diff --git a/01-Add-RHEL10.patch b/01-Add-RHEL10.patch
new file mode 100644
index 0000000..4ff8dfa
--- /dev/null
+++ b/01-Add-RHEL10.patch
@@ -0,0 +1,779 @@
+From 2227b85575b5b5c049308fbe07b100f38da7cc98 Mon Sep 17 00:00:00 2001
+From: Matthew Burket <mburket@redhat.com>
+Date: Mon, 26 Feb 2024 14:48:53 -0600
+Subject: [PATCH 1/3] Add RHEL 10 Product
+
+---
+ CMakeLists.txt                                |   5 +
+ build-scripts/enable_derivatives.py           |   2 +-
+ build_product                                 |   1 +
+ .../sudo/package_sudo_installed/rule.yml      |   1 +
+ products/rhel10/CMakeLists.txt                |  26 +++
+ products/rhel10/overlays/srg_support.xml      | 173 ++++++++++++++++++
+ products/rhel10/product.yml                   |  57 ++++++
+ products/rhel10/transforms/constants.xslt     |  13 ++
+ products/rhel10/transforms/table-style.xslt   |   5 +
+ .../transforms/xccdf-apply-overlay-stig.xslt  |   8 +
+ .../rhel10/transforms/xccdf2table-cce.xslt    |   9 +
+ .../xccdf2table-profileccirefs.xslt           |   9 +
+ shared/applicability/cs10.yml                 |   3 +
+ .../checks/oval/installed_OS_is_centos10.xml  |  47 +++++
+ shared/checks/oval/installed_OS_is_rhel10.xml |  59 ++++++
+ shared/references/cce-redhat-avail.txt        |   1 -
+ ssg/constants.py                              |   7 +-
+ tests/CMakeLists.txt                          |  16 ++
+ 18 files changed, 438 insertions(+), 4 deletions(-)
+ create mode 100644 products/rhel10/CMakeLists.txt
+ create mode 100644 products/rhel10/overlays/srg_support.xml
+ create mode 100644 products/rhel10/product.yml
+ create mode 100644 products/rhel10/transforms/constants.xslt
+ create mode 100644 products/rhel10/transforms/table-style.xslt
+ create mode 100644 products/rhel10/transforms/xccdf-apply-overlay-stig.xslt
+ create mode 100644 products/rhel10/transforms/xccdf2table-cce.xslt
+ create mode 100644 products/rhel10/transforms/xccdf2table-profileccirefs.xslt
+ create mode 100644 shared/applicability/cs10.yml
+ create mode 100644 shared/checks/oval/installed_OS_is_centos10.xml
+ create mode 100644 shared/checks/oval/installed_OS_is_rhel10.xml
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index aef21154f2..21f5f5201b 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -97,6 +97,7 @@ option(SSG_PRODUCT_OPENSUSE "If enabled, the openSUSE SCAP content will be built
+ option(SSG_PRODUCT_RHEL7 "If enabled, the RHEL7 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
+ option(SSG_PRODUCT_RHEL8 "If enabled, the RHEL8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
+ option(SSG_PRODUCT_RHEL9 "If enabled, the RHEL9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
++option(SSG_PRODUCT_RHEL10 "If enabled, the RHEL10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
+ option(SSG_PRODUCT_RHV4 "If enabled, the RHV4 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
+ option(SSG_PRODUCT_SLE12 "If enabled, the SLE12 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
+ option(SSG_PRODUCT_SLE15 "If enabled, the SLE15 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
+@@ -323,6 +324,7 @@ message(STATUS "openSUSE: ${SSG_PRODUCT_OPENSUSE}")
+ message(STATUS "RHEL 7: ${SSG_PRODUCT_RHEL7}")
+ message(STATUS "RHEL 8: ${SSG_PRODUCT_RHEL8}")
+ message(STATUS "RHEL 9: ${SSG_PRODUCT_RHEL9}")
++message(STATUS "RHEL 10: ${SSG_PRODUCT_RHEL10}")
+ message(STATUS "RHV 4: ${SSG_PRODUCT_RHV4}")
+ message(STATUS "SUSE 12: ${SSG_PRODUCT_SLE12}")
+ message(STATUS "SUSE 15: ${SSG_PRODUCT_SLE15}")
+@@ -435,6 +437,9 @@ endif()
+ if(SSG_PRODUCT_RHEL9)
+     add_subdirectory("products/rhel9" "rhel9")
+ endif()
++if(SSG_PRODUCT_RHEL10)
++    add_subdirectory("products/rhel10" "rhel10")
++endif()
+ if(SSG_PRODUCT_RHV4)
+     add_subdirectory("products/rhv4" "rhv4")
+ endif()
+diff --git a/build-scripts/enable_derivatives.py b/build-scripts/enable_derivatives.py
+index bcc6ed3845..53e5eae1d0 100755
+--- a/build-scripts/enable_derivatives.py
++++ b/build-scripts/enable_derivatives.py
+@@ -94,7 +94,7 @@ def main():
+         raise RuntimeError("No Benchmark found!")
+ 
+     for namespace, benchmark in benchmarks:
+-        if args[1] != "cs9" and not args[1].startswith("centos"):
++        if args[1] not in ("cs9", "cs10") and not args[1].startswith("centos"):
+             # In all CentOS and CentOS Streams, profiles are kept because they are systems
+             # intended to test content that will get into RHEL
+             ssg.build_derivatives.profile_handling(benchmark, namespace)
+diff --git a/build_product b/build_product
+index 34c74f12ae..72e95aa7cb 100755
+--- a/build_product
++++ b/build_product
+@@ -340,6 +340,7 @@ all_cmake_products=(
+ 	RHEL7
+ 	RHEL8
+ 	RHEL9
++	RHEL10
+ 	RHV4
+ 	SLE12
+ 	SLE15
+diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
+index f2c8729c47..15731a7471 100644
+--- a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
++++ b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
+@@ -19,6 +19,7 @@ identifiers:
+     cce@rhel7: CCE-82213-0
+     cce@rhel8: CCE-82214-8
+     cce@rhel9: CCE-83523-1
++    cce@rhel10: CCE-87100-4
+     cce@sle12: CCE-91491-1
+     cce@sle15: CCE-91183-4
+ 
+diff --git a/products/rhel10/CMakeLists.txt b/products/rhel10/CMakeLists.txt
+new file mode 100644
+index 0000000000..782fee524a
+--- /dev/null
++++ b/products/rhel10/CMakeLists.txt
+@@ -0,0 +1,26 @@
++# Sometimes our users will try to do: "cd rhel10; cmake ." That needs to error in a nice way.
++if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
++    message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!")
++endif()
++
++set(PRODUCT "rhel10")
++
++ssg_build_product(${PRODUCT})
++
++ssg_build_html_cce_table(${PRODUCT})
++
++ssg_build_html_srgmap_tables(${PRODUCT})
++
++if(SSG_SRG_XLSX_EXPORT)
++    ssg_build_xlsx_srg_export(${PRODUCT} "srg_gpos")
++endif()
++
++#ssg_build_html_stig_tables(${PRODUCT})
++#ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig")
++#ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig_gui")
++
++#ssg_build_html_stig_tables(${PRODUCT} "ospp")
++
++if(SSG_CENTOS_DERIVATIVES_ENABLED)
++    ssg_build_derivative_product(${PRODUCT} "centos" "cs10")
++endif()
+diff --git a/products/rhel10/overlays/srg_support.xml b/products/rhel10/overlays/srg_support.xml
+new file mode 100644
+index 0000000000..c75c701825
+--- /dev/null
++++ b/products/rhel10/overlays/srg_support.xml
+@@ -0,0 +1,173 @@
++<Group id="srg_support" hidden="true">
++<title>Documentation to Support DISA OS SRG Mapping</title>
++<description>These groups exist to document how the Red Hat Enterprise Linux
++product meets (or does not meet) requirements listed in the DISA OS SRG, for
++those cases where Groups or Rules elsewhere in scap-security-guide do
++not clearly relate.
++</description>
++
++
++<!-- The CCI/SRG items referenced here are:
++     - satisfied (through design and implementation)
++     - selected in DoD baseline (per CNSS 1253) -->
++<Rule id="met_inherently_generic">
++<title>Product Meets this Requirement</title>
++<rationale>
++Red Hat Enterprise Linux meets this requirement through design and implementation.
++</rationale>
++<ocil>RHEL10 supports this requirement and cannot be configured to be out of
++compliance. This is a permanent not a finding.
++</ocil>
++<description>
++This requirement is a permanent not a finding. No fix is required.
++</description>
++<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
++          it should not have CCE association -->
++<ref disa="15,42,56,206,1084,66,85,86,185,223,171,172,1694,770,804,162,163,164,345,346,1096,1111,1291,386,156,186,1083,1082,1090,804,1127,1128,1129,1248,1265,1314,1362,1368,1310,1311,1328,1399,1400,1404,1405,1427,1499,1632,1693,1665,1674" />
++</Rule>
++
++
++<!-- The CCI/SRG items referenced here relate to auditing, and are:
++     - satisfied (through design and implementation)
++     - selected in DoD baseline (per CNSS 1253) -->
++<Rule id="met_inherently_auditing">
++<title>Product Meets this Requirement</title>
++<rationale>
++The Red Hat Enterprise Linux audit system meets this requirement through design and implementation.
++</rationale>
++<ocil>The RHEL10 auditing system supports this requirement and cannot be configured to be out of
++compliance. Every audit record in RHEL includes a timestamp, the operation attempted,
++success or failure of the operation, the subject involved (executable/process),
++the object involved (file/path), and security labels for the subject and object.
++It also includes the ability to label events with custom key labels.  The auditing system
++centralizes the recording of audit events for the entire system and includes
++reduction (<tt>ausearch</tt>), reporting (<tt>aureport</tt>), and real-time
++response (<tt>audispd</tt>) facilities.
++This is a permanent not a finding.
++</ocil>
++<description>
++This requirement is a permanent not a finding. No fix is required.
++</description>
++<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
++          it should not have CCE association -->
++<ref disa="130,157,131,132,133,134,135,159,174" />
++</Rule>
++
++
++<!-- The CCI/SRG item referenced here are:
++     - satisfied (through design and implementation)
++     - not selected in a DoD baseline -->
++<Rule id="met_inherently_nonselected">
++<title>Product Meets this Requirement</title>
++<rationale>
++Red Hat Enterprise Linux meets this requirement through design and implementation.
++</rationale>
++<ocil>RHEL10 supports this requirement and cannot be configured to be out of
++compliance. This is a permanent not a finding.
++</ocil>
++<description>
++This requirement is a permanent not a finding. No fix is required.
++</description>
++<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
++          it should not have CCE association -->
++<ref disa="34,35,99,154,226,802,872,1086,1087,1089,1091,1424,1426,1428,1209,1214,1237,1269,1338,1425,1670" />
++</Rule>
++
++
++<!-- The CCI/SRG item listed here are:
++     - satisfied (by Rules in the guidance, which include the reference)
++     - not selected in DoD baseline -->
++<!-- disa="26,32,771,772,831,884,888,1095,1115,1117,1250,1348,1353,1464,1496" -->
++
++
++<!-- The CCI/SRG item referenced here are:
++     - not satisfied
++     - not selected in a DoD baseline
++     - considered out of scope -->
++<Rule id="unmet_nonfinding_nonselected_scope">
++<title>Guidance Does Not Meet this Requirement Due to Impracticality or Scope</title>
++<rationale>
++The guidance does not meet this requirement.
++The requirement is impractical or out of scope.
++</rationale>
++<ocil>
++RHEL10 cannot support this requirement without assistance from an external
++application, policy, or service. This requirement is NA.
++</ocil>
++<description>
++This requirement is NA. No fix is required.
++</description>
++<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
++          it should not have CCE association -->
++<ref disa="21,25,28,29,30,165,221,354,553,779,780,781,1009,1094,1123,1124,1125,1132,1135,1140,1141,1142,1143,1145,1147,1148,1166,1339,1340,1341,1350,1356,1373,1374,1383,1391,1392,1395,1662" />
++</Rule>
++
++
++<!-- The CCI/SRG items referenced here are:
++     - not satisfied
++     - not selected in a DoD baseline
++     - considered permanent findings -->
++<Rule id="unmet_finding_nonselected">
++<title>Implementation of the Requirement is Not Supported</title>
++<rationale>
++RHEL10 does not support this requirement.
++</rationale>
++<ocil>
++This is a permanent finding.
++</ocil>
++<description>
++This requirement is a permanent finding and cannot be fixed. An appropriate
++mitigation for the system must be implemented but this finding cannot be
++considered fixed.
++</description>
++<ref disa="20,31,52,144,1158,1294,1295,1500" />
++<!-- Note: CCI 52 supported for text login, but not graphical -->
++</Rule>
++
++
++<!-- The CCI/SRG items referenced here are:
++     - not satisfied
++     - selected in a DoD baseline
++     - considered NA -->
++<Rule id="unmet_nonfinding_scope">
++<title>Guidance Does Not Meet this Requirement Due to Impracticality or Scope</title>
++<rationale>
++The guidance does not meet this requirement.
++The requirement is impractical or out of scope.
++</rationale>
++<ocil>
++RHEL10 cannot support this requirement without assistance from an external
++application, policy, or service. This requirement is NA.
++</ocil>
++<description>
++This requirement is NA. No fix is required.
++</description>
++<!-- Note: This XCCDF rule is used to group DISA requirements. As such,
++     it should not have CCE association -->
++<ref disa="27,218,219,371,372,535,537,539,1682,370,37,24,1112,1126,1143,1149,1157,1159,1210,1211,1274,1372,1376,1377,1352,1401,1555,1556,1150" />
++</Rule>
++
++<Rule id="update_process">
++<title>A process for prompt installation of OS updates must exist.</title>
++<rationale>
++This is a manual inquiry about update procedure.
++</rationale>
++<ocil>
++Ask an administrator if a process exists to promptly and automatically apply OS
++software updates.  If such a process does not exist, this is a finding.
++<br /><br />
++If the OS update process limits automatic updates of software packages, where
++such updates would impede normal system operation, to scheduled maintenance
++windows, but still within IAVM-dictated timeframes, this is not a finding.
++</ocil>
++<description>
++Procedures to promptly apply software updates must be established and
++executed. The Red Hat operating system provides support for automating such a
++process, by running the yum program through a cron job or by managing the
++system and its packages through the Red Hat Network or a Satellite Server.
++</description>
++<ref disa="1232" />
++<!-- Note: This is a process, as such, will not receive a CCE -->
++</Rule>
++
++</Group>
+diff --git a/products/rhel10/product.yml b/products/rhel10/product.yml
+new file mode 100644
+index 0000000000..468cda56f5
+--- /dev/null
++++ b/products/rhel10/product.yml
+@@ -0,0 +1,57 @@
++product: rhel10
++full_name: Red Hat Enterprise Linux 10
++type: platform
++
++families:
++  - rhel
++  - rhel-like
++
++major_version_ordinal: 10
++
++benchmark_id: RHEL-10
++benchmark_root: "../../linux_os/guide"
++components_root: "../../components"
++
++profiles_root: "./profiles"
++
++pkg_manager: "dnf"
++
++init_system: "systemd"
++
++# EFI and non-EFI configs are stored in same path, see https://fedoraproject.org/wiki/Changes/UnifyGrubConfig
++
++groups:
++  dedicated_ssh_keyowner:
++    name: ssh_keys
++
++sshd_distributed_config: "true"
++
++dconf_gdm_dir: "distro.d"
++
++faillock_path: "/var/log/faillock"
++
++# The fingerprints below are retrieved from https://access.redhat.com/security/team/key
++pkg_release: ""
++pkg_version: ""
++aux_pkg_release: ""
++aux_pkg_version: ""
++
++release_key_fingerprint: ""
++auxiliary_key_fingerprint: ""
++
++cpes_root: "../../shared/applicability"
++cpes:
++  - rhel10:
++      name: "cpe:/o:redhat:enterprise_linux:10"
++      title: "Red Hat Enterprise Linux 10"
++      check_id: installed_OS_is_rhel10
++
++# Mapping of CPE platform to package
++platform_package_overrides:
++  login_defs: "shadow-utils"
++
++reference_uris:
++  cis: 'https://www.cisecurity.org/benchmark/red_hat_linux/'
++
++
++journald_conf_dir_path: /etc/systemd/journald.conf.d
+diff --git a/products/rhel10/transforms/constants.xslt b/products/rhel10/transforms/constants.xslt
+new file mode 100644
+index 0000000000..a37664d11f
+--- /dev/null
++++ b/products/rhel10/transforms/constants.xslt
+@@ -0,0 +1,13 @@
++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
++
++<xsl:include href="../../../shared/transforms/shared_constants.xslt"/>
++
++<xsl:variable name="product_long_name">Red Hat Enterprise Linux 10</xsl:variable>
++<xsl:variable name="product_short_name">RHEL 10</xsl:variable>
++<xsl:variable name="product_stig_id_name">RHEL_10_STIG</xsl:variable>
++<xsl:variable name="prod_type">rhel10</xsl:variable>
++
++<xsl:variable name="cisuri">https://www.cisecurity.org/benchmark/red_hat_linux/</xsl:variable>
++<xsl:variable name="disa-srguri" select="$disa-ossrguri"/>
++
++</xsl:stylesheet>
+diff --git a/products/rhel10/transforms/table-style.xslt b/products/rhel10/transforms/table-style.xslt
+new file mode 100644
+index 0000000000..8b6caeab8c
+--- /dev/null
++++ b/products/rhel10/transforms/table-style.xslt
+@@ -0,0 +1,5 @@
++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
++
++<xsl:import href="../../../shared/transforms/shared_table-style.xslt"/>
++
++</xsl:stylesheet>
+diff --git a/products/rhel10/transforms/xccdf-apply-overlay-stig.xslt b/products/rhel10/transforms/xccdf-apply-overlay-stig.xslt
+new file mode 100644
+index 0000000000..4789419b80
+--- /dev/null
++++ b/products/rhel10/transforms/xccdf-apply-overlay-stig.xslt
+@@ -0,0 +1,8 @@
++<?xml version="1.0"?>
++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xccdf">
++
++<xsl:include href="../../../shared/transforms/shared_xccdf-apply-overlay-stig.xslt"/>
++<xsl:include href="constants.xslt"/>
++<xsl:variable name="overlays" select="document($overlay)/xccdf:overlays" />
++
++</xsl:stylesheet>
+diff --git a/products/rhel10/transforms/xccdf2table-cce.xslt b/products/rhel10/transforms/xccdf2table-cce.xslt
+new file mode 100644
+index 0000000000..f156a66956
+--- /dev/null
++++ b/products/rhel10/transforms/xccdf2table-cce.xslt
+@@ -0,0 +1,9 @@
++<?xml version="1.0" encoding="utf-8" standalone="yes"?>
++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:cce="http://cce.mitre.org" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml">
++
++<xsl:import href="../../../shared/transforms/shared_xccdf2table-cce.xslt"/>
++
++<xsl:include href="constants.xslt"/>
++<xsl:include href="table-style.xslt"/>
++
++</xsl:stylesheet>
+diff --git a/products/rhel10/transforms/xccdf2table-profileccirefs.xslt b/products/rhel10/transforms/xccdf2table-profileccirefs.xslt
+new file mode 100644
+index 0000000000..30419e92b2
+--- /dev/null
++++ b/products/rhel10/transforms/xccdf2table-profileccirefs.xslt
+@@ -0,0 +1,9 @@
++<?xml version="1.0" encoding="utf-8" standalone="yes"?>
++<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:cci="https://public.cyber.mil/stigs/cci" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:ovalns="http://oval.mitre.org/XMLSchema/oval-definitions-5">
++
++<xsl:import href="../../../shared/transforms/shared_xccdf2table-profileccirefs.xslt"/>
++
++<xsl:include href="constants.xslt"/>
++<xsl:include href="table-style.xslt"/>
++
++</xsl:stylesheet>
+diff --git a/shared/applicability/cs10.yml b/shared/applicability/cs10.yml
+new file mode 100644
+index 0000000000..a8dd98a90c
+--- /dev/null
++++ b/shared/applicability/cs10.yml
+@@ -0,0 +1,3 @@
++name: cpe:/o:centos:centos:10
++title: CentOS Stream 10
++check_id: installed_OS_is_centos10
+diff --git a/shared/checks/oval/installed_OS_is_centos10.xml b/shared/checks/oval/installed_OS_is_centos10.xml
+new file mode 100644
+index 0000000000..fc85513e15
+--- /dev/null
++++ b/shared/checks/oval/installed_OS_is_centos10.xml
+@@ -0,0 +1,47 @@
++<def-group>
++  <definition class="inventory"
++  id="installed_OS_is_centos10" version="2">
++    <metadata>
++      <title>CentOS Stream 10</title>
++      <affected family="unix">
++        <platform>multi_platform_all</platform>
++      </affected>
++      <reference ref_id="cpe:/o:centos:centos:10"
++      source="CPE" />
++      <description>The operating system installed on the system is
++      CentOS Stream 10</description>
++    </metadata>
++    <criteria operator="AND">
++      <extend_definition comment="Installed OS is part of the Unix family"
++      definition_ref="installed_OS_is_part_of_Unix_family" />
++      <criterion comment="OS is CentOS Stream" test_ref="test_centos10_name" />
++      <criterion comment="OS version is 10" test_ref="test_centos10_version" />
++    </criteria>
++  </definition>
++
++  <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check os-release ID" id="test_centos10_name" version="1">
++    <ind:object object_ref="obj_name_centos10" />
++    <ind:state state_ref="state_name_centos10" />
++  </ind:textfilecontent54_test>
++  <ind:textfilecontent54_object id="obj_name_centos10" version="1" comment="Check os-release ID">
++    <ind:filepath>/etc/os-release</ind:filepath>
++    <ind:pattern operation="pattern match">^ID=&quot;(\w+)&quot;$</ind:pattern>
++    <ind:instance datatype="int">1</ind:instance>
++  </ind:textfilecontent54_object>
++  <ind:textfilecontent54_state id="state_name_centos10" version="1">
++    <ind:subexpression>centos</ind:subexpression>
++  </ind:textfilecontent54_state>
++
++  <ind:textfilecontent54_test check="all" comment="Check os-release VERSION_ID" id="test_centos10_version" version="1">
++    <ind:object object_ref="obj_version_centos10" />
++    <ind:state state_ref="state_version_centos10" />
++  </ind:textfilecontent54_test>
++  <ind:textfilecontent54_object id="obj_version_centos10" version="1" comment="Check os-release VERSION_ID">
++    <ind:filepath>/etc/os-release</ind:filepath>
++    <ind:pattern operation="pattern match">^VERSION_ID=&quot;(\d)&quot;$</ind:pattern>
++    <ind:instance datatype="int">1</ind:instance>
++  </ind:textfilecontent54_object>
++  <ind:textfilecontent54_state id="state_version_centos10" version="1">
++    <ind:subexpression>10</ind:subexpression>
++  </ind:textfilecontent54_state>
++</def-group>
+diff --git a/shared/checks/oval/installed_OS_is_rhel10.xml b/shared/checks/oval/installed_OS_is_rhel10.xml
+new file mode 100644
+index 0000000000..2a3736abb6
+--- /dev/null
++++ b/shared/checks/oval/installed_OS_is_rhel10.xml
+@@ -0,0 +1,59 @@
++<def-group>
++  <definition class="inventory"
++  id="installed_OS_is_rhel10" version="1">
++    <metadata>
++      <title>Red Hat Enterprise Linux 10</title>
++      <affected family="unix">
++        <platform>multi_platform_all</platform>
++      </affected>
++      <reference ref_id="cpe:/o:redhat:enterprise_linux:10"
++      source="CPE" />
++      <description>The operating system installed on the system is
++      Red Hat Enterprise Linux 10</description>
++    </metadata>
++    <criteria>
++      <criterion comment="Installed operating system is part of the unix family"
++      test_ref="test_rhel10_unix_family" />
++      <criteria operator="OR">
++        <criterion comment="RHEL 10 is installed" test_ref="test_rhel10" />
++        <criteria operator="AND" comment="Red Hat Enterprise Virtualization Host is installed">
++          <criterion comment="Red Hat Virtualization Host (RHVH)" test_ref="test_rhvh4_version" />
++          <criterion comment="Red Hat Enterprise Virtualization Host is based on RHEL 10" test_ref="test_rhevh_rhel10_version" />
++        </criteria>
++      </criteria>
++    </criteria>
++  </definition>
++
++  <ind:family_test check="all" check_existence="at_least_one_exists" comment="installed OS part of unix family" id="test_rhel10_unix_family" version="1">
++    <ind:object object_ref="obj_rhel10_unix_family" />
++    <ind:state state_ref="state_rhel10_unix_family" />
++  </ind:family_test>
++  <ind:family_state id="state_rhel10_unix_family" version="1">
++    <ind:family>unix</ind:family>
++  </ind:family_state>
++  <ind:family_object id="obj_rhel10_unix_family" version="1" />
++
++  <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="redhat-release is version 10" id="test_rhel10" version="1">
++    <linux:object object_ref="obj_rhel10" />
++    <linux:state state_ref="state_rhel10" />
++  </linux:rpminfo_test>
++  <linux:rpminfo_state id="state_rhel10" version="1">
++    <linux:version operation="pattern match">^10.*$</linux:version>
++  </linux:rpminfo_state>
++  <linux:rpminfo_object id="obj_rhel10" version="1">
++    <linux:name>redhat-release</linux:name>
++  </linux:rpminfo_object>
++
++  <ind:textfilecontent54_test check="all" comment="RHEVH base RHEL is version 10" id="test_rhevh_rhel10_version" version="1">
++    <ind:object object_ref="obj_rhevh_rhel10_version" />
++    <ind:state state_ref="state_rhevh_rhel10_version" />
++  </ind:textfilecontent54_test>
++  <ind:textfilecontent54_object id="obj_rhevh_rhel10_version" version="1">
++    <ind:filepath>/etc/redhat-release</ind:filepath>
++    <ind:pattern operation="pattern match">^Red Hat Enterprise Linux release (\d)\.\d+$</ind:pattern>
++    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
++  </ind:textfilecontent54_object>
++  <ind:textfilecontent54_state id="state_rhevh_rhel10_version" version="1">
++    <ind:subexpression operation="pattern match">10</ind:subexpression>
++  </ind:textfilecontent54_state>
++</def-group>
+diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
+index 80c5472525..351fc605c3 100644
+--- a/shared/references/cce-redhat-avail.txt
++++ b/shared/references/cce-redhat-avail.txt
+@@ -634,7 +634,6 @@ CCE-87093-1
+ CCE-87094-9
+ CCE-87095-6
+ CCE-87099-8
+-CCE-87100-4
+ CCE-87110-3
+ CCE-87111-1
+ CCE-87112-9
+diff --git a/ssg/constants.py b/ssg/constants.py
+index 18fbf39d38..6d4128080f 100644
+--- a/ssg/constants.py
++++ b/ssg/constants.py
+@@ -55,7 +55,7 @@ product_directories = [
+     'openeuler2203',
+     'opensuse',
+     'openembedded',
+-    'rhel7', 'rhel8', 'rhel9',
++    'rhel7', 'rhel8', 'rhel9', 'rhel10',
+     'rhv4',
+     'sle12', 'sle15',
+     'ubuntu1604', 'ubuntu1804', 'ubuntu2004', 'ubuntu2204',
+@@ -218,6 +218,7 @@ FULL_NAME_TO_PRODUCT_MAPPING = {
+     "Red Hat Enterprise Linux 7": "rhel7",
+     "Red Hat Enterprise Linux 8": "rhel8",
+     "Red Hat Enterprise Linux 9": "rhel9",
++    "Red Hat Enterprise Linux 10": "rhel10",
+     "Red Hat Virtualization 4": "rhv4",
+     "SUSE Linux Enterprise 12": "sle12",
+     "SUSE Linux Enterprise 15": "sle15",
+@@ -293,7 +294,7 @@ MULTI_PLATFORM_MAPPING = {
+     "multi_platform_ol": ["ol7", "ol8", "ol9"],
+     "multi_platform_ocp": ["ocp4"],
+     "multi_platform_rhcos": ["rhcos4"],
+-    "multi_platform_rhel": ["rhel7", "rhel8", "rhel9"],
++    "multi_platform_rhel": ["rhel7", "rhel8", "rhel9", "rhel10"],
+     "multi_platform_rhv": ["rhv4"],
+     "multi_platform_sle": ["sle12", "sle15"],
+     "multi_platform_ubuntu": ["ubuntu1604", "ubuntu1804", "ubuntu2004", "ubuntu2204"],
+@@ -305,6 +306,7 @@ RHEL_CENTOS_CPE_MAPPING = {
+     "cpe:/o:redhat:enterprise_linux:7": "cpe:/o:centos:centos:7",
+     "cpe:/o:redhat:enterprise_linux:8": "cpe:/o:centos:centos:8",
+     "cpe:/o:redhat:enterprise_linux:9": "cpe:/o:centos:centos:9",
++    "cpe:/o:redhat:enterprise_linux:10": "cpe:/o:centos:centos:10",
+ }
+ 
+ RHEL_SL_CPE_MAPPING = {
+@@ -511,6 +513,7 @@ DERIVATIVES_PRODUCT_MAPPING = {
+     "centos7": "rhel7",
+     "centos8": "rhel8",
+     "cs9": "rhel9",
++    "cs10": "rhel10",
+     "sl7": "rhel7"
+ }
+ 
+diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
+index c4d43508b6..41880e1b6e 100644
+--- a/tests/CMakeLists.txt
++++ b/tests/CMakeLists.txt
+@@ -338,3 +338,19 @@ add_test(
+     COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_CURRENT_SOURCE_DIR}/test_components.py" --build-dir "${CMAKE_BINARY_DIR}" --source-dir "${CMAKE_SOURCE_DIR}" --product "rhel9"
+ )
+ endif()
++
++macro(cce_avail_check TEST_NAME_SUFFIX PRODUCTS CCE_LIST_PATH)
++    if(PYTHON_VERSION_MAJOR GREATER 2)
++        add_test(
++            NAME "cce_avail_check-${TEST_NAME_SUFFIX}"
++            COMMAND env "PYTHONPATH=$ENV{PYTHONPATH}" "${PYTHON_EXECUTABLE}" "${CMAKE_CURRENT_SOURCE_DIR}/cces-removed.py" --root  "${CMAKE_SOURCE_DIR}" --json "${CMAKE_SOURCE_DIR}/build/rule_dirs.json" --products "${PRODUCTS}" --cce-list "${CCE_LIST_PATH}"
++        )
++        set_tests_properties("cce_avail_check-${TEST_NAME_SUFFIX}" PROPERTIES FIXTURES_REQUIRED "rule-dir-json")
++        set_tests_properties("cce_avail_check-${TEST_NAME_SUFFIX}" PROPERTIES DEPENDS "test-rule-dir-json")
++        set_tests_properties("cce_avail_check-${TEST_NAME_SUFFIX}" PROPERTIES LABELS quick)
++    endif()
++endmacro()
++
++cce_avail_check("rhel-all" "rhel7,rhel8,rhel9,rhel10" "${CMAKE_SOURCE_DIR}/shared/references/cce-redhat-avail.txt")
++cce_avail_check("sle12" "sle12" "${CMAKE_SOURCE_DIR}/shared/references/cce-sle12-avail.txt")
++cce_avail_check("sle15" "sle15" "${CMAKE_SOURCE_DIR}/shared/references/cce-sle15-avail.txt")
+-- 
+2.44.0
+
+From 17bb8bfe511a9d7b0debcb75e3b3ed6dfa51c6de Mon Sep 17 00:00:00 2001
+From: Matthew Burket <mburket@redhat.com>
+Date: Thu, 22 Feb 2024 16:15:03 -0600
+Subject: [PATCH 2/3] Human sort the sections in fix_rules
+
+---
+ utils/fix_rules.py | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/utils/fix_rules.py b/utils/fix_rules.py
+index f6cf095c3d..42a863a563 100755
+--- a/utils/fix_rules.py
++++ b/utils/fix_rules.py
+@@ -110,9 +110,16 @@ def has_duplicated_subkeys(rule_path, rule, rule_lines):
+     return ssg.rule_yaml.has_duplicated_subkeys(rule_path, rule_lines, TO_SORT)
+ 
+ 
++def _human_sort(line):
++    # Based on: https://blog.codinghorror.com/sorting-for-humans-natural-sort-order/
++    def convert(text): return int(text) if text.isdigit() else text
++    return [convert(text) for text in re.split(r'(\d+)', line)]
++
++
+ def has_unordered_sections(rule_path, rule, rule_lines):
+     if 'references' in rule or 'identifiers' in rule:
+-        new_lines = ssg.rule_yaml.sort_section_keys(rule_path, rule_lines, TO_SORT)
++        new_lines = ssg.rule_yaml.sort_section_keys(rule_path, rule_lines, TO_SORT,
++                                                    sort_func=_human_sort)
+ 
+         # Compare string representations to avoid issues with references being
+         # different.
+@@ -696,7 +703,7 @@ def find_int_references(args, product_yaml):
+         product_yaml = result[2]
+ 
+         if args.dry_run:
+-            print(rule_path + " has one or more unsorted references")
++            print(rule_path + " has one or more unsorted integer references")
+             continue
+ 
+         fix_file_prompt(rule_path, product_yaml, fix_int_reference, args)
+-- 
+2.44.0
+
+From 1051a6f33a8e8dce68d4805f18f1d5801f913c14 Mon Sep 17 00:00:00 2001
+From: Matthew Burket <mburket@redhat.com>
+Date: Thu, 22 Feb 2024 11:12:30 -0600
+Subject: [PATCH 3/3] Add Base STIG Profile for RHEL 10
+
+Adding a base profile to be updated later.
+---
+ products/rhel10/profiles/stig.profile     | 22 ++++++++++++++++++++++
+ products/rhel10/profiles/stig_gui.profile | 22 ++++++++++++++++++++++
+ 2 files changed, 44 insertions(+)
+ create mode 100644 products/rhel10/profiles/stig.profile
+ create mode 100644 products/rhel10/profiles/stig_gui.profile
+
+diff --git a/products/rhel10/profiles/stig.profile b/products/rhel10/profiles/stig.profile
+new file mode 100644
+index 0000000000..51f006bd2c
+--- /dev/null
++++ b/products/rhel10/profiles/stig.profile
+@@ -0,0 +1,22 @@
++documentation_complete: true
++
++metadata:
++    SMEs:
++        - mab879
++
++
++reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
++
++title: 'DRAFT - DISA STIG for Red Hat Enterprise Linux 10'
++
++description: |-
++    This is a draft profile for experimental purposes.
++    It is not based on the DISA STIG for RHEL 10, because this one was not available at time of
++    the release.
++
++    In addition to being applicable to Red Hat Enterprise Linux 10, DISA recognizes this
++    configuration baseline as applicable to the operating system tier of
++    Red Hat technologies that are based on Red Hat Enterprise Linux 10.
++
++selections:
++    - package_sudo_installed
+diff --git a/products/rhel10/profiles/stig_gui.profile b/products/rhel10/profiles/stig_gui.profile
+new file mode 100644
+index 0000000000..51f006bd2c
+--- /dev/null
++++ b/products/rhel10/profiles/stig_gui.profile
+@@ -0,0 +1,22 @@
++documentation_complete: true
++
++metadata:
++    SMEs:
++        - mab879
++
++
++reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
++
++title: 'DRAFT - DISA STIG for Red Hat Enterprise Linux 10'
++
++description: |-
++    This is a draft profile for experimental purposes.
++    It is not based on the DISA STIG for RHEL 10, because this one was not available at time of
++    the release.
++
++    In addition to being applicable to Red Hat Enterprise Linux 10, DISA recognizes this
++    configuration baseline as applicable to the operating system tier of
++    Red Hat technologies that are based on Red Hat Enterprise Linux 10.
++
++selections:
++    - package_sudo_installed
+-- 
+2.44.0
+
diff --git a/scap-security-guide.spec b/scap-security-guide.spec
index ff6409e..c16cda6 100644
--- a/scap-security-guide.spec
+++ b/scap-security-guide.spec
@@ -5,11 +5,12 @@
 
 Name:		scap-security-guide
 Version:	0.1.72
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	Security guidance and baselines in SCAP formats
 License:	BSD-3-Clause
 URL:		https://github.com/ComplianceAsCode/content/
 Source0:	https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
+Patch0:	01-Add-RHEL10.patch
 BuildArch:	noarch
 
 BuildRequires:	libxslt
@@ -78,10 +79,9 @@ rm %{buildroot}/%{_docdir}/%{name}/README.md
 rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
 
 %files
+# To Enabled once the content for RHEL 10
 %{_datadir}/xml/scap/ssg/content
-%{_datadir}/%{name}/kickstart
 %{_datadir}/%{name}/ansible/*.yml
-%{_datadir}/%{name}/tailoring
 %lang(en) %{_mandir}/man8/scap-security-guide.8.*
 %doc %{_docdir}/%{name}/LICENSE
 %if ( %{defined rhel} && (! %{defined centos}) && (! %{defined eln}) )
@@ -99,6 +99,9 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
 %endif
 
 %changelog
+* Wed Mar 27 2024 Matthew Burket <mburket@redhat.com> - 0.1.72-2
+- Add RHEL10 Product
+
 * Fri Feb 09 2024 Vojtech Polasek <vpolasek@redhat.com> - 0.1.72-1
 - Update to latest upstream SCAP-Security-Guide-0.1.72 release:
   https://github.com/ComplianceAsCode/content/releases/tag/v0.1.72