_library_dirs
++
++    # RHEL-08-010350
++    - root_permissions_syslibrary_files
++
++    # RHEL-08-010351
++    - dir_group_ownership_library_dirs
++
++    # RHEL-08-010358
++    - package_mailx_installed
++
++    # RHEL-08-010359
++    - package_aide_installed
++    - aide_build_database
++
++    # RHEL-08-010360
++    - aide_scan_notification
++
++    # RHEL-08-010370
++    - ensure_gpgcheck_globally_activated
++    - ensure_gpgcheck_never_disabled
++
++    # Necessary for package installs after gpgcheck is enabled
++    - ensure_almalinux_gpgkey_installed
++
++    # RHEL-08-010371
++    - ensure_gpgcheck_local_packages
++
++    # RHEL-08-010372
++    - sysctl_kernel_kexec_load_disabled
++
++    # RHEL-08-010373
++    - sysctl_fs_protected_symlinks
++
++    # RHEL-08-010374
++    - sysctl_fs_protected_hardlinks
++
++    # RHEL-08-010375
++    - sysctl_kernel_dmesg_restrict
++
++    # RHEL-08-010376
++    - sysctl_kernel_perf_event_paranoid
++
++    # RHEL-08-010379
++    - sudoers_default_includedir
++
++    # RHEL-08-010380
++    - sudo_remove_nopasswd
++
++    # RHEL-08-010381
++    - sudo_remove_no_authenticate
++
++    # RHEL-08-010382
++    - sudo_restrict_privilege_elevation_to_authorized
++
++    # RHEL-08-010383
++    - sudoers_validate_passwd
++
++    # RHEL-08-010384
++    - sudo_require_reauthentication
++    - var_sudo_timestamp_timeout=always_prompt
++
++    # RHEL-08-010385
++    - disallow_bypass_password_sudo
++
++    # RHEL-08-010390
++    - install_smartcard_packages
++
++    # RHEL-08-010400
++    - sssd_certificate_verification
++
++    # RHEL-08-010410
++    - package_opensc_installed
++
++    # RHEL-08-010420
++    - bios_enable_execution_restrictions
++
++    # RHEL-08-010421
++    - grub2_page_poison_argument
++
++    # RHEL-08-010422
++    - grub2_vsyscall_argument
++
++    # RHEL-08-010423
++    - grub2_slub_debug_argument
++    - var_slub_debug_options=P
++
++    # RHEL-08-010430
++    - sysctl_kernel_randomize_va_space
++
++    # RHEL-08-010440
++    - clean_components_post_updating
++
++    # RHEL-08-010450
++    - selinux_policytype
++
++    # RHEL-08-010460
++    - no_host_based_files
++
++    # RHEL-08-010470
++    - no_user_host_based_files
++
++    # RHEL-08-010471
++    # Not applicable for RHEL 8.4+
++    - service_rngd_enabled
++
++    # RHEL-08-010472
++    - package_rng-tools_installed
++
++    # RHEL-08-010480
++    - file_permissions_sshd_pub_key
++
++    # RHEL-08-010490
++    - file_permissions_sshd_private_key
++
++    # RHEL-08-010500
++    - sshd_enable_strictmodes
++
++    # RHEL-08-010520
++    - sshd_disable_user_known_hosts
++
++    # RHEL-08-010521
++    - sshd_disable_kerb_auth
++
++    # RHEL-08-010522
++    - sshd_disable_gssapi_auth
++
++    # RHEL-08-010540
++    - partition_for_var
++
++    # RHEL-08-010541
++    - partition_for_var_log
++
++    # RHEL-08-010542
++    - partition_for_var_log_audit
++
++    # RHEL-08-010543
++    - partition_for_tmp
++
++    # RHEL-08-010544
++    - partition_for_var_tmp
++
++    # RHEL-08-010550
++    - sshd_disable_root_login
++
++    # RHEL-08-010561
++    - service_rsyslog_enabled
++
++    # RHEL-08-010570
++    - mount_option_home_nosuid
++
++    # RHEL-08-010571
++    - mount_option_boot_nosuid
++
++    # RHEL-08-010572
++    - mount_option_boot_efi_nosuid
++
++    # RHEL-08-010580
++    - mount_option_nodev_nonroot_local_partitions
++
++    # RHEL-08-010590
++    - mount_option_home_noexec
++
++    # RHEL-08-010600
++    - mount_option_nodev_removable_partitions
++
++    # RHEL-08-010610
++    - mount_option_noexec_removable_partitions
++
++    # RHEL-08-010620
++    - mount_option_nosuid_removable_partitions
++
++    # RHEL-08-010630
++    - mount_option_noexec_remote_filesystems
++
++    # RHEL-08-010640
++    - mount_option_nodev_remote_filesystems
++
++    # RHEL-08-010650
++    - mount_option_nosuid_remote_filesystems
++
++    # RHEL-08-010660
++    - accounts_user_dot_no_world_writable_programs
++
++    # RHEL-08-010670
++    - service_kdump_disabled
++
++    # RHEL-08-010671
++    - sysctl_kernel_core_pattern
++
++    # RHEL-08-010672
++    - service_systemd-coredump_disabled
++
++    # RHEL-08-010673
++    - disable_users_coredumps
++
++    # RHEL-08-010674
++    - coredump_disable_storage
++
++    # RHEL-08-010675
++    - coredump_disable_backtraces
++
++    # RHEL-08-010680
++    - network_configure_name_resolution
++
++    # RHEL-08-010690
++    - accounts_user_home_paths_only
++
++    # RHEL-08-010700
++    - dir_perms_world_writable_root_owned
++
++    # RHEL-08-010710
++    - dir_perms_world_writable_system_owned_group
++
++    # RHEL-08-010720
++    - accounts_user_interactive_home_directory_defined
++
++    # RHEL-08-010730
++    - file_permissions_home_directories
++
++    # RHEL-08-010731
++    - accounts_users_home_files_permissions
++
++    # RHEL-08-010740
++    - file_groupownership_home_directories
++
++    # RHEL-08-010741
++    - accounts_users_home_files_groupownership
++
++    # RHEL-08-010750
++    - accounts_user_interactive_home_directory_exists
++
++    # RHEL-08-010760
++    - accounts_have_homedir_login_defs
++
++    # RHEL-08-010770
++    - file_permission_user_init_files_root
++    - var_user_initialization_files_regex=all_dotfiles
++
++    # RHEL-08-010780
++    - no_files_unowned_by_user
++
++    # RHEL-08-010790
++    - file_permissions_ungroupowned
++
++    # RHEL-08-010800
++    - partition_for_home
++
++    # RHEL-08-010820
++    - gnome_gdm_disable_automatic_login
++
++    # RHEL-08-010830
++    - sshd_do_not_permit_user_env
++
++    # RHEL-08-020000
++    - account_temp_expire_date
++
++    # RHEL-08-020010, RHEL-08-020011
++    - accounts_passwords_pam_faillock_deny
++
++    # RHEL-08-020012, RHEL-08-020013
++    - accounts_passwords_pam_faillock_interval
++
++    # RHEL-08-020014, RHEL-08-020015
++    - accounts_passwords_pam_faillock_unlock_time
++
++    # RHEL-08-020016, RHEL-08-020017
++    - accounts_passwords_pam_faillock_dir
++
++    # # RHEL-08-020018, RHEL-08-020019
++    - accounts_passwords_pam_faillock_silent
++
++    # RHEL-08-020020, RHEL-08-020021
++    - accounts_passwords_pam_faillock_audit
++
++    # RHEL-08-020022, RHEL-08-020023
++    - accounts_passwords_pam_faillock_deny_root
++
++    # RHEL-08-020024
++    - accounts_max_concurrent_login_sessions
++
++    # RHEL-08-020025
++    - account_password_pam_faillock_system_auth
++
++    # RHEL-08-020026
++    - account_password_pam_faillock_password_auth
++
++    # RHEL-08-020027, RHEL-08-020028
++    - account_password_selinux_faillock_dir
++
++    # RHEL-08-020030
++    - dconf_gnome_screensaver_lock_enabled
++
++    # RHEL-08-020031, RHEL-08-020080
++    - dconf_gnome_screensaver_lock_delay
++    - var_screensaver_lock_delay=5_seconds
++
++    # RHEL-08-020032
++    - dconf_gnome_disable_user_list
++
++    # RHEL-08-020035
++    - logind_session_timeout
++    - var_logind_session_timeout=10_minutes
++
++    # RHEL-08-020050
++    - dconf_gnome_lock_screen_on_smartcard_removal
++
++    # RHEL-08-020060
++    - dconf_gnome_screensaver_idle_delay
++
++    # RHEL-08-020080
++    - dconf_gnome_screensaver_user_locks
++
++    # RHEL-08-020081
++    - dconf_gnome_session_idle_user_locks
++
++    # RHEL-08-020082
++    - dconf_gnome_screensaver_lock_locked
++
++    # RHEL-08-020090
++    - sssd_enable_certmap
++
++    # RHEL-08-020100
++    - accounts_password_pam_pwquality_password_auth
++
++    # RHEL-08-020101
++    - accounts_password_pam_pwquality_system_auth
++
++    # RHEL-08-020102
++    # This is only required for RHEL8 systems below version 8.4 where the
++    # retry parameter was not yet available on /etc/security/pwquality.conf.
++
++    # RHEL-08-020103
++    # This is only required for RHEL8 systems below version 8.4 where the
++    # retry parameter was not yet available on /etc/security/pwquality.conf.
++
++    # RHEL-08-020104
++    - accounts_password_pam_retry
++
++    # RHEL-08-020110
++    - accounts_password_pam_ucredit
++
++    # RHEL-08-020120
++    - accounts_password_pam_lcredit
++
++    # RHEL-08-020130
++    - accounts_password_pam_dcredit
++
++    # RHEL-08-020140
++    - accounts_password_pam_maxclassrepeat
++
++    # RHEL-08-020150
++    - accounts_password_pam_maxrepeat
++
++    # RHEL-08-020160
++    - accounts_password_pam_minclass
++
++    # RHEL-08-020170
++    - accounts_password_pam_difok
++
++    # RHEL-08-020180
++    - accounts_password_set_min_life_existing
++
++    # RHEL-08-020190
++    - accounts_minimum_age_login_defs
++
++    # RHEL-08-020200
++    - accounts_maximum_age_login_defs
++
++    # RHEL-08-020210
++    - accounts_password_set_max_life_existing
++
++    # RHEL-08-020220
++    - accounts_password_pam_pwhistory_remember_system_auth
++
++    # RHEL-08-020221
++    - accounts_password_pam_pwhistory_remember_password_auth
++
++    # RHEL-08-020230
++    - accounts_password_pam_minlen
++
++    # RHEL-08-020231
++    - accounts_password_minlen_login_defs
++
++    # RHEL-08-020240
++    - account_unique_id
++
++    # RHEL-08-020250
++    - sssd_enable_smartcards
++
++    # RHEL-08-020260
++    - account_disable_post_pw_expiration
++
++    # RHEL-08-020270
++    - account_temp_expire_date
++
++    # RHEL-08-020280
++    - accounts_password_pam_ocredit
++
++    # RHEL-08-020290
++    - sssd_offline_cred_expiration
++
++    # RHEL-08-020300
++    - accounts_password_pam_dictcheck
++
++    # RHEL-08-020310
++    - accounts_logon_fail_delay
++
++    # RHEL-08-020320
++    - accounts_authorized_local_users
++
++    # RHEL-08-020330
++    - sshd_disable_empty_passwords
++
++    # RHEL-08-020331
++    - no_empty_passwords
++
++    # RHEL-08-020332
++
++    # RHEL-08-020340
++    - display_login_attempts
++
++    # RHEL-08-020350
++    - sshd_print_last_log
++
++    # RHEL-08-020351
++    - accounts_umask_etc_login_defs
++
++    # RHEL-08-020352
++    - accounts_umask_interactive_users
++
++    # RHEL-08-020353
++    - accounts_umask_etc_bashrc
++    - accounts_umask_etc_csh_cshrc
++    - accounts_umask_etc_profile
++
++    # RHEL-08-030000
++    - audit_rules_suid_privilege_function
++
++    # RHEL-08-030010
++    - rsyslog_cron_logging
++
++    # RHEL-08-030020
++    - auditd_data_retention_action_mail_acct
++
++    # RHEL-08-030030
++    - postfix_client_configure_mail_alias_postmaster
++    - package_postfix_installed
++
++    # RHEL-08-030040
++    - auditd_data_disk_error_action
++
++    # RHEL-08-030060
++    - auditd_data_disk_full_action
++
++    # RHEL-08-030061
++    - auditd_local_events
++
++    # RHEL-08-030062
++    - auditd_name_format
++    - var_auditd_name_format=stig
++
++    # RHEL-08-030063
++    - auditd_log_format
++
++    # RHEL-08-030070
++    - file_permissions_var_log_audit
++
++    # RHEL-08-030080
++    - file_ownership_var_log_audit_stig
++
++    # RHEL-08-030090
++    - file_group_ownership_var_log_audit
++
++    # RHEL-08-030100
++    - directory_ownership_var_log_audit
++
++    # RHEL-08-030110
++    - directory_group_ownership_var_log_audit
++
++    # RHEL-08-030120
++    - directory_permissions_var_log_audit
++
++    # *** NOTE *** #
++    # Audit rules are currently under review as to how best to approach
++    # them. We are working with DISA and our internal audit experts to
++    # provide a final solution soon.
++    # ************ #
++
++    # RHEL-08-030121
++    - audit_rules_immutable
++
++    # RHEL-08-030122
++    - audit_rules_immutable_login_uids
++
++    # RHEL-08-030130
++    - audit_rules_usergroup_modification_shadow
++
++    # RHEL-08-030140
++    - audit_rules_usergroup_modification_opasswd
++
++    # RHEL-08-030150
++    - audit_rules_usergroup_modification_passwd
++
++    # RHEL-08-030160
++    - audit_rules_usergroup_modification_gshadow
++
++    # RHEL-08-030170
++    - audit_rules_usergroup_modification_group
++
++    # RHEL-08-030171
++    - audit_rules_sudoers
++
++    # RHEL-08-030172
++    - audit_rules_sudoers_d
++
++    # RHEL-08-030180
++    - package_audit_installed
++
++    # RHEL-08-030181
++    - service_auditd_enabled
++
++    # RHEL-08-030190
++    - audit_rules_privileged_commands_su
++
++    # RHEL-08-030200
++    - audit_rules_dac_modification_lremovexattr
++    - audit_rules_dac_modification_removexattr
++    - audit_rules_dac_modification_lsetxattr
++    - audit_rules_dac_modification_fsetxattr
++    - audit_rules_dac_modification_fremovexattr
++    - audit_rules_dac_modification_setxattr
++
++    # RHEL-08-030250
++    - audit_rules_privileged_commands_chage
++
++    # RHEL-08-030260
++    - audit_rules_execution_chcon
++
++
++    # RHEL-08-030280
++    - audit_rules_privileged_commands_ssh_agent
++
++    # RHEL-08-030290
++    - audit_rules_privileged_commands_passwd
++
++    # RHEL-08-030300
++    - audit_rules_privileged_commands_mount
++
++    # RHEL-08-030301
++    - audit_rules_privileged_commands_umount
++
++    # RHEL-08-030302
++    - audit_rules_media_export
++
++    # RHEL-08-030310
++    - audit_rules_privileged_commands_unix_update
++
++    # RHEL-08-030311
++    - audit_rules_privileged_commands_postdrop
++
++    # RHEL-08-030312
++    - audit_rules_privileged_commands_postqueue
++
++    # RHEL-08-030313
++    - audit_rules_execution_semanage
++
++    # RHEL-08-030314
++    - audit_rules_execution_setfiles
++
++    # RHEL-08-030315
++    - audit_rules_privileged_commands_userhelper
++
++    # RHEL-08-030316
++    - audit_rules_execution_setsebool
++
++    # RHEL-08-030317
++    - audit_rules_privileged_commands_unix_chkpwd
++
++    # RHEL-08-030320
++    - audit_rules_privileged_commands_ssh_keysign
++
++    # RHEL-08-030330
++    - audit_rules_execution_setfacl
++
++    # RHEL-08-030340
++    - audit_rules_privileged_commands_pam_timestamp_check
++
++    # RHEL-08-030350
++    - audit_rules_privileged_commands_newgrp
++
++    # RHEL-08-030360
++    - audit_rules_kernel_module_loading_init
++    - audit_rules_kernel_module_loading_finit
++
++    # RHEL-08-030361
++    - audit_rules_file_deletion_events_rename
++    - audit_rules_file_deletion_events_renameat
++    - audit_rules_file_deletion_events_rmdir
++    - audit_rules_file_deletion_events_unlink
++    - audit_rules_file_deletion_events_unlinkat
++
++    # RHEL-08-030370
++    - audit_rules_privileged_commands_gpasswd
++
++    # RHEL-08-030390
++    - audit_rules_kernel_module_loading_delete
++
++    # RHEL-08-030400
++    - audit_rules_privileged_commands_crontab
++
++    # RHEL-08-030410
++    - audit_rules_privileged_commands_chsh
++
++    # RHEL-08-030420
++    - audit_rules_unsuccessful_file_modification_truncate
++    - audit_rules_unsuccessful_file_modification_openat
++    - audit_rules_unsuccessful_file_modification_open
++    - audit_rules_unsuccessful_file_modification_open_by_handle_at
++    - audit_rules_unsuccessful_file_modification_ftruncate
++    - audit_rules_unsuccessful_file_modification_creat
++
++    # RHEL-08-030480
++    - audit_rules_dac_modification_chown
++    - audit_rules_dac_modification_lchown
++    - audit_rules_dac_modification_fchownat
++    - audit_rules_dac_modification_fchown
++
++    # RHEL-08-030490
++    - audit_rules_dac_modification_chmod
++    - audit_rules_dac_modification_fchmodat
++    - audit_rules_dac_modification_fchmod
++
++    # RHEL-08-030550
++    - audit_rules_privileged_commands_sudo
++
++    # RHEL-08-030560
++    - audit_rules_privileged_commands_usermod
++
++    # RHEL-08-030570
++    - audit_rules_execution_chacl
++
++    # RHEL-08-030580
++    - audit_rules_privileged_commands_kmod
++
++    # RHEL-08-030590
++    - audit_rules_login_events_faillock
++
++    # RHEL-08-030600
++    - audit_rules_login_events_lastlog
++
++    # RHEL-08-030601
++    - grub2_audit_argument
++
++    # RHEL-08-030602
++    - grub2_audit_backlog_limit_argument
++
++    # RHEL-08-030603
++    - configure_usbguard_auditbackend
++
++    # RHEL-08-030610
++    - file_permissions_etc_audit_auditd
++    - file_permissions_etc_audit_rulesd
++
++    # RHEL-08-030620
++    - file_audit_tools_permissions
++
++    # RHEL-08-030630
++    - file_audit_tools_ownership
++
++    # RHEL-08-030640
++    - file_audit_tools_group_ownership
++
++    # RHEL-08-030650
++    - aide_check_audit_tools
++
++    # RHEL-08-030660
++    - auditd_audispd_configure_sufficiently_large_partition
++
++    # RHEL-08-030670
++    - package_rsyslog_installed
++
++    # RHEL-08-030680
++    - package_rsyslog-gnutls_installed
++
++    # RHEL-08-030690
++    - rsyslog_remote_loghost
++
++    # RHEL-08-030700
++    - auditd_overflow_action
++
++    # RHEL-08-030710
++    - rsyslog_encrypt_offload_defaultnetstreamdriver
++    - rsyslog_encrypt_offload_actionsendstreamdrivermode
++
++    # RHEL-08-030720
++    - rsyslog_encrypt_offload_actionsendstreamdriverauthmode
++
++    # RHEL-08-030730
++    - auditd_data_retention_space_left_percentage
++
++    # RHEL-08-030731
++    - auditd_data_retention_space_left_action
++
++    # RHEL-08-030740
++    # remediation fails because default configuration file contains pool instead of server keyword
++    - chronyd_or_ntpd_set_maxpoll
++    - chronyd_server_directive
++    - chronyd_specify_remote_server
++
++    # RHEL-08-030741
++    - chronyd_client_only
++
++    # RHEL-08-030742
++    - chronyd_no_chronyc_network
++
++    # RHEL-08-040000
++    - package_telnet-server_removed
++
++    # RHEL-08-040001
++    - package_abrt_removed
++    - package_abrt-addon-ccpp_removed
++    - package_abrt-addon-kerneloops_removed
++    - package_python3-abrt-addon_removed
++    - package_abrt-cli_removed
++    - package_abrt-plugin-sosreport_removed
++    - package_libreport-plugin-rhtsupport_removed
++    - package_libreport-plugin-logger_removed
++
++    # RHEL-08-040002
++    - package_sendmail_removed
++
++    # RHEL-08-040003
++    ### NOTE: Will be removed in V1R2, merged into RHEL-08-040370
++
++    # RHEL-08-040004
++    - grub2_pti_argument
++
++    # RHEL-08-040010
++    - package_rsh-server_removed
++
++    # RHEL-08-040020
++    - kernel_module_uvcvideo_disabled
++
++    # RHEL-08-040021
++    - kernel_module_atm_disabled
++
++    # RHEL-08-040022
++    - kernel_module_can_disabled
++
++    # RHEL-08-040023
++    - kernel_module_sctp_disabled
++
++    # RHEL-08-040024
++    - kernel_module_tipc_disabled
++
++    # RHEL-08-040025
++    - kernel_module_cramfs_disabled
++
++    # RHEL-08-040026
++    - kernel_module_firewire-core_disabled
++
++    # RHEL-08-040030
++    - configure_firewalld_ports
++
++    # RHEL-08-040060
++    ### NOTE: Removed in V1R2
++
++    # RHEL-08-040070
++    - service_autofs_disabled
++
++    # RHEL-08-040080
++    - kernel_module_usb-storage_disabled
++
++    # RHEL-08-040090
++    - configured_firewalld_default_deny
++    - set_firewalld_default_zone
++
++    # RHEL-08-040100
++    - package_firewalld_installed
++
++    # RHEL-08-040101
++    - service_firewalld_enabled
++
++    # RHEL-08-040110
++    - wireless_disable_interfaces
++
++    # RHEL-08-040111
++    - kernel_module_bluetooth_disabled
++
++    # RHEL-08-040120
++    - mount_option_dev_shm_nodev
++
++    # RHEL-08-040121
++    - mount_option_dev_shm_nosuid
++
++    # RHEL-08-040122
++    - mount_option_dev_shm_noexec
++
++    # RHEL-08-040123
++    - mount_option_tmp_nodev
++
++    # RHEL-08-040124
++    - mount_option_tmp_nosuid
++
++    # RHEL-08-040125
++    - mount_option_tmp_noexec
++
++    # RHEL-08-040126
++    - mount_option_var_log_nodev
++
++    # RHEL-08-040127
++    - mount_option_var_log_nosuid
++
++    # RHEL-08-040128
++    - mount_option_var_log_noexec
++
++    # RHEL-08-040129
++    - mount_option_var_log_audit_nodev
++
++    # RHEL-08-040130
++    - mount_option_var_log_audit_nosuid
++
++    # RHEL-08-040131
++    - mount_option_var_log_audit_noexec
++
++    # RHEL-08-040132
++    - mount_option_var_tmp_nodev
++
++    # RHEL-08-040133
++    - mount_option_var_tmp_nosuid
++
++    # RHEL-08-040134
++    - mount_option_var_tmp_noexec
++
++    # RHEL-08-040135
++    - package_fapolicyd_installed
++
++    # RHEL-08-040136
++    - service_fapolicyd_enabled
++
++    # RHEL-08-040137
++    - fapolicy_default_deny
++
++    # RHEL-08-040139
++    - package_usbguard_installed
++
++    # RHEL-08-040140
++    - usbguard_generate_policy
++
++    # RHEL-08-040141
++    - service_usbguard_enabled
++
++    # RHEL-08-040150
++    - firewalld-backend
++
++    # RHEL-08-040159
++    - package_openssh-server_installed
++
++    # RHEL-08-040160
++    - service_sshd_enabled
++
++    # RHEL-08-040161
++    - sshd_rekey_limit
++
++    # RHEL-08-040170
++    - disable_ctrlaltdel_reboot
++
++    # RHEL-08-040171
++    - dconf_gnome_disable_ctrlaltdel_reboot
++
++    # RHEL-08-040172
++    - disable_ctrlaltdel_burstaction
++
++    # RHEL-08-040180
++    - service_debug-shell_disabled
++
++    # RHEL-08-040190
++    - package_tftp-server_removed
++
++    # RHEL-08-040200
++    - accounts_no_uid_except_zero
++
++    # RHEL-08-040209
++    - sysctl_net_ipv4_conf_default_accept_redirects
++
++    # RHEL-08-040210
++    - sysctl_net_ipv6_conf_default_accept_redirects
++
++    # RHEL-08-040220
++    - sysctl_net_ipv4_conf_all_send_redirects
++
++    # RHEL-08-040230
++    - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
++
++    # RHEL-08-040239
++    - sysctl_net_ipv4_conf_all_accept_source_route
++
++    # RHEL-08-040240
++    - sysctl_net_ipv6_conf_all_accept_source_route
++
++    # RHEL-08-040249
++    - sysctl_net_ipv4_conf_default_accept_source_route
++
++    # RHEL-08-040250
++    - sysctl_net_ipv6_conf_default_accept_source_route
++
++    # RHEL-08-040259
++    - sysctl_net_ipv4_conf_all_forwarding
++
++    # RHEL-08-040260
++    - sysctl_net_ipv6_conf_all_forwarding
++
++    # RHEL-08-040261
++    - sysctl_net_ipv6_conf_all_accept_ra
++
++    # RHEL-08-040262
++    - sysctl_net_ipv6_conf_default_accept_ra
++
++    # RHEL-08-040270
++    - sysctl_net_ipv4_conf_default_send_redirects
++
++    # RHEL-08-040279
++    - sysctl_net_ipv4_conf_all_accept_redirects
++
++    # RHEL-08-040280
++    - sysctl_net_ipv6_conf_all_accept_redirects
++
++    # RHEL-08-040281
++    - sysctl_kernel_unprivileged_bpf_disabled
++
++    # RHEL-08-040282
++    - sysctl_kernel_yama_ptrace_scope
++
++    # RHEL-08-040283
++    - sysctl_kernel_kptr_restrict
++
++    # RHEL-08-040284
++    - sysctl_user_max_user_namespaces
++
++    # RHEL-08-040285
++    - sysctl_net_ipv4_conf_all_rp_filter
++
++    # RHEL-08-040286
++    - sysctl_net_core_bpf_jit_harden
++
++    # RHEL-08-040290
++    - postfix_prevent_unrestricted_relay
++
++    # RHEL-08-040300
++    - aide_verify_ext_attributes
++
++    # RHEL-08-040310
++    - aide_verify_acls
++
++    # RHEL-08-040320
++    - xwindows_remove_packages
++
++    # RHEL-08-040321
++    - xwindows_runlevel_target
++
++    # RHEL-08-040330
++    - network_sniffer_disabled
++
++    # RHEL-08-040340
++    - sshd_disable_x11_forwarding
++
++    # RHEL-08-040341
++    - sshd_x11_use_localhost
++
++    # RHEL-08-040342
++    - sshd_use_approved_kex_ordered_stig
++
++    # RHEL-08-040350
++    - tftpd_uses_secure_mode
++
++    # RHEL-08-040360
++    - package_vsftpd_removed
++
++    # RHEL-08-040370
++    - package_gssproxy_removed
++
++    # RHEL-08-040380
++    - package_iprutils_removed
++
++    # RHEL-08-040390
++    - package_tuned_removed
++
++    # RHEL-08-040400
++    - selinux_user_login_roles
++
++    # RHEL-08-010163
++    - package_krb5-server_removed
+diff --git a/products/almalinux8/profiles/stig_gui.profile b/products/almalinux8/profiles/stig_gui.profile
+new file mode 100644
+index 000000000..9de6ac92b
+--- /dev/null
++++ b/products/almalinux8/profiles/stig_gui.profile
+@@ -0,0 +1,51 @@
++documentation_complete: true
++
++metadata:
++    version: V2R1
++    SMEs:
++        - mab879
++        - ggbecker
++
++reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
++
++title: 'DISA STIG with GUI for Red Hat Enterprise Linux 8'
++
++description: |-
++    This profile contains configuration checks that align to the
++    DISA STIG with GUI for Red Hat Enterprise Linux 8 V2R1.
++
++    In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
++    configuration baseline as applicable to the operating system tier of
++    Red Hat technologies that are based on Red Hat Enterprise Linux 8, such as:
++
++    - Red Hat Enterprise Linux Server
++    - Red Hat Enterprise Linux Workstation and Desktop
++    - Red Hat Enterprise Linux for HPC
++    - Red Hat Storage
++    - Red Hat Containers with a Red Hat Enterprise Linux 8 image
++
++    Warning: The installation and use of a Graphical User Interface (GUI)
++    increases your attack vector and decreases your overall security posture. If
++    your Information Systems Security Officer (ISSO) lacks a documented operational
++    requirement for a graphical user interface, please consider using the
++    standard DISA STIG for Red Hat Enterprise Linux 8 profile.
++
++extends: stig
++
++selections:
++    # RHEL-08-040320
++    - '!xwindows_remove_packages'
++
++    # RHEL-08-040321
++    - '!xwindows_runlevel_target'
++
++    # RHEL-08-040001
++    - '!package_libreport-plugin-rhtsupport_removed'
++
++    # RHEL-08-040284
++    # Limiting user namespaces cause issues with user apps, such as Firefox and Cheese
++    # https://issues.redhat.com/browse/RHEL-10416
++    - '!sysctl_user_max_user_namespaces'
++
++    # locking of idle sessions is handled by screensaver when GUI is present, the following rule is therefore redundant
++    - '!logind_session_timeout'
+diff --git a/products/almalinux8/transforms/constants.xslt b/products/almalinux8/transforms/constants.xslt
+new file mode 100644
+index 000000000..92f8f9c4c
+--- /dev/null
++++ b/products/almalinux8/transforms/constants.xslt
+@@ -0,0 +1,13 @@
++
++
++
++
++AlmaLinux 8
++AL8
++AL_8_STIG
++almalinux8
++
++https://www.cisecurity.org/benchmark/almalinuxos_linux/
++
++
++
+diff --git a/products/almalinux8/transforms/table-style.xslt b/products/almalinux8/transforms/table-style.xslt
+new file mode 100644
+index 000000000..8b6caeab8
+--- /dev/null
++++ b/products/almalinux8/transforms/table-style.xslt
+@@ -0,0 +1,5 @@
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/xccdf-apply-overlay-stig.xslt b/products/almalinux8/transforms/xccdf-apply-overlay-stig.xslt
+new file mode 100644
+index 000000000..4789419b8
+--- /dev/null
++++ b/products/almalinux8/transforms/xccdf-apply-overlay-stig.xslt
+@@ -0,0 +1,8 @@
++
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/xccdf2table-cce.xslt b/products/almalinux8/transforms/xccdf2table-cce.xslt
+new file mode 100644
+index 000000000..f156a6695
+--- /dev/null
++++ b/products/almalinux8/transforms/xccdf2table-cce.xslt
+@@ -0,0 +1,9 @@
++
++
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/xccdf2table-profileccirefs.xslt b/products/almalinux8/transforms/xccdf2table-profileccirefs.xslt
+new file mode 100644
+index 000000000..30419e92b
+--- /dev/null
++++ b/products/almalinux8/transforms/xccdf2table-profileccirefs.xslt
+@@ -0,0 +1,9 @@
++
++
++
++
++
++
++
++
++
+diff --git a/shared/checks/oval/installed_OS_is_almalinux8.xml b/shared/checks/oval/installed_OS_is_almalinux8.xml
+new file mode 100644
+index 000000000..91af880dd
+--- /dev/null
++++ b/shared/checks/oval/installed_OS_is_almalinux8.xml
+@@ -0,0 +1,36 @@
++
++  
++    
++      AlmaLinux 8
++      
++        multi_platform_all
++      
++      
++
++      The operating system installed on the system is
++      AlmaLinux 8
++    
++    
++      
++      
++          
++      
++    
++  
++
++  
++    
++    
++  
++  
++    ^8.*$
++  
++  
++    almalinux-release
++  
++
++
+diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
+index 19129cc69..683721b2b 100644
+--- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
++++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
+@@ -15,6 +15,7 @@
+ 	multi_platform_ol
+ 	multi_platform_rhcos
+ 	multi_platform_rhel
++multi_platform_almalinux
+ 	multi_platform_rhv
+ 	multi_platform_sle
+     multi_platform_slmicro5
+diff --git a/shared/references/disa-stig-almalinux8-v2r1-xccdf-manual.xml b/shared/references/disa-stig-almalinux8-v2r1-xccdf-manual.xml
+new file mode 120000
+index 000000000..e83874f8c
+--- /dev/null
++++ b/shared/references/disa-stig-almalinux8-v2r1-xccdf-manual.xml
+@@ -0,0 +1 @@
++disa-stig-rhel8-v2r1-xccdf-manual.xml
+\ No newline at end of file
+diff --git a/shared/references/disa-stig-almalinux8-v2r1-xccdf-scap.xml b/shared/references/disa-stig-almalinux8-v2r1-xccdf-scap.xml
+new file mode 120000
+index 000000000..695c2b8c5
+--- /dev/null
++++ b/shared/references/disa-stig-almalinux8-v2r1-xccdf-scap.xml
+@@ -0,0 +1 @@
++disa-stig-rhel8-v2r1-xccdf-scap.xml
+\ No newline at end of file
+diff --git a/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml b/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml
+index e83699662..1efabcf62 100644
+--- a/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml
++++ b/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml
+@@ -917,7 +917,7 @@ Check to see if an encrypted grub superusers password is set. On systems that us
+ $ sudo grep -iw grub2_password /boot/grub2/user.cfg
+ GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
+ 
+-If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL07-00-010491Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089V-99143SV-108247CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
++If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL07-00-010491Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089V-99143SV-108247CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
+ 
+ Generate an encrypted grub2 password for the grub superusers account with the following command:
+ 
+@@ -929,7 +929,7 @@ For systems that are running a version of Oracle Linux prior to 7.2, this is Not
+ 
+ Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command:
+ 
+-$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg
++$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg
+ GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
+ 
+ If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000104-GPOS-00051<GroupDescription></GroupDescription>OL07-00-010500The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.<VulnDiscussion>To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
+@@ -1809,7 +1809,7 @@ On BIOS-based machines, use the following command:
+ 
+ On UEFI-based machines, use the following command:
+ 
+-# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
++# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
+ 
+ If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
+ 
+@@ -1840,7 +1840,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm
+ 
+ If a "dracut-fips" package is installed, check to see if the kernel command line is configured to use FIPS mode with the following command:
+ 
+-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
++Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines.
+ 
+ # grep fips /boot/grub2/grub.cfg
+ /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0 rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=rhel/root rhgb fips=1 quiet
+@@ -1912,23 +1912,23 @@ An example rule that includes the "sha512" rule follows:
+ 
+ If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2-approved cryptographic hashes for validating file contents and directories, this is a finding.SRG-OS-000364-GPOS-00151<GroupDescription></GroupDescription>OL07-00-021700The Oracle Linux operating system must not allow removable media to be used as the boot loader unless approved.<VulnDiscussion>Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the information system security officer (ISSO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089SV-108367V-99263CCI-001813Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.Verify the system is not configured to use a boot loader on removable media.
+ 
+-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
++Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines.
+ 
+ Check for the existence of alternate boot loader configuration files with the following command:
+ 
+      # find / -name grub.cfg
+-     /boot/efi/EFI/redhat/grub.cfg
++     /boot/efi/EFI/almalinux/grub.cfg
+ 
+-If a "grub.cfg" is found in any subdirectories other than "/boot/grub2/" and "/boot/efi/EFI/redhat/", ask the system administrator (SA) if there is documentation signed by the information system security officer (ISSO) to approve the use of removable media as a boot loader. 
++If a "grub.cfg" is found in any subdirectories other than "/boot/grub2/" and "/boot/efi/EFI/almalinux/", ask the system administrator (SA) if there is documentation signed by the information system security officer (ISSO) to approve the use of removable media as a boot loader. 
+ 
+ List the number of menu entries defined in the grub configuration file with the following command (the number will vary between systems):
+ 
+-     # grep -cw menuentry /boot/efi/EFI/redhat/grub.cfg
++     # grep -cw menuentry /boot/efi/EFI/almalinux/grub.cfg
+      4
+ 
+ Check that the grub configuration file has the "set root" command for each menu entry with the following command ("set root" defines the disk and partition or directory where the kernel and GRUB 2 modules are stored):
+ 
+-     # grep 'set root' /boot/efi/EFI/redhat/grub.cfg
++     # grep 'set root' /boot/efi/EFI/almalinux/grub.cfg
+      set root='hd0,gpt2'
+      set root='hd0,gpt2'
+      set root='hd0,gpt2'
+@@ -4453,12 +4453,12 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
+ 
+ Generate a new grub.cfg file with the following command:
+ 
+-$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfgFor systems that use BIOS, this is Not Applicable.
++$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable.
+ 
+ For systems that are running a version of Oracle Linux prior to 7.2, this is Not Applicable.
+ Verify that a unique name is set as the "superusers" account:
+ 
+-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
++$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
+ set superusers="[someuniquestringhere]"
+ export superusers
+ 
+diff --git a/shared/references/disa-stig-ol8-v2r2-xccdf-manual.xml b/shared/references/disa-stig-ol8-v2r2-xccdf-manual.xml
+index e159256ef..4939cfe13 100644
+--- a/shared/references/disa-stig-ol8-v2r2-xccdf-manual.xml
++++ b/shared/references/disa-stig-ol8-v2r2-xccdf-manual.xml
+@@ -425,7 +425,7 @@ SHA_CRYPT_MIN_ROUNDS 5000SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/redhat/user.cfg" file. 
++If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/almalinux/user.cfg" file. 
+  
+ Generate an encrypted grub2 password for the grub superusers account with the following command: 
+  
+@@ -435,7 +435,7 @@ Confirm password:For systems that use BIOS, this is Not Applicable.
++$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable.
+ 
+ Verify that a unique name is set as the "superusers" account:
+ 
+-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
++$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
+ set superusers="[someuniqueUserNamehere]"
+ export superusers
+ 
+diff --git a/shared/references/disa-stig-rhel8-v2r1-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v2r1-xccdf-manual.xml
+index 662cf8848..6dc6f2517 100644
+--- a/shared/references/disa-stig-rhel8-v2r1-xccdf-manual.xml
++++ b/shared/references/disa-stig-rhel8-v2r1-xccdf-manual.xml
+@@ -374,7 +374,7 @@ SHA_CRYPT_MIN_ROUNDS 5000SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-08-010140RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000213Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
++If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-08-010140RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000213Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
+ 
+ Generate an encrypted grub2 password for the grub superusers account with the following command:
+ 
+@@ -384,7 +384,7 @@ Confirm password:For systems that use BIOS, this is Not Applicable.
++$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable.
+ 
+ Verify that a unique name is set as the "superusers" account:
+ 
+-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
++$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
+ set superusers="[someuniquestringhere]"
+ export superusers
+ 
+diff --git a/shared/references/disa-stig-rhel8-v2r1-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v2r1-xccdf-scap.xml
+index 4b581f4a0..31e165cbf 100644
+--- a/shared/references/disa-stig-rhel8-v2r1-xccdf-scap.xml
++++ b/shared/references/disa-stig-rhel8-v2r1-xccdf-scap.xml
+@@ -2548,7 +2548,7 @@ SHA_CRYPT_MIN_ROUNDS 5000
+             2921
+           
+           CCI-000213
+-          Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
++          Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
+ 
+ Generate an encrypted grub2 password for the grub superusers account with the following command:
+ 
+@@ -10130,7 +10130,8 @@ $ sudo systemctl restart systemd-logind
+           
+             The system is RHEL 8.3 or lower
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             
+           
+@@ -10155,7 +10156,8 @@ $ sudo systemctl restart systemd-logind
+           
+             The RHEL 8 version is RHEL 8.2 or newer.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             External definition used to determine if the RHEL 8 version is RHEL 8.2 or newer for version applicability based requirements.
+           
+@@ -10168,7 +10170,8 @@ $ sudo systemctl restart systemd-logind
+           
+             IPv6 is disabled in the kernel.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             IPv6 is disabled in the kernel, either via a kernel cmdline option or sysctl.
+           
+@@ -10184,7 +10187,8 @@ $ sudo systemctl restart systemd-logind
+           
+             OpenSSH is installed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             OpenSSH is installed
+           
+@@ -10196,7 +10200,8 @@ $ sudo systemctl restart systemd-logind
+           
+             RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the Federal Government since this provides assurance they have been tested and validated.
+ 
+@@ -10213,7 +10218,8 @@ The fips=1 kernel option needs to be added to the kernel command line during sys
+           
+             RHEL-08-010110 - RHEL 8 must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
+ 
+@@ -10229,7 +10235,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
+           
+             RHEL-08-010120 - RHEL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The system must use a strong hashing algorithm to store the password.
+ 
+@@ -10243,7 +10250,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
+           
+             RHEL-08-010130 - The RHEL 8 shadow password suite must be configured to use a sufficient number of hashing rounds.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The system must use a strong hashing algorithm to store the password. The system must use a sufficient number of hashing rounds to ensure the required level of entropy.
+ 
+@@ -10258,15 +10266,16 @@ Passwords need to be protected at all times, and encryption is the standard meth
+           
+             RHEL-08-010140 - RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
+           
+-          
+-            
++          
++            
+             
+-              
+-              
++              
++              
+             
+           
+         
+@@ -10274,7 +10283,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
+           
+             RHEL-08-010150 - RHEL 8 operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
+           
+@@ -10290,7 +10300,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
+           
+             RHEL-08-010160 - RHEL 8 operating systems must require authentication upon booting into rescue mode.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If the system does not require valid root authentication before it boots into rescue mode, anyone who invokes rescue mode is granted privileged access to all files on the system.
+           
+@@ -10302,7 +10313,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
+           
+             RHEL-08-010161 - RHEL 8 must prevent system daemons from using Kerberos for authentication.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
+ 
+@@ -10322,7 +10334,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
+           
+             RHEL-08-010162 - The krb5-workstation package must not be installed on RHEL 8.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
+ 
+@@ -10342,7 +10355,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
+           
+             RHEL-08-010171 - RHEL 8 must have the policycoreutils package installed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
+ 
+@@ -10356,7 +10370,8 @@ Policycoreutils contains the policy core utilities that are required for basic o
+           
+             RHEL-08-010210 - The RHEL 8 /var/log/messages file must have mode 0640 or less permissive.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+ 
+@@ -10370,7 +10385,8 @@ The structure and content of error messages must be carefully considered by the
+           
+             RHEL-08-010220 - The RHEL 8 /var/log/messages file must be owned by root.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+ 
+@@ -10384,7 +10400,8 @@ The structure and content of error messages must be carefully considered by the
+           
+             RHEL-08-010230 - The RHEL 8 /var/log/messages file must be group-owned by root.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+ 
+@@ -10398,7 +10415,8 @@ The structure and content of error messages must be carefully considered by the
+           
+             RHEL-08-010240 - The RHEL 8 /var/log directory must have mode 0755 or less permissive.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+ 
+@@ -10412,7 +10430,8 @@ The structure and content of error messages must be carefully considered by the
+           
+             RHEL-08-010250 - The RHEL 8 /var/log directory must be owned by root.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+ 
+@@ -10426,7 +10445,8 @@ The structure and content of error messages must be carefully considered by the
+           
+             RHEL-08-010260 - The RHEL 8 /var/log directory must be group-owned by root.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+ 
+@@ -10440,7 +10460,8 @@ The structure and content of error messages must be carefully considered by the
+           
+             RHEL-08-010292 - RHEL 8 must ensure the SSH server uses strong entropy.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict.  Entropy in computer security is associated with the unpredictability of a source of randomness.  The random source with high entropy tends to achieve a uniform distribution of random values.  Random number generators are one of the most important building blocks of cryptosystems.
+ 
+@@ -10456,7 +10477,8 @@ The SSH implementation in RHEL8 uses the OPENSSL library, which does not use hig
+           
+             RHEL-08-010294 - The RHEL 8 operating system must implement DoD-approved TLS encryption in the OpenSSL package.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
+ 
+@@ -10484,7 +10506,8 @@ RHEL 8 incorporates system-wide crypto policies by default.  The employed algori
+           
+             RHEL-08-010310 - RHEL 8 system commands must be owned by root.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+ 
+@@ -10498,7 +10521,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
+           
+             RHEL-08-010320 - RHEL 8 system commands must be group-owned by root or a system account.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+ 
+@@ -10512,7 +10536,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
+           
+             RHEL-08-010370 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
+ 
+@@ -10529,7 +10554,8 @@ Verifying the authenticity of the software prior to installation validates the i
+           
+             RHEL-08-010372 - RHEL 8 must prevent the loading of a new kernel for later execution.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
+ 
+@@ -10552,7 +10578,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010373 - RHEL 8 must enable kernel parameters to enforce discretionary access control on symlinks.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write).  Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment.  DAC allows the owner to determine who will have access to objects they control.  An example of DAC includes user-controlled file permissions.  
+ 
+@@ -10576,7 +10603,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010374 - RHEL 8 must enable kernel parameters to enforce discretionary access control on hardlinks.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
+ 
+@@ -10601,7 +10629,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010375 - RHEL 8 must restrict access to the kernel message buffer.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
+ 
+@@ -10627,7 +10656,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010376 - RHEL 8 must prevent kernel profiling by unprivileged users.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
+ 
+@@ -10654,7 +10684,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010380 - RHEL 8 must require users to provide a password for privilege escalation.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
+ 
+@@ -10669,7 +10700,8 @@ When operating systems provide the capability to escalate a functional capabilit
+           
+             RHEL-08-010381 - RHEL 8 must require users to reauthenticate for privilege escalation.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
+ 
+@@ -10684,7 +10716,8 @@ When operating systems provide the capability to escalate a functional capabilit
+           
+             RHEL-08-010390 - RHEL 8 must have the packages required for multifactor authentication installed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Using an authentication device, such as a DoD Common Access Card (CAC) or token that is separate from the information system, ensures that even if the information system is compromised, credentials stored on the authentication device will not be affected.
+ 
+@@ -10704,7 +10737,8 @@ This requirement only applies to components where this is specific to the functi
+           
+             RHEL-08-010430 - RHEL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
+ 
+@@ -10727,7 +10761,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010440 - YUM must remove all software components after updated versions have been installed on RHEL 8.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.
+           
+@@ -10739,7 +10774,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010460 - There must be no shosts.equiv files on the RHEL 8 operating system.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The "shosts.equiv" files are used to configure host-based authentication for the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.
+           
+@@ -10751,7 +10787,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010470 - There must be no .shosts files on the RHEL 8 operating system.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The ".shosts" files are used to configure host-based authentication for individual users or the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.
+           
+@@ -10763,7 +10800,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010480 - The RHEL 8 SSH public host key files must have mode 0644 or less permissive.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If a public host key file is modified by an unauthorized user, the SSH service may be compromised.
+           
+@@ -10776,7 +10814,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010490 - The RHEL 8 SSH private host key files must have mode 0640 or less permissive.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If an unauthorized user obtains the private SSH host key file, the host could be impersonated.
+           
+@@ -10789,7 +10828,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010500 - The RHEL 8 SSH daemon must perform strict mode checking of home directory configuration files.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If other users have access to modify user-specific SSH configuration files, they may be able to log on to the system as another user.
+           
+@@ -10802,7 +10842,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010520 - The RHEL 8 SSH daemon must not allow authentication using known hosts authentication.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Configuring this setting for the SSH daemon provides additional assurance that remote logon via SSH will require a password, even in the event of misconfiguration elsewhere.
+           
+@@ -10815,7 +10856,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010521 - The RHEL 8 SSH daemon must not allow Kerberos authentication, except to fulfill documented and validated mission requirements.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Configuring these settings for the SSH daemon provides additional assurance that remote logon via SSH will not use Kerberos authentication, even in the event of misconfiguration elsewhere.
+           
+@@ -10828,7 +10870,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010542 - RHEL 8 must use a separate file system for the system audit data path.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
+           
+@@ -10841,7 +10884,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010543 - A separate RHEL 8 filesystem must be used for the /tmp directory.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
+           
+@@ -10854,7 +10898,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010550 - RHEL 8 must not permit direct logons to the root account using remote access via SSH.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Even though the communications channel may be encrypted, an additional layer of security is gained by extending the policy of not logging on directly as root. In addition, logging on with a user-specific account provides individual accountability of actions performed on the system.
+           
+@@ -10867,7 +10912,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010560 - The auditd service must be running in RHEL 8.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Configuring RHEL 8 to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across the DoD that reflects the most restrictive security posture consistent with operational requirements.
+ 
+@@ -10882,7 +10928,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+           
+             RHEL-08-010561 - The rsyslog service must be running in RHEL 8.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Configuring RHEL 8 to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across the DoD that reflects the most restrictive security posture consistent with operational requirements.
+ 
+@@ -10897,12 +10944,13 @@ Configuration settings are the set of parameters that can be changed in hardware
+           
+             RHEL-08-010571 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on the /boot directory.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
+           
+           
+-            
++            
+             
+               
+               
+@@ -10913,7 +10961,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+           
+             RHEL-08-010580 - RHEL 8 must prevent special devices on non-root local partitions.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.  The only legitimate location for device files is the /dev directory located on the root partition.
+           
+@@ -10926,7 +10975,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+           
+             RHEL-08-010630 - RHEL 8 must prevent code from being executed on file systems that are imported via Network File System (NFS).
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The "noexec" mount option causes the system not to execute binary files. This option must be used for mounting any file system not containing approved binary as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
+           
+@@ -10939,7 +10989,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+           
+             RHEL-08-010640 - RHEL 8 must prevent special devices on file systems that are imported via Network File System (NFS).
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
+           
+@@ -10952,7 +11003,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+           
+             RHEL-08-010650 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on file systems that are imported via Network File System (NFS).
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
+           
+@@ -10965,7 +11017,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+           
+             RHEL-08-010671 - RHEL 8 must disable the kernel.core_pattern.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -10986,7 +11039,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010673 - RHEL 8 must disable core dumps for all users.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -11001,7 +11055,8 @@ A core dump includes a memory image taken at the time the operating system termi
+           
+             RHEL-08-010674 - RHEL 8 must disable storing core dumps.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -11015,7 +11070,8 @@ A core dump includes a memory image taken at the time the operating system termi
+           
+             RHEL-08-010675 - RHEL 8 must disable core dump backtraces.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -11029,7 +11085,8 @@ A core dump includes a memory image taken at the time the operating system termi
+           
+             RHEL-08-010760 - All RHEL 8 local interactive user accounts must be assigned a home directory upon creation
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.
+           
+@@ -11041,7 +11098,8 @@ A core dump includes a memory image taken at the time the operating system termi
+           
+             RHEL-08-010830 - RHEL 8 must not allow users to override SSH environment variables.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             SSH environment options potentially allow users to bypass access restriction in some configurations.
+           
+@@ -11054,7 +11112,8 @@ A core dump includes a memory image taken at the time the operating system termi
+           
+             RHEL-08-020010 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+ 
+@@ -11078,7 +11137,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
+           
+             RHEL-08-020011 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             In RHEL 8.2 the "/etc/security/faillock.conf" file was incorporated to centralize the configuration of the pam_faillock.so module.  Also introduced is a "local_users_only" option that will only track failed user authentication attempts for local users in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users to allow the centralized platform to solely manage user lockout.
+ 
+@@ -11093,7 +11153,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+           
+             RHEL-08-020012 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+ 
+@@ -11113,7 +11174,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
+           
+             RHEL-08-020013 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+ 
+@@ -11130,7 +11192,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+           
+             RHEL-08-020014 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+ 
+@@ -11152,7 +11215,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
+           
+             RHEL-08-020015 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+ 
+@@ -11169,7 +11233,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+           
+             RHEL-08-020018 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+ 
+@@ -11189,7 +11254,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
+           
+             RHEL-08-020019 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+ 
+@@ -11206,7 +11272,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+           
+             RHEL-08-020020 - RHEL 8 must log user name information when unsuccessful logon attempts occur.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+ 
+@@ -11226,7 +11293,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
+           
+             RHEL-08-020021 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+ 
+@@ -11243,7 +11311,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+           
+             RHEL-08-020022 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+ 
+@@ -11263,7 +11332,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
+           
+             RHEL-08-020023 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+ 
+@@ -11280,7 +11350,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+           
+             RHEL-08-020180 - RHEL 8 passwords must have a 24 hours/1 day minimum password lifetime restriction in /etc/shadow.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.
+           
+@@ -11293,7 +11364,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+           
+             RHEL-08-020190 - RHEL 8 passwords for new users or password changes must have a 24 hours/1 day minimum password lifetime restriction in /etc/logins.def.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.
+           
+@@ -11305,7 +11377,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+           
+             RHEL-08-020200 - RHEL 8 user account passwords must have a 60-day maximum password lifetime restriction.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If RHEL 8 does not limit the lifetime of passwords and force users to change their passwords, there is the risk that RHEL 8 passwords could be compromised.
+           
+@@ -11317,7 +11390,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+           
+             RHEL-08-020231 - RHEL 8 passwords for new users must have a minimum of 15 characters.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
+ 
+@@ -11333,7 +11407,8 @@ The DoD minimum password requirement is 15 characters.
+           
+             RHEL-08-020260 - RHEL 8 account identifiers (individuals, groups, roles, and devices) must be disabled after 35 days of inactivity.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained.
+ 
+@@ -11347,7 +11422,8 @@ RHEL 8 needs to track periods of inactivity and disable application identifiers
+           
+             RHEL-08-021400 - RHEL 8 must prevent the use of dictionary words for passwords.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If RHEL 8 allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses, and brute-force attacks.
+           
+@@ -11359,7 +11435,8 @@ RHEL 8 needs to track periods of inactivity and disable application identifiers
+           
+             RHEL-08-020310 - RHEL 8 must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Configuring the operating system to implement organization-wide security implementation guides and security checklists verifies compliance with federal standards and establishes a common security baseline across the DoD that reflects the most restrictive security posture consistent with operational requirements.
+ 
+@@ -11373,7 +11450,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+           
+             RHEL-08-020330 - RHEL 8 must not have accounts configured with blank or null passwords.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.
+           
+@@ -11385,7 +11463,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+           
+             RHEL-08-020350 - RHEL 8 must display the date and time of the last successful account logon upon an SSH logon.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Providing users with feedback on when account accesses via SSH last occurred facilitates user recognition and reporting of unauthorized account use.
+           
+@@ -11398,7 +11477,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+           
+             RHEL-08-020351 - RHEL 8 must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Setting the most restrictive default permissions ensures that when new accounts are created, they do not have unnecessary access.
+           
+@@ -11410,7 +11490,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+           
+             RHEL-08-030000 - The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.
+           
+@@ -11426,7 +11507,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+           
+             RHEL-08-030020 - The RHEL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
+ 
+@@ -11442,7 +11524,8 @@ This requirement applies to each audit data storage repository (i.e., distinct i
+           
+             RHEL-08-030040 - The RHEL 8 System must take appropriate action when an audit processing failure occurs.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
+ 
+@@ -11458,7 +11541,8 @@ This requirement applies to each audit data storage repository (i.e., distinct i
+           
+             RHEL-08-030060 - The RHEL 8 audit system must take appropriate action when the audit storage volume is full.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is critical that when RHEL 8 is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode.
+ 
+@@ -11476,7 +11560,8 @@ When availability is an overriding concern, other approved actions in response t
+           
+             RHEL-08-030061 - The RHEL 8 audit system must audit local events.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
+ 
+@@ -11490,7 +11575,8 @@ Audit record content that may be necessary to satisfy this requirement includes,
+           
+             RHEL-08-030062 - RHEL 8 must label all off-loaded audit logs before sending them to the central log server.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
+ 
+@@ -11508,7 +11594,8 @@ When audit logs are not labeled before they are sent to a central log server, th
+           
+             RHEL-08-030063 - RHEL 8 must resolve audit information before writing to disk.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
+ 
+@@ -11524,7 +11611,8 @@ Enriched logging aids in making sense of who, what, and when events occur on a s
+           
+             RHEL-08-030080 - RHEL 8 audit logs must be owned by root to prevent unauthorized read access.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+ 
+@@ -11538,7 +11626,8 @@ The structure and content of error messages must be carefully considered by the
+           
+             RHEL-08-030090 - RHEL 8 audit logs must be group-owned by root to prevent unauthorized read access.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
+ 
+@@ -11552,7 +11641,8 @@ Audit information includes all information (e.g., audit records, audit settings,
+           
+             RHEL-08-030100 - RHEL 8 audit log directory must be owned by root to prevent unauthorized read access.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
+ 
+@@ -11566,7 +11656,8 @@ Audit information includes all information (e.g., audit records, audit settings,
+           
+             RHEL-08-030110 - RHEL 8 audit log directory must be group-owned by root to prevent unauthorized read access.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
+ 
+@@ -11580,7 +11671,8 @@ Audit information includes all information (e.g., audit records, audit settings,
+           
+             RHEL-08-030120 - RHEL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
+ 
+@@ -11594,7 +11686,8 @@ Audit information includes all information (e.g., audit records, audit settings,
+           
+             RHEL-08-030121 - RHEL 8 audit system must protect auditing rules from unauthorized change.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
+ 
+@@ -11610,7 +11703,8 @@ In immutable mode, unauthorized users cannot execute changes to the audit system
+           
+             RHEL-08-030122 - RHEL 8 audit system must protect logon UIDs from unauthorized change.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
+ 
+@@ -11626,7 +11720,8 @@ In immutable mode, unauthorized users cannot execute changes to the audit system
+           
+             RHEL-08-030130 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11641,7 +11736,8 @@ Audit records can be generated from various components within the information sy
+           
+             RHEL-08-030140 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11656,7 +11752,8 @@ Audit records can be generated from various components within the information sy
+           
+             RHEL-08-030150 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11671,7 +11768,8 @@ Audit records can be generated from various components within the information sy
+           
+             RHEL-08-030160 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11686,7 +11784,8 @@ Audit records can be generated from various components within the information sy
+           
+             RHEL-08-030170 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11701,7 +11800,8 @@ Audit records can be generated from various components within the information sy
+           
+             RHEL-08-030171 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11716,7 +11816,8 @@ Audit records can be generated from various components within the information sy
+           
+             RHEL-08-030172 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11731,7 +11832,8 @@ Audit records can be generated from various components within the information sy
+           
+             RHEL-08-030180 - The RHEL 8 audit package must be installed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
+ 
+@@ -11747,7 +11849,8 @@ Associating event types with detected events in RHEL 8 audit logs provides a mea
+           
+             RHEL-08-030190 - Successful/unsuccessful uses of the su command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11764,7 +11867,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030200 - The RHEL 8 audit system must be configured to audit any usage of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr and lremovexattr system calls.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11811,7 +11915,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+           
+             RHEL-08-030250 - Successful/unsuccessful uses of the chage command in RHEL 8 must generate an audit record
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11830,7 +11935,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
+           
+             RHEL-08-030260 - Successful/unsuccessful uses of the chcon command in RHEL 8 must generate an audit record
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11849,7 +11955,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
+           
+             RHEL-08-030280 - Successful/unsuccessful uses of the ssh-agent in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11866,7 +11973,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030290 - Successful/unsuccessful uses of the passwd command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11883,7 +11991,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030300 - Successful/unsuccessful uses of the mount command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11900,7 +12009,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030301 - Successful/unsuccessful uses of the umount command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11917,7 +12027,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030302 - Successful/unsuccessful uses of the mount syscall in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -11935,7 +12046,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030310 - Successful/unsuccessful uses of the unix_update in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+ 
+@@ -11952,7 +12064,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030311 - Successful/unsuccessful uses of postdrop in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+ 
+@@ -11969,7 +12082,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030312 - Successful/unsuccessful uses of postqueue in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+ 
+@@ -11986,7 +12100,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030313 - Successful/unsuccessful uses of semanage in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+ 
+@@ -12003,7 +12118,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030314 - Successful/unsuccessful uses of setfiles in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+ 
+@@ -12020,7 +12136,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030315 - Successful/unsuccessful uses of userhelper in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+ 
+@@ -12037,7 +12154,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030316 - Successful/unsuccessful uses of setsebool in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+ 
+@@ -12054,7 +12172,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030317 - Successful/unsuccessful uses of unix_chkpwd in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
+ 
+@@ -12071,7 +12190,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030320 - Successful/unsuccessful uses of the ssh-keysign in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12088,7 +12208,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030330 - Successful/unsuccessful uses of the setfacl command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12105,7 +12226,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030340 - Successful/unsuccessful uses of the pam_timestamp_check command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12122,7 +12244,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030350 - Successful/unsuccessful uses of the newgrp command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12139,7 +12262,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030360 - Successful/unsuccessful uses of the init_module and finit_module command system calls in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12161,7 +12285,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+           
+             RHEL-08-030361 - Successful/unsuccessful uses of the rename, unlink, rmdir, renameat and unlinkat commandsystem calls in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12192,7 +12317,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+           
+             RHEL-08-030370 - Successful/unsuccessful uses of the gpasswd command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12209,7 +12335,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030390 - Successful/unsuccessful uses of the delete_module command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12227,7 +12354,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030400 - Successful/unsuccessful uses of the crontab command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12244,7 +12372,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030410 - Successful/unsuccessful uses of the chsh command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12261,7 +12390,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030420 - Successful/unsuccessful uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12306,7 +12436,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+           
+             RHEL-08-030480 - Successful/unsuccessful uses of the chown, fchown, fchownat and lchown system calls in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12335,7 +12466,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+           
+             RHEL-08-030490 - Successful/unsuccessful uses of the chmod, fchmod and fchmodat system calls in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12360,7 +12492,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+           
+             RHEL-08-030550 - Successful/unsuccessful uses of the sudo command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12377,7 +12510,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030560 - Successful/unsuccessful uses of the usermod command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12394,7 +12528,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030570 - Successful/unsuccessful uses of the chacl command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12411,7 +12546,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+           
+             RHEL-08-030580 - Successful/unsuccessful uses of the kmod command in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12438,7 +12574,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
+           
+             RHEL-08-030600 - Successful/unsuccessful modifications to the lastlog file in RHEL 8 must generate an audit record.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+ 
+@@ -12465,7 +12602,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
+           
+             RHEL-08-030610 - RHEL 8 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without the capability to restrict the roles and individuals that can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+           
+@@ -12478,7 +12616,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
+           
+             RHEL-08-030620 - RHEL 8 audit tools must have a mode of 0755 or less permissive.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
+ 
+@@ -12494,7 +12633,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+           
+             RHEL-08-030630 - RHEL 8 audit tools must be owned by root.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
+ 
+@@ -12510,7 +12650,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+           
+             RHEL-08-030640 - RHEL 8 audit tools must be group-owned by root.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
+ 
+@@ -12526,7 +12667,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+           
+             RHEL-08-030680 - RHEL 8 must have the packages required for encrypting offloaded audit logs installed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
+ 
+@@ -12549,7 +12691,8 @@ Note that a port number was given as there is no standard port for RELP.
+             RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
+ 
+@@ -12565,7 +12708,8 @@ RHEL 8 installation media provides "rsyslogd".  "rsyslogd" is a system utility p
+           
+             RHEL-08-030730 - RHEL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.
+           
+@@ -12577,7 +12721,8 @@ RHEL 8 installation media provides "rsyslogd".  "rsyslogd" is a system utility p
+           
+             RHEL-08-030741 - RHEL 8 must disable the chrony daemon from acting as a server.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
+ 
+@@ -12595,7 +12740,8 @@ Note that USNO offers authenticated NTP service to DoD and U.S. Government agenc
+           
+             RHEL-08-030742 - RHEL 8 must disable network management of the chrony daemon.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
+ 
+@@ -12613,7 +12759,8 @@ Note that USNO offers authenticated NTP service to DoD and U.S. Government agenc
+           
+             RHEL-08-040000 - RHEL 8 must not have the telnet-server package installed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -12635,7 +12782,8 @@ If a privileged user were to log on using this service, the privileged user pass
+           
+             RHEL-08-040001 - RHEL 8 must not have any automated bug reporting tools installed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -12653,7 +12801,8 @@ Verify the operating system is configured to disable non-essential capabilities.
+           
+             RHEL-08-040002 - RHEL 8 must not have the sendmail package installed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -12671,7 +12820,8 @@ Verify the operating system is configured to disable non-essential capabilities.
+           
+             RHEL-08-040010 - RHEL 8 must not have the rsh-server package installed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -12689,7 +12839,8 @@ If a privileged user were to log on using this service, the privileged user pass
+           
+             RHEL-08-040060 - RHEL 8 must enforce SSHv2 for network access to all accounts.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             A replay attack may enable an unauthorized user to gain access to RHEL 8. Authentication sessions between the authenticator and RHEL 8 validating the user credentials must not be vulnerable to a replay attack.
+ 
+@@ -12710,7 +12861,8 @@ RHEL 8 incorporates OpenSSH as a default ssh provider. OpenSSH has been a 100 pe
+           
+             RHEL-08-040120 - RHEL 8 must mount /dev/shm with the nodev option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12729,7 +12881,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040121 - RHEL 8 must mount /dev/shm with the nosuid option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12746,7 +12899,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040122 - RHEL 8 must mount /dev/shm with the noexec option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12765,7 +12919,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040123 - RHEL 8 must mount /tmp with the nodev option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12785,7 +12940,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040124 - RHEL 8 must mount /tmp with the nosuid option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12803,7 +12959,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040125 - RHEL 8 must mount /tmp with the noexec option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12823,7 +12980,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040126 - RHEL 8 must mount /var/log with the nodev option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12843,7 +13001,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040127 - RHEL 8 must mount /var/log with the nosuid option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12863,7 +13022,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040128 - RHEL 8 must mount /var/log with the noexec option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12883,7 +13043,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040129 - RHEL 8 must mount /var/log/audit with the nodev option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12903,7 +13064,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040130 - RHEL 8 must mount /var/log/audit with the nosuid option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12923,7 +13085,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040131 - RHEL 8 must mount /var/log/audit with the noexec option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12943,7 +13106,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040132 - RHEL 8 must mount /var/tmp with the nodev option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12962,7 +13126,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040133 - RHEL 8 must mount /var/tmp with the nosuid option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -12981,7 +13146,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040134 - RHEL 8 must mount /var/tmp with the noexec option.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+ 
+@@ -13000,7 +13166,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+           
+             RHEL-08-040160 - All RHEL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. 
+ 
+@@ -13017,7 +13184,8 @@ Protecting the confidentiality and integrity of organizational information can b
+           
+             RHEL 8 must force a frequent session key renegotiation for SSH connections to the server.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. 
+ 
+@@ -13036,7 +13204,8 @@ Session key regeneration limits the chances of a session key becoming compromise
+           
+             RHEL-08-040172 - The systemd Ctrl-Alt-Delete burst key sequence in RHEL 8 must be disabled.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.
+           
+@@ -13048,7 +13217,8 @@ Session key regeneration limits the chances of a session key becoming compromise
+           
+             RHEL-08-040190 - The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for RHEL 8 operational support.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If TFTP is required for operational support (such as the transmission of router configurations) its use must be documented with the Information System Security Officer (ISSO), restricted to only authorized personnel, and have access control rules established.
+           
+@@ -13060,7 +13230,8 @@ Session key regeneration limits the chances of a session key becoming compromise
+           
+             RHEL-08-040200 - The root account must be the only account having unrestricted access to the RHEL 8 system.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If an account other than root also has a User Identifier (UID) of "0", it has root authority, giving that account unrestricted access to the entire operating system. Multiple accounts with a UID of "0" afford an opportunity for potential intruders to guess a password for a privileged account.
+           
+@@ -13072,7 +13243,8 @@ Session key regeneration limits the chances of a session key becoming compromise
+           
+             RHEL-08-040210 - RHEL 8 must prevent Internet Control Message Protocol (ICMP) redirect messages from being accepted.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
+ 
+@@ -13096,7 +13268,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040220 - RHEL 8 must not send Internet Control Message Protocol (ICMP) redirects.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
+ 
+@@ -13119,7 +13292,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040230 - RHEL 8 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Responding to broadcast ICMP echoes facilitates network mapping and provides a vector for amplification attacks.
+ 
+@@ -13142,7 +13316,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040240 - RHEL 8 must not forward source-routed packets.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
+ 
+@@ -13166,7 +13341,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040250 - RHEL 8 must not forward source-routed packets by default.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
+ 
+@@ -13190,7 +13366,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040260 - RHEL 8 must not be performing packet forwarding unless the system is a router.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
+ 
+@@ -13214,7 +13391,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040261 - RHEL 8 must not accept router advertisements on all IPv6 interfaces.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
+ 
+@@ -13240,7 +13418,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040262 - RHEL 8 must not accept router advertisements on all IPv6 interfaces by default.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
+ 
+@@ -13266,7 +13445,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040270 - RHEL 8 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
+ 
+@@ -13289,7 +13469,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040280 - RHEL 8 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
+ 
+@@ -13313,7 +13494,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040281 - RHEL 8 must disable access to network bpf syscall from unprivileged processes.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -13334,7 +13516,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040282 - RHEL 8 must restrict usage of ptrace to descendant processes.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -13355,7 +13538,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040283 - RHEL 8 must restrict exposed kernel pointer addresses access.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -13376,7 +13560,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040284 - RHEL 8 must disable the use of user namespaces.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -13397,7 +13582,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040285 - RHEL 8 must use reverse path filtering on all IPv4 interfaces.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -13418,7 +13604,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040290 - RHEL 8 must be configured to prevent unrestricted mail relaying.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.
+           
+@@ -13431,7 +13618,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-040340 - RHEL 8 remote X connections for interactive users must be disabled unless to fulfill documented and validated mission requirements.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The security risk of using X11 forwarding is that the client's X11 display server may be exposed to attack when the SSH client requests forwarding.  A system administrator may have a stance in which they want to protect clients that may expose themselves to attack by unwittingly requesting X11 forwarding, which can warrant a ''no'' setting.
+ X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X11 authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring if the ForwardX11Trusted option is also enabled.
+@@ -13446,7 +13634,8 @@ If X11 services are not required for the system's intended function, they should
+           
+             RHEL-08-040341 - The RHEL 8 SSH daemon must prevent remote hosts from connecting to the proxy display.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display is configured to listen on the wildcard address. By default, sshd binds the forwarding server to the loopback address and sets the hostname part of the DIPSLAY environment variable to localhost. This prevents remote hosts from connecting to the proxy display.
+           
+@@ -13459,7 +13648,8 @@ If X11 services are not required for the system's intended function, they should
+           
+             RHEL-08-040350 - If the Trivial File Transfer Protocol (TFTP) server is required, the RHEL 8 TFTP daemon must be configured to operate in secure mode.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.
+           
+@@ -13472,7 +13662,8 @@ If X11 services are not required for the system's intended function, they should
+           
+             RHEL-08-040360 - A File Transfer Protocol (FTP) server package must not be installed unless mission essential on RHEL 8.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The FTP service provides an unencrypted remote access that does not provide for the confidentiality and integrity of user passwords or the remote session. If a privileged user were to log on using this service, the privileged user password could be compromised. SSH or other encrypted file transfer methods must be used in place of this service.
+           
+@@ -13484,7 +13675,8 @@ If X11 services are not required for the system's intended function, they should
+           
+             RHEL-08-040380 - The iprutils package must not be installed unless mission essential on RHEL 8.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -13500,7 +13692,8 @@ The iprutils package provides a suite of utilities to manage and configure SCSI
+           
+             RHEL-08-040390 - The tuned package must not be installed unless mission essential on RHEL 8.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -13516,7 +13709,8 @@ The tuned package contains a daemon that tunes the system settings dynamically.
+           
+             RHEL-08-030670 - RHEL 8 must have the packages required for offloading audit logs installed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
+ 
+@@ -13539,7 +13733,8 @@ Note that a port number was given as there is no standard port for RELP.
+             RHEL-08-010163 - The krb5-server package must not be installed on RHEL 8.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
+ 
+@@ -13558,7 +13753,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
+           
+             RHEL-08-010382 - RHEL 8 must restrict privilege elevation to authorized personnel.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms your request to execute a command by checking a file, called sudoers. If the "sudoers" file is not configured correctly, any user defined on the system can initiate privileged actions on the target system.
+           
+@@ -13571,7 +13767,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
+           
+             RHEL-08-010383 - RHEL 8 must use the invoking user's password for privilege escalation when using "sudo".
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authentication, it validates the invoking user's credentials. If the rootpw, targetpw, or runaspw flags are defined and not disabled, by default the operating system will prompt the invoking user for the "root" user password. 
+ For more information on each of the listed configurations, reference the sudoers(5) manual page.
+@@ -13595,7 +13792,8 @@ For more information on each of the listed configurations, reference the sudoers
+           
+             RHEL-08-010384 - RHEL 8 must require re-authentication when using the "sudo" command.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
+ 
+@@ -13611,7 +13809,8 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
+           
+             RHEL-08-020332 - RHEL 8 must not allow blank or null passwords in the password-auth file.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.
+           
+@@ -13623,7 +13822,8 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
+           
+             RHEL-08-040286 - RHEL 8 must enable hardening for the Berkeley Packet Filter Just-in-time compiler.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -13646,7 +13846,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010121 - The RHEL 8 operating system must not have accounts configured with blank or null passwords.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.
+           
+@@ -13658,7 +13859,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010000 - RHEL 8 must be a vendor-supported release.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.
+ 
+@@ -13673,7 +13875,8 @@ Note: The life-cycle time spans and dates are subject to adjustment.
+             RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the Federal Government since this provides assurance they have been tested and validated.
+ 
+@@ -13691,7 +13894,8 @@ Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPO
+           
+             RHEL-08-010160 - The RHEL 8 pam_unix.so module must be configured in the password-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
+ 
+@@ -13707,7 +13911,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
+           
+             RHEL-08-010200 - RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Terminating an idle SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle SSH session will also free up resources committed by the managed network element.
+ 
+@@ -13725,7 +13930,8 @@ Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000126-GPOS-00066, SRG-OS-000279-GPO
+           
+             RHEL-08-010300 - RHEL 8 system commands must have mode 755 or less permissive.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+ 
+@@ -13739,7 +13945,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
+           
+             RHEL-08-010371 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
+ 
+@@ -13755,7 +13962,8 @@ Verifying the authenticity of the software prior to installation validates the i
+           
+             RHEL-08-010450 - RHEL 8 must enable the SELinux targeted policy.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
+ 
+@@ -13769,7 +13977,8 @@ This requirement applies to operating systems performing security function verif
+           
+             RHEL-08-010540 - RHEL 8 must use a separate file system for /var.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
+           
+@@ -13781,7 +13990,8 @@ This requirement applies to operating systems performing security function verif
+           
+             RHEL-08-010541 - RHEL 8 must use a separate file system for /var/log.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
+           
+@@ -13793,7 +14003,8 @@ This requirement applies to operating systems performing security function verif
+           
+             RHEL-08-020024 - RHEL 8 must limit the number of concurrent sessions to ten for all accounts and/or account types.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to DoS attacks.
+ 
+@@ -13807,7 +14018,8 @@ This requirement addresses concurrent sessions for information system accounts a
+           
+             RHEL-08-020100 - RHEL 8 must ensure the password complexity module is enabled in the password-auth file.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. "pwquality" enforces complex password construction configuration and has the ability to limit brute-force attacks on the system.
+ 
+@@ -13823,7 +14035,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. This
+           
+             RHEL-08-020110 - RHEL 8 must enforce password complexity by requiring that at least one uppercase character be used.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+ 
+@@ -13839,7 +14052,8 @@ RHEL 8 utilizes pwquality as a mechanism to enforce password complexity. Note th
+           
+             RHEL-08-020120 - RHEL 8 must enforce password complexity by requiring that at least one lower-case character be used.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+ 
+@@ -13855,7 +14069,8 @@ RHEL 8 utilizes pwquality as a mechanism to enforce password complexity. Note th
+           
+             RHEL-08-020130 - RHEL 8 must enforce password complexity by requiring that at least one numeric character be used.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+ 
+@@ -13871,7 +14086,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. Note
+           
+             RHEL-08-020140 - RHEL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+ 
+@@ -13887,7 +14103,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
+           
+             RHEL-08-020150 - RHEL 8 must require the maximum number of repeating characters be limited to three when passwords are changed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+ 
+@@ -13903,7 +14120,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
+           
+             RHEL-08-020160 - RHEL 8 must require the change of at least four character classes when passwords are changed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+ 
+@@ -13919,7 +14137,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
+           
+             RHEL-08-020170 - RHEL 8 must require the change of at least 8 characters when passwords are changed.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+ 
+@@ -13935,7 +14154,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
+           
+             RHEL-08-020210 - RHEL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If RHEL 8 does not limit the lifetime of passwords and force users to change their passwords, there is the risk that RHEL 8 passwords could be compromised.
+           
+@@ -13947,7 +14167,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
+           
+             RHEL-08-020230 - RHEL 8 passwords must have a minimum of 15 characters.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
+ 
+@@ -13967,7 +14188,8 @@ The DoD minimum password requirement is 15 characters.
+           
+             RHEL-08-020280 - All RHEL 8 passwords must contain at least one special character.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
+ 
+@@ -13983,7 +14205,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. Note
+           
+             RHEL-08-020290 - RHEL 8 must prohibit the use of cached authentications after one day.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If cached authentication information is out-of-date, the validity of the authentication information may be questionable.
+ 
+@@ -13997,7 +14220,8 @@ RHEL 8 includes multiple options for configuring authentication, but this requir
+           
+             RHEL-08-020340 - RHEL 8 must display the date and time of the last successful account logon upon logon.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Providing users with feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use.
+           
+@@ -14009,7 +14233,8 @@ RHEL 8 includes multiple options for configuring authentication, but this requir
+           
+             RHEL-08-030070 - RHEL 8 audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+ 
+@@ -14025,7 +14250,8 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
+           
+             RHEL-08-040021 - RHEL 8 must disable the asynchronous transfer mode (ATM) protocol.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -14041,7 +14267,8 @@ The Asynchronous Transfer Mode (ATM) is a protocol operating on network, data li
+           
+             RHEL-08-040022 - RHEL 8 must disable the controller area network (CAN) protocol.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -14057,7 +14284,8 @@ The Controller Area Network (CAN) is a serial communications protocol, which was
+           
+             RHEL-08-040023 - RHEL 8 must disable the stream control transmission protocol (SCTP).
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -14073,7 +14301,8 @@ The Stream Control Transmission Protocol (SCTP) is a transport layer protocol, d
+           
+             RHEL-08-040024 - RHEL 8 must disable the transparent inter-process communication (TIPC) protocol.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -14089,7 +14318,8 @@ The Transparent Inter-Process Communication (TIPC) protocol is designed to provi
+           
+             RHEL-08-040025 - RHEL 8 must disable mounting of cramfs.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -14105,7 +14335,8 @@ Compressed ROM/RAM file system (or cramfs) is a read-only file system designed f
+           
+             RHEL-08-040026 - RHEL 8 must disable IEEE 1394 (FireWire) Support.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -14119,7 +14350,8 @@ The IEEE 1394 (FireWire) is a serial bus standard for high-speed real-time commu
+           
+             RHEL-08-040080 - RHEL 8 must be configured to disable USB mass storage.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity.
+ 
+@@ -14133,7 +14365,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163
+           
+             RHEL-08-040111 - RHEL 8 Bluetooth must be disabled.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Without protection of communications with wireless peripherals, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read, altered, or used to compromise the RHEL 8 operating system.
+ 
+@@ -14149,7 +14382,8 @@ Protecting the confidentiality and integrity of communications with wireless per
+           
+             RHEL-08-040370 - The gssproxy package must not be installed unless mission essential on RHEL 8.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+ 
+@@ -14165,7 +14399,8 @@ The gssproxy package is a proxy for GSS API credential handling and could expose
+           
+             RHEL-08-010159 - The RHEL 8 pam_unix.so module must be configured in the system-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
+ 
+@@ -14181,7 +14416,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
+           
+             RHEL-08-020102 - RHEL 8 systems below version 8.4 must ensure the password complexity module in the system-auth file is configured for three retries or less.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. "pwquality" enforces complex password construction configuration and has the ability to limit brute-force attacks on the system.
+ 
+@@ -14199,7 +14435,8 @@ By limiting the number of attempts to meet the pwquality module complexity requi
+           
+             RHEL-08-020035 - RHEL 8 must terminate idle user sessions.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended.
+           
+@@ -14439,15 +14676,15 @@ By limiting the number of attempts to meet the pwquality module complexity requi
+           
+           
+         
+-        
++        
+           
+           
+         
+-        
++        
+           
+           
+         
+-        
++        
+           
+         
+         
+@@ -16259,18 +16496,18 @@ By limiting the number of attempts to meet the pwquality module complexity requi
+           ^\s*SHA_CRYPT_MAX_ROUNDS\s+(\d+)\b
+           1
+         
+-        
+-          /boot/efi/EFI/redhat/grub.cfg
++        
++          /boot/efi/EFI/almalinux/grub.cfg
+           ^\s*set\s+superusers\s*=\s*"(\w+)"\s*$
+           1
+         
+-        
+-          /boot/efi/EFI/redhat/user.cfg
++        
++          /boot/efi/EFI/almalinux/user.cfg
+           ^\s*GRUB2_PASSWORD=(\S+)\b
+           1
+         
+-        
+-          /boot/efi/EFI/redhat/grub.cfg
++        
++          /boot/efi/EFI/almalinux/grub.cfg
+         
+         
+           /boot/grub2/grub.cfg
+@@ -18753,7 +18990,8 @@ By limiting the number of attempts to meet the pwquality module complexity requi
+           
+             RHEL 8 is installed
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             
+             RHEL 8 is installed
+diff --git a/shared/references/disa-stig-rhel9-v2r1-xccdf-scap.xml b/shared/references/disa-stig-rhel9-v2r1-xccdf-scap.xml
+index 1c187bcb8..3b5dc3363 100644
+--- a/shared/references/disa-stig-rhel9-v2r1-xccdf-scap.xml
++++ b/shared/references/disa-stig-rhel9-v2r1-xccdf-scap.xml
+@@ -20786,7 +20786,7 @@ include "/etc/crypto-policies/back-ends/bind.config";
+           
+           
+             
+-              
++              
+               
+                 
+                 
+@@ -28886,7 +28886,7 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000426-GPOS-00190
+           
+           
+         
+-        
++        
+           
+         
+         
+@@ -32714,7 +32714,7 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000426-GPOS-00190
+           1
+         
+         
+-          /boot/efi/EFI/redhat/grub.cfg
++          /boot/efi/EFI/almalinux/grub.cfg
+         
+         
+           /etc/grub2-efi.cfg
+diff --git a/shared/templates/audit_rules_dac_modification/ansible.template b/shared/templates/audit_rules_dac_modification/ansible.template
+index 503895c33..33e242420 100644
+--- a/shared/templates/audit_rules_dac_modification/ansible.template
++++ b/shared/templates/audit_rules_dac_modification/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_dac_modification/bash.template b/shared/templates/audit_rules_dac_modification/bash.template
+index 5d782e0bd..11bd40b58 100644
+--- a/shared/templates/audit_rules_dac_modification/bash.template
++++ b/shared/templates/audit_rules_dac_modification/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
+ 
+ # First perform the remediation of the syscall rule
+ # Retrieve hardware architecture of the underlying system
+diff --git a/shared/templates/audit_rules_file_deletion_events/ansible.template b/shared/templates/audit_rules_file_deletion_events/ansible.template
+index 33b29b977..cbee8fdf7 100644
+--- a/shared/templates/audit_rules_file_deletion_events/ansible.template
++++ b/shared/templates/audit_rules_file_deletion_events/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_file_deletion_events/bash.template b/shared/templates/audit_rules_file_deletion_events/bash.template
+index b3eab4edb..da237aa3d 100644
+--- a/shared/templates/audit_rules_file_deletion_events/bash.template
++++ b/shared/templates/audit_rules_file_deletion_events/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
+ 
+ # First perform the remediation of the syscall rule
+ # Retrieve hardware architecture of the underlying system
+diff --git a/shared/templates/audit_rules_login_events/ansible.template b/shared/templates/audit_rules_login_events/ansible.template
+index 52d93ba02..18a26fc62 100644
+--- a/shared/templates/audit_rules_login_events/ansible.template
++++ b/shared/templates/audit_rules_login_events/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_login_events/bash.template b/shared/templates/audit_rules_login_events/bash.template
+index f0b83b1bf..72506c7ee 100644
+--- a/shared/templates/audit_rules_login_events/bash.template
++++ b/shared/templates/audit_rules_login_events/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
+ 
+ # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
+ 
+diff --git a/shared/templates/audit_rules_path_syscall/ansible.template b/shared/templates/audit_rules_path_syscall/ansible.template
+index 68b43b439..9d9ce2fad 100644
+--- a/shared/templates/audit_rules_path_syscall/ansible.template
++++ b/shared/templates/audit_rules_path_syscall/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_path_syscall/bash.template b/shared/templates/audit_rules_path_syscall/bash.template
+index 332c87def..cdcf6352c 100644
+--- a/shared/templates/audit_rules_path_syscall/bash.template
++++ b/shared/templates/audit_rules_path_syscall/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+ 
+ # First perform the remediation of the syscall rule
+ # Retrieve hardware architecture of the underlying system
+diff --git a/shared/templates/audit_rules_privileged_commands/ansible.template b/shared/templates/audit_rules_privileged_commands/ansible.template
+index 0e2a29c80..a78d71da2 100644
+--- a/shared/templates/audit_rules_privileged_commands/ansible.template
++++ b/shared/templates/audit_rules_privileged_commands/ansible.template
+@@ -1,7 +1,7 @@
+ {{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x=" -F perm=x" %}}
+ {{%- endif %}}
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
+index 181597906..f886020ab 100644
+--- a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
++++ b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ # packages = audit
+ 
+ source common.sh
+diff --git a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh
+index fd902a020..010590172 100644
+--- a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh
++++ b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ 
+ source common.sh
+ 
+diff --git a/shared/templates/audit_rules_syscall_events/ansible.template b/shared/templates/audit_rules_syscall_events/ansible.template
+index 16dec9827..5e953196e 100644
+--- a/shared/templates/audit_rules_syscall_events/ansible.template
++++ b/shared/templates/audit_rules_syscall_events/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_syscall_events/bash.template b/shared/templates/audit_rules_syscall_events/bash.template
+index bd5bb94cb..d1f68626a 100644
+--- a/shared/templates/audit_rules_syscall_events/bash.template
++++ b/shared/templates/audit_rules_syscall_events/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ 
+ # First perform the remediation of the syscall rule
+ # Retrieve hardware architecture of the underlying system
+diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
+index 40c2e96a1..87cd84907 100644
+--- a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
++++ b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
+index f41ed4106..7ba2388b6 100644
+--- a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
++++ b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
+ 
+ # First perform the remediation of the syscall rule
+ # Retrieve hardware architecture of the underlying system
+diff --git a/shared/templates/audit_rules_usergroup_modification/ansible.template b/shared/templates/audit_rules_usergroup_modification/ansible.template
+index 0ffb15ba1..a7ee3c41d 100644
+--- a/shared/templates/audit_rules_usergroup_modification/ansible.template
++++ b/shared/templates/audit_rules_usergroup_modification/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/grub2_bootloader_argument/ansible.template b/shared/templates/grub2_bootloader_argument/ansible.template
+index a573b6a1b..7011157d8 100644
+--- a/shared/templates/grub2_bootloader_argument/ansible.template
++++ b/shared/templates/grub2_bootloader_argument/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+ # reboot = true
+ # strategy = restrict
+ # complexity = medium
+diff --git a/shared/templates/grub2_bootloader_argument/bash.template b/shared/templates/grub2_bootloader_argument/bash.template
+index 7a7ba6899..ac12c1878 100644
+--- a/shared/templates/grub2_bootloader_argument/bash.template
++++ b/shared/templates/grub2_bootloader_argument/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
+ {{#
+    See the OVAL template for more comments.
+    Product-specific categorization should be synced across all template content types
+diff --git a/shared/templates/grub2_bootloader_argument/blueprint.template b/shared/templates/grub2_bootloader_argument/blueprint.template
+index 7e9ea909e..152f27303 100644
+--- a/shared/templates/grub2_bootloader_argument/blueprint.template
++++ b/shared/templates/grub2_bootloader_argument/blueprint.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+ {{%- if ARG_VARIABLE %}}
+ {{%- set ARG_NAME_VALUE = ARG_NAME ~ "=(blueprint-populate " ~ ARG_VARIABLE ~ ")" -%}}
+ {{%- endif %}}
+diff --git a/shared/templates/grub2_bootloader_argument/kickstart.template b/shared/templates/grub2_bootloader_argument/kickstart.template
+index c5051bcf7..846c0e661 100644
+--- a/shared/templates/grub2_bootloader_argument/kickstart.template
++++ b/shared/templates/grub2_bootloader_argument/kickstart.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = true
+ # strategy = restrict
+ # complexity = medium
+diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh
+index 4c25b2d95..26100fc4e 100644
+--- a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh
++++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ 
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # packages = grub2,grubby
+ 
+ source common.sh
+diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_grubenv_and_not_referenced.pass.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_grubenv_and_not_referenced.pass.sh
+index 59d4ddd5d..0eb224b52 100644
+--- a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_grubenv_and_not_referenced.pass.sh
++++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_grubenv_and_not_referenced.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ 
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # packages = grub2,grubby
+ 
+ {{%- if ARG_VARIABLE %}}
+diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_grubenv_but_referenced.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_grubenv_but_referenced.fail.sh
+index 98da43833..7bf517de2 100644
+--- a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_grubenv_but_referenced.fail.sh
++++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_grubenv_but_referenced.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ 
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # packages = grub2,grubby
+ 
+ source common.sh
+diff --git a/shared/templates/grub2_bootloader_argument/tests/correct_value_grubenv_only.pass.sh b/shared/templates/grub2_bootloader_argument/tests/correct_value_grubenv_only.pass.sh
+index 1a955c392..4944278bc 100644
+--- a/shared/templates/grub2_bootloader_argument/tests/correct_value_grubenv_only.pass.sh
++++ b/shared/templates/grub2_bootloader_argument/tests/correct_value_grubenv_only.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ 
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # packages = grub2,grubby
+ 
+ source common.sh
+diff --git a/shared/templates/grub2_bootloader_argument/tests/correct_value_mix_entries_and_grubenv.pass.sh b/shared/templates/grub2_bootloader_argument/tests/correct_value_mix_entries_and_grubenv.pass.sh
+index 888445d23..18efb9fb5 100644
+--- a/shared/templates/grub2_bootloader_argument/tests/correct_value_mix_entries_and_grubenv.pass.sh
++++ b/shared/templates/grub2_bootloader_argument/tests/correct_value_mix_entries_and_grubenv.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ 
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # packages = grub2,grubby
+ 
+ source common.sh
+diff --git a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
+index 0ee7a41ca..a31c37bc4 100644
+--- a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
++++ b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ 
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # packages = grub2,grubby
+ 
+ source common.sh
+diff --git a/shared/templates/grub2_bootloader_argument/tests/wrong_value_grubenv.fail.sh b/shared/templates/grub2_bootloader_argument/tests/wrong_value_grubenv.fail.sh
+index 75c487299..411b739e3 100644
+--- a/shared/templates/grub2_bootloader_argument/tests/wrong_value_grubenv.fail.sh
++++ b/shared/templates/grub2_bootloader_argument/tests/wrong_value_grubenv.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ 
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # packages = grub2,grubby
+ 
+ source common.sh
+diff --git a/shared/templates/grub2_bootloader_argument_absent/ansible.template b/shared/templates/grub2_bootloader_argument_absent/ansible.template
+index 51fc98b7a..c6b147d87 100644
+--- a/shared/templates/grub2_bootloader_argument_absent/ansible.template
++++ b/shared/templates/grub2_bootloader_argument_absent/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = true
+ # strategy = restrict
+ # complexity = medium
+diff --git a/shared/templates/grub2_bootloader_argument_absent/bash.template b/shared/templates/grub2_bootloader_argument_absent/bash.template
+index 8d7d6e9ea..18b900e51 100644
+--- a/shared/templates/grub2_bootloader_argument_absent/bash.template
++++ b/shared/templates/grub2_bootloader_argument_absent/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+ {{#
+    See the OVAL template for more comments.
+    Product-specific categorization should be synced across all template content types
+diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh
+index fc3db8ccd..a12bef4b2 100644
+--- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh
++++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ 
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # packages = grub2-tools,grubby
+ 
+ # Adds argument from kernel command line in /etc/default/grub
+diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_grubenv.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_grubenv.fail.sh
+index 4e4f5135e..3514796b5 100644
+--- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_grubenv.fail.sh
++++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_grubenv.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ 
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # packages = grub2-tools,grubby
+ 
+ # Adds audit argument from kernel command line in /boot/grub2/grubenv
+diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh
+index e51f669fd..00a74f76f 100644
+--- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh
++++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ 
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # packages = grub2-tools,grubby
+ 
+ # Adds argument with a value from kernel command line in /etc/default/grub
+diff --git a/shared/templates/kernel_module_disabled/ansible.template b/shared/templates/kernel_module_disabled/ansible.template
+index b3f7c4121..457c70957 100644
+--- a/shared/templates/kernel_module_disabled/ansible.template
++++ b/shared/templates/kernel_module_disabled/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
+ # reboot = true
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/kernel_module_disabled/bash.template b/shared/templates/kernel_module_disabled/bash.template
+index 5bf2bffce..683f24818 100644
+--- a/shared/templates/kernel_module_disabled/bash.template
++++ b/shared/templates/kernel_module_disabled/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
+ # reboot = true
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/kernel_module_disabled/kubernetes.template b/shared/templates/kernel_module_disabled/kubernetes.template
+index c77cebfbb..2820e9745 100644
+--- a/shared/templates/kernel_module_disabled/kubernetes.template
++++ b/shared/templates/kernel_module_disabled/kubernetes.template
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
+ # reboot = true
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/kernel_module_disabled/tests/missing_blacklist.fail.sh b/shared/templates/kernel_module_disabled/tests/missing_blacklist.fail.sh
+index 8a1319eed..fb20c3b4a 100644
+--- a/shared/templates/kernel_module_disabled/tests/missing_blacklist.fail.sh
++++ b/shared/templates/kernel_module_disabled/tests/missing_blacklist.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_ubuntu
+ 
+ echo > /etc/modprobe.d/{{{ KERNMODULE }}}.conf
+ echo "install {{{ KERNMODULE }}} /bin/true" > /etc/modprobe.d/{{{ KERNMODULE }}}.conf
+diff --git a/shared/templates/mount/anaconda.template b/shared/templates/mount/anaconda.template
+index fdcb4ee3e..0d1d8dc24 100644
+--- a/shared/templates/mount/anaconda.template
++++ b/shared/templates/mount/anaconda.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/mount/blueprint.template b/shared/templates/mount/blueprint.template
+index 56617467d..3cdacd4db 100644
+--- a/shared/templates/mount/blueprint.template
++++ b/shared/templates/mount/blueprint.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ 
+ [[customizations.filesystem]]
+ mountpoint = "{{{ MOUNTPOINT }}}"
+diff --git a/shared/templates/mount/kickstart.template b/shared/templates/mount/kickstart.template
+index fc2bdebd7..3c7833aa7 100644
+--- a/shared/templates/mount/kickstart.template
++++ b/shared/templates/mount/kickstart.template
+@@ -1,3 +1,3 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ 
+ logvol {{{ MOUNTPOINT }}} {{{ MIN_SIZE_MB }}}
+diff --git a/shared/templates/mount_option/anaconda.template b/shared/templates/mount_option/anaconda.template
+index 083b0ef00..14f7018a9 100644
+--- a/shared/templates/mount_option/anaconda.template
++++ b/shared/templates/mount_option/anaconda.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/mount_option_removable_partitions/anaconda.template b/shared/templates/mount_option_removable_partitions/anaconda.template
+index 8665fb913..07cd9e3ad 100644
+--- a/shared/templates/mount_option_removable_partitions/anaconda.template
++++ b/shared/templates/mount_option_removable_partitions/anaconda.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/package_installed/anaconda.template b/shared/templates/package_installed/anaconda.template
+index 0ac55f51f..dd0bcddea 100644
+--- a/shared/templates/package_installed/anaconda.template
++++ b/shared/templates/package_installed/anaconda.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/package_installed/bash.template b/shared/templates/package_installed/bash.template
+index d19004461..e0d4b55f3 100644
+--- a/shared/templates/package_installed/bash.template
++++ b/shared/templates/package_installed/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/package_installed/bootc.template b/shared/templates/package_installed/bootc.template
+index ddac8ef40..86cb91791 100644
+--- a/shared/templates/package_installed/bootc.template
++++ b/shared/templates/package_installed/bootc.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/package_installed/kickstart.template b/shared/templates/package_installed/kickstart.template
+index be0fc1de8..8284a5711 100644
+--- a/shared/templates/package_installed/kickstart.template
++++ b/shared/templates/package_installed/kickstart.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/package_removed/anaconda.template b/shared/templates/package_removed/anaconda.template
+index 489f9bb0f..0120d927c 100644
+--- a/shared/templates/package_removed/anaconda.template
++++ b/shared/templates/package_removed/anaconda.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/package_removed/bootc.template b/shared/templates/package_removed/bootc.template
+index 9e3535578..f0a418432 100644
+--- a/shared/templates/package_removed/bootc.template
++++ b/shared/templates/package_removed/bootc.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/package_removed/kickstart.template b/shared/templates/package_removed/kickstart.template
+index 486ebbbdc..963412bac 100644
+--- a/shared/templates/package_removed/kickstart.template
++++ b/shared/templates/package_removed/kickstart.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh b/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh
+index b3232cc93..ec32d65f7 100644
+--- a/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+ # remediation = none
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh b/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh
+index 24f5731f6..c118c9be0 100644
+--- a/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ pam_files=("password-auth" "system-auth")
+ 
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh
+index aa3ca061d..6d383b228 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh
+index 67c1b593b..74bb77abe 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # packages = authselect
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh
+index e770e300f..ceffa12a0 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+ authselect select sssd --force
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh
+index fd57152b8..0ee33185e 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+ authselect select sssd --force
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+index efb57601c..4127e7265 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh
+index e3ec96da0..56c6b75f3 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # packages = authselect
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh
+index 595b85192..392d025a0 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+ authselect select sssd --force
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
+index 0fa452ba0..8e9abbe3a 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr_include.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr_include.pass.sh
+index 54804685b..1c4b4f3e1 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr_include.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr_include.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr.fail.sh
+index 1ba8e0cda..02f0e77e9 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr_include.fail.sh
+index 321df77d9..756bdb524 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr_include.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_lenient_attr_include.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_stricter_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_stricter_attr.pass.sh
+index dc362ae00..36867bb2b 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_stricter_attr.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_stricter_attr.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh
+index 4aef9fb84..0b7cbcd5f 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr_include.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr_include.pass.sh
+index 203f640f5..a127500e8 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr_include.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_correct_attr_include.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_cloudinit.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_cloudinit.fail.sh
+index f623b6be4..8d4399023 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_cloudinit.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_cloudinit.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy.fail.sh
+index c825c0b08..746d6dfa4 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy_include.fail.sh
+index a8e723bee..a1e6b245c 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy_include.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_legacy_include.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer.fail.sh
+index d3f639a2b..b5d757274 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer_include.fail.sh
+index d3be7ffc3..5b4b11307 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer_include.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_lenient_attr_rainer_include.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_stricter_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_stricter_attr.pass.sh
+index c1c5758d8..3e7441a4a 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_stricter_attr.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/mixed_stricter_attr.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh
+index 3d3bbbd8e..ae10153cd 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_exceptions.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_exceptions.pass.sh
+index 868318728..d744d549d 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_exceptions.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_exceptions.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_include.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_include.pass.sh
+index 96e9ddaf3..8c8a59a3a 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_include.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_include.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_multiline_include.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_multiline_include.pass.sh
+index ec9296694..6bd64894b 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_multiline_include.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_correct_attr_multiline_include.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr.fail.sh
+index 9dcbe0c2e..b7f6323c9 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr_include.fail.sh
+index dc9ea0eef..9c6694804 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr_include.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_attr_include.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_multiline_attr_include.fail.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_multiline_attr_include.fail.sh
+index 6acb37ad7..d235e6249 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_multiline_attr_include.fail.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_lenient_multiline_attr_include.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_stricter_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_stricter_attr.pass.sh
+index abdb09c48..9cc24d061 100755
+--- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_stricter_attr.pass.sh
++++ b/shared/templates/rsyslog_logfiles_attributes_modify/tests/rainer_stricter_attr.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ # Declare variables used for the tests and define the create_rsyslog_test_logs function
+ source $SHARED/rsyslog_log_utils.sh
+diff --git a/shared/templates/sebool/ansible.template b/shared/templates/sebool/ansible.template
+index a17337508..1e9769b17 100644
+--- a/shared/templates/sebool/ansible.template
++++ b/shared/templates/sebool/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/sebool/bash.template b/shared/templates/sebool/bash.template
+index ecfd73fa8..6c515ced4 100644
+--- a/shared/templates/sebool/bash.template
++++ b/shared/templates/sebool/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/service_disabled/bash.template b/shared/templates/service_disabled/bash.template
+index c8b6826b2..6bbb8eb2a 100644
+--- a/shared/templates/service_disabled/bash.template
++++ b/shared/templates/service_disabled/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+ # reboot = false
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/service_disabled/kickstart.template b/shared/templates/service_disabled/kickstart.template
+index d1e39ae29..7ecd5523e 100644
+--- a/shared/templates/service_disabled/kickstart.template
++++ b/shared/templates/service_disabled/kickstart.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/service_disabled/kubernetes.template b/shared/templates/service_disabled/kubernetes.template
+index 1ab456524..724e7b779 100644
+--- a/shared/templates/service_disabled/kubernetes.template
++++ b/shared/templates/service_disabled/kubernetes.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu
+ # reboot = true
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/service_enabled/bash.template b/shared/templates/service_enabled/bash.template
+index d290a399a..2dc4121f9 100644
+--- a/shared/templates/service_enabled/bash.template
++++ b/shared/templates/service_enabled/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/service_enabled/kickstart.template b/shared/templates/service_enabled/kickstart.template
+index 451af774a..27ac615a2 100644
+--- a/shared/templates/service_enabled/kickstart.template
++++ b/shared/templates/service_enabled/kickstart.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/sysctl/bash.template b/shared/templates/sysctl/bash.template
+index b3aafbc27..f2755cdc1 100644
+--- a/shared/templates/sysctl/bash.template
++++ b/shared/templates/sysctl/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_debian,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_debian,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
+ # reboot = true
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/systemd_mount_enabled/anaconda.template b/shared/templates/systemd_mount_enabled/anaconda.template
+index 42ec0778d..475010b6a 100644
+--- a/shared/templates/systemd_mount_enabled/anaconda.template
++++ b/shared/templates/systemd_mount_enabled/anaconda.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/zipl_bls_entries_option/ansible.template b/shared/templates/zipl_bls_entries_option/ansible.template
+index 73810f216..54434bb42 100644
+--- a/shared/templates/zipl_bls_entries_option/ansible.template
++++ b/shared/templates/zipl_bls_entries_option/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # reboot = true
+ # strategy = configure
+ # complexity = medium
+diff --git a/shared/templates/zipl_bls_entries_option/bash.template b/shared/templates/zipl_bls_entries_option/bash.template
+index e14d59dfc..1b236a130 100644
+--- a/shared/templates/zipl_bls_entries_option/bash.template
++++ b/shared/templates/zipl_bls_entries_option/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ 
+ # Correct BLS option using grubby, which is a thin wrapper around BLS operations
+ grubby --update-kernel=ALL --args="{{{ ARG_NAME }}}={{{ ARG_VALUE }}}"
+diff --git a/ssg/constants.py b/ssg/constants.py
+index 6fefa4ed1..286465e77 100644
+--- a/ssg/constants.py
++++ b/ssg/constants.py
+@@ -40,6 +40,7 @@ SSG_REF_URIS = {
+ product_directories = [
+     'alinux2',
+     'alinux3',
++    'almalinux8',
+     'anolis8',
+     'anolis23',
+     'al2023',
+@@ -203,6 +204,7 @@ PKG_MANAGER_TO_CONFIG_FILE = {
+ FULL_NAME_TO_PRODUCT_MAPPING = {
+     "Alibaba Cloud Linux 2": "alinux2",
+     "Alibaba Cloud Linux 3": "alinux3",
++    "AlmaLinux 8": "almalinux8",
+     "Anolis OS 8": "anolis8",
+     "Anolis OS 23": "anolis23",
+     "Amazon Linux 2023": "al2023",
+@@ -284,7 +286,7 @@ REFERENCES = dict(
+ )
+ 
+ 
+-MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
++MULTI_PLATFORM_LIST = ["almalinux", "rhel", "fedora", "rhv", "debian", "ubuntu",
+                        "openeuler", "kylinserver",
+                        "opensuse", "sle", "ol", "ocp", "rhcos",
+                        "example", "eks", "alinux", "anolis", "openembedded", "al",
+@@ -292,6 +294,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
+ 
+ MULTI_PLATFORM_MAPPING = {
+     "multi_platform_alinux": ["alinux2", "alinux3"],
++    "multi_platform_almalinux": ["almalinux8"],
+     "multi_platform_anolis": ["anolis8", "anolis23"],
+     "multi_platform_debian": ["debian11", "debian12"],
+     "multi_platform_example": ["example"],
+@@ -439,6 +442,7 @@ MAKEFILE_ID_TO_PRODUCT_MAP = {
+     'eks': 'Amazon Elastic Kubernetes Service',
+     'al': 'Amazon Linux',
+     'openembedded': 'OpenEmbedded',
++    'almalinux': 'AlmaLinux',
+ }
+ 
+ # References that can not be used with product-qualifiers
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
+index ff0b30f03..0116294f1 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
++++ b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
+index b607202c5..621420882 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # packages = crypto-policies-scripts
+ 
+ # IMPORTANT: This is a false negative scenario.
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh
+index e5b598342..539ea8f3c 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # packages = crypto-policies-scripts
+ 
+ update-crypto-policies --set "DEFAULT"
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh
+index 7be3c82f3..776f79f4c 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # packages = crypto-policies-scripts
+ 
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh
+index 261dc3f96..e6a2f5d0e 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
+ # packages = crypto-policies-scripts
+ 
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh
+index 356aa3ffe..05dd9be57 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
+ # packages = crypto-policies-scripts
+ 
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh
+index 06bd713dd..8de885e50 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # packages = crypto-policies-scripts
+ 
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
+index 56a081eca..a5383733b 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # packages = crypto-policies-scripts
+ 
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
+index 10cb25593..55f128c10 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_cis_server_l1,xccdf_org.ssgproject.content_profile_cis_workstation_l1
+ # packages = crypto-policies-scripts
+ 
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
+index a2107d146..b6d9804d2 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_e8
+ # packages = crypto-policies-scripts
+ 
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh
+index b06e035fa..679e23ee7 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_standard
+ # packages = crypto-policies-scripts
+ 
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
+index 6679f94bd..f2246ba0c 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # packages = crypto-policies-scripts
+ 
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh
+index 116f6b676..552ef54ea 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_cis,xccdf_org.ssgproject.content_profile_cis_workstation_l2
+ # packages = crypto-policies-scripts
+ 
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh
+index 9461c3ddd..5b5b06ac9 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
+ # packages = crypto-policies-scripts
+ 
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml
+index 1c1560a86..fc86b614e 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh
+index 10ecee505..3d3098f4e 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh
++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/tests/unit/ssg_test_suite/data/correct.pass.sh b/tests/unit/ssg_test_suite/data/correct.pass.sh
+index 5a2bc1005..c3dfe6dce 100644
+--- a/tests/unit/ssg_test_suite/data/correct.pass.sh
++++ b/tests/unit/ssg_test_suite/data/correct.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = sudo,authselect
+-# platform = multi_platform_rhel,Fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,Fedora
+ # profiles = xccdf_org.ssgproject.content_profile_cis
+ # check = oval
+ # remediation = none
+diff --git a/utils/ansible_playbook_to_role.py b/utils/ansible_playbook_to_role.py
+index e3c4bc4ae..5c2e3176e 100755
+--- a/utils/ansible_playbook_to_role.py
++++ b/utils/ansible_playbook_to_role.py
+@@ -65,6 +65,7 @@ yaml.add_constructor(_mapping_tag, dict_constructor)
+ PRODUCT_ALLOWLIST = set([
+     "rhel8",
+     "rhel9",
++    "almalinux8",
+ ])
+ 
+ PROFILE_ALLOWLIST = set([