diff --git a/.gitignore b/.gitignore
index 10b380a..6078794 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
 SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2
-SOURCES/scap-security-guide-0.1.69.tar.bz2
+SOURCES/scap-security-guide-0.1.72.tar.bz2
diff --git a/.scap-security-guide.metadata b/.scap-security-guide.metadata
index 64c981b..bcf37b6 100644
--- a/.scap-security-guide.metadata
+++ b/.scap-security-guide.metadata
@@ -1,2 +1,2 @@
 b22b45d29ad5a97020516230a6ef3140a91d050a SOURCES/scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2
-60f885bdfa51fa2fa707d0c2fd32e0b1f9ee9589 SOURCES/scap-security-guide-0.1.69.tar.bz2
+e10feed870a3553b75798fbee88c27c95b84c7c2 SOURCES/scap-security-guide-0.1.72.tar.bz2
diff --git a/SOURCES/disable-not-in-good-shape-profiles.patch b/SOURCES/disable-not-in-good-shape-profiles.patch
deleted file mode 100644
index f883e6a..0000000
--- a/SOURCES/disable-not-in-good-shape-profiles.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From 746381a4070fc561651ad65ec0fe9610e8590781 Mon Sep 17 00:00:00 2001
-From: Watson Sato <wsato@redhat.com>
-Date: Mon, 6 Feb 2023 14:44:17 +0100
-Subject: [PATCH] Disable profiles not in good shape
-
-Patch-name: disable-not-in-good-shape-profiles.patch
-Patch-id: 0
-Patch-status: |
-    Patch prevents cjis, rht-ccp and standard profiles in RHEL8 datastream
----
- products/rhel8/CMakeLists.txt            | 1 -
- products/rhel8/profiles/cjis.profile     | 2 +-
- products/rhel8/profiles/rht-ccp.profile  | 2 +-
- products/rhel8/profiles/standard.profile | 2 +-
- 4 files changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/products/rhel8/CMakeLists.txt b/products/rhel8/CMakeLists.txt
-index 9c044b68ab..8f6ca03de8 100644
---- a/products/rhel8/CMakeLists.txt
-+++ b/products/rhel8/CMakeLists.txt
-@@ -10,7 +10,6 @@ ssg_build_product(${PRODUCT})
- ssg_build_html_ref_tables("${PRODUCT}" "table-${PRODUCT}-{ref_id}refs" "anssi;cis;cui;nist;pcidss")
- 
- ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-ospp" "${PRODUCT}" "ospp" "nist")
--ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-standard" "${PRODUCT}" "standard" "nist")
- ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-stig" "${PRODUCT}" "stig" "nist")
- 
- ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_minimal" "${PRODUCT}" "anssi_bp28_minimal" "anssi")
-diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile
-index 22ae5aac72..f60b65bc06 100644
---- a/products/rhel8/profiles/cjis.profile
-+++ b/products/rhel8/profiles/cjis.profile
-@@ -1,4 +1,4 @@
--documentation_complete: true
-+documentation_complete: false
- 
- metadata:
-     version: 5.4
-diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile
-index b192461f95..ae1e7d5a15 100644
---- a/products/rhel8/profiles/rht-ccp.profile
-+++ b/products/rhel8/profiles/rht-ccp.profile
-@@ -1,4 +1,4 @@
--documentation_complete: true
-+documentation_complete: false
- 
- title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)'
- 
-diff --git a/products/rhel8/profiles/standard.profile b/products/rhel8/profiles/standard.profile
-index a63ae2cf32..da669bb843 100644
---- a/products/rhel8/profiles/standard.profile
-+++ b/products/rhel8/profiles/standard.profile
-@@ -1,4 +1,4 @@
--documentation_complete: true
-+documentation_complete: false
- 
- title: 'Standard System Security Profile for Red Hat Enterprise Linux 8'
- 
--- 
-2.39.1
-
diff --git a/SOURCES/hide-profiles-not-in-good-shape-for-RHEL.patch b/SOURCES/hide-profiles-not-in-good-shape-for-RHEL.patch
new file mode 100644
index 0000000..40a7a28
--- /dev/null
+++ b/SOURCES/hide-profiles-not-in-good-shape-for-RHEL.patch
@@ -0,0 +1,54 @@
+From e0f62e3828b9deda102f247b3789f68aeb4e518d Mon Sep 17 00:00:00 2001
+From: Marcus Burghardt <maburgha@redhat.com>
+Date: Fri, 16 Feb 2024 12:07:36 +0100
+Subject: [PATCH] Hide profiles not in good shape for RHEL
+
+There are some profiles introduced long time ago but no longer
+maintained. For compatibility purposes they are not removed from
+datastream but are now hidden for RHEL8 to prevent people from
+using them.
+---
+ products/rhel8/profiles/cjis.profile     | 2 ++
+ products/rhel8/profiles/rht-ccp.profile  | 2 ++
+ products/rhel8/profiles/standard.profile | 2 ++
+ 3 files changed, 6 insertions(+)
+
+diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile
+index 30843b692e..c44c63516f 100644
+--- a/products/rhel8/profiles/cjis.profile
++++ b/products/rhel8/profiles/cjis.profile
+@@ -1,5 +1,7 @@
+ documentation_complete: true
+ 
++hidden: true
++
+ metadata:
+     version: 5.4
+     SMEs:
+diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile
+index 01133a9bde..3f6cb751c9 100644
+--- a/products/rhel8/profiles/rht-ccp.profile
++++ b/products/rhel8/profiles/rht-ccp.profile
+@@ -1,5 +1,7 @@
+ documentation_complete: true
+ 
++hidden: true
++
+ title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)'
+ 
+ description: |-
+diff --git a/products/rhel8/profiles/standard.profile b/products/rhel8/profiles/standard.profile
+index 11d72da2d9..79b491113a 100644
+--- a/products/rhel8/profiles/standard.profile
++++ b/products/rhel8/profiles/standard.profile
+@@ -1,5 +1,7 @@
+ documentation_complete: true
+ 
++hidden: true
++
+ title: 'Standard System Security Profile for Red Hat Enterprise Linux 8'
+ 
+ description: |-
+-- 
+2.43.1
+
diff --git a/SOURCES/scap-security-guide-0.1.70-fix_enable_fips_mode-PR_10961.patch b/SOURCES/scap-security-guide-0.1.70-fix_enable_fips_mode-PR_10961.patch
deleted file mode 100644
index af7d37e..0000000
--- a/SOURCES/scap-security-guide-0.1.70-fix_enable_fips_mode-PR_10961.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 75dd0e76be957e5fd92c98f01f7d672b2549fd3d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
-Date: Tue, 8 Aug 2023 15:15:21 +0200
-Subject: [PATCH] Remove kernel cmdline check
-
-The OVAL in rule enable_fips_mode contains multiple checks. One
-of these checks tests presence of `fips=1` in `/etc/kernel/cmdline`.
-Although this is useful for latest RHEL versions, this file doesn't
-exist on RHEL 8.6 and 9.0. This causes that the rule fails after
-remediation on these RHEL versions.
-
-We want the same OVAL behavior on all minor RHEL releases, therefore
-we will remove this test from the OVAL completely.
-
-Related to: https://github.com/ComplianceAsCode/content/pull/10897
----
- .../fips/enable_fips_mode/oval/shared.xml         | 15 ---------------
- 1 file changed, 15 deletions(-)
-
-diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-index 88aae7aaab9..3b50e07060e 100644
---- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-@@ -12,8 +12,6 @@
-         comment="system cryptography policy is configured"/>
-       <criterion test_ref="test_system_crypto_policy_value"
-         comment="check if var_system_crypto_policy variable selection is set to FIPS"/>
--      <criterion test_ref="test_fips_1_argument_in_etc_kernel_cmdline"
--        comment="check if kernel option fips=1 is present in /etc/kernel/cmdline"/>
-       {{% if "ol" in product or "rhel" in product %}}
-       <criteria operator="OR">
-         <criteria operator="AND">
-@@ -57,19 +55,6 @@
-     <ind:subexpression datatype="string" operation="pattern match">^(?:.*\s)?fips=1(?:\s.*)?$</ind:subexpression>
-   </ind:textfilecontent54_state>
- 
--  <ind:textfilecontent54_test id="test_fips_1_argument_in_etc_kernel_cmdline" version="1"
--    check="all" check_existence="all_exist"
--    comment="check if kernel option fips=1 is present in /etc/kernel/cmdline">
--    <ind:object object_ref="object_fips_1_argument_in_etc_kernel_cmdline" />
--    <ind:state state_ref="state_fips_1_argument_in_captured_group" />
--  </ind:textfilecontent54_test>
--
--  <ind:textfilecontent54_object id="object_fips_1_argument_in_etc_kernel_cmdline" version="1">
--    <ind:filepath operation="pattern match">^/etc/kernel/cmdline</ind:filepath>
--    <ind:pattern operation="pattern match">^(.*)$</ind:pattern>
--    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
--  </ind:textfilecontent54_object>
--
-   <ind:variable_test id="test_system_crypto_policy_value" version="1"
-     check="at least one" comment="test if var_system_crypto_policy selection is set to FIPS">
-     <ind:object object_ref="obj_system_crypto_policy_value" />
diff --git a/SOURCES/scap-security-guide-0.1.70-improve_readability_enable_fips_mode-PR_10911.patch b/SOURCES/scap-security-guide-0.1.70-improve_readability_enable_fips_mode-PR_10911.patch
deleted file mode 100644
index fbc06d7..0000000
--- a/SOURCES/scap-security-guide-0.1.70-improve_readability_enable_fips_mode-PR_10911.patch
+++ /dev/null
@@ -1,272 +0,0 @@
-From 9d00e0d296ad4a5ce503b2dfe9647de6806b7b60 Mon Sep 17 00:00:00 2001
-From: Marcus Burghardt <maburgha@redhat.com>
-Date: Thu, 27 Jul 2023 10:02:08 +0200
-Subject: [PATCH 1/2] Align the parameters ordering in OVAL objects
-
-This commit only improves readability without any technical impact in
-the OVAL logic.
----
- .../fips/enable_fips_mode/oval/shared.xml     | 81 ++++++++++++-------
- 1 file changed, 50 insertions(+), 31 deletions(-)
-
-diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-index fe3f96f52a5..0ec076a5fb7 100644
---- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-@@ -1,32 +1,38 @@
- <def-group>
--  <definition class="compliance" id="enable_fips_mode" version="1">
-+  <definition class="compliance" id="{{{ rule_id }}}" version="1">
-     {{{ oval_metadata("Check if FIPS mode is enabled on the system") }}}
-     <criteria operator="AND">
--      <extend_definition comment="check /etc/system-fips exists" definition_ref="etc_system_fips_exists" />
--      <extend_definition comment="check sysctl crypto.fips_enabled = 1" definition_ref="sysctl_crypto_fips_enabled" />
--      <extend_definition comment="Dracut FIPS module is enabled" definition_ref="enable_dracut_fips_module" />
--      <extend_definition comment="system cryptography policy is configured" definition_ref="configure_crypto_policy" />
--      <criterion comment="check if system crypto policy selection in var_system_crypto_policy in the profile is set to FIPS" test_ref="test_system_crypto_policy_value" />
--      <criterion comment="Check if argument fips=1 for Linux kernel is present in /etc/kernel/cmdline" test_ref="test_fips_1_argument_in_etc_kernel_cmdline" />
-+      <extend_definition definition_ref="etc_system_fips_exists"
-+        comment="check /etc/system-fips exists"/>
-+      <extend_definition definition_ref="sysctl_crypto_fips_enabled"
-+        comment="check sysctl crypto.fips_enabled = 1"/>
-+      <extend_definition definition_ref="enable_dracut_fips_module"
-+        comment="Dracut FIPS module is enabled"/>
-+      <extend_definition definition_ref="configure_crypto_policy"
-+        comment="system cryptography policy is configured"/>
-+      <criterion test_ref="test_system_crypto_policy_value"
-+        comment="check if system crypto policy selection in var_system_crypto_policy in the profile is set to FIPS"/>
-+      <criterion test_ref="test_fips_1_argument_in_etc_kernel_cmdline"
-+        comment="Check if argument fips=1 for Linux kernel is present in /etc/kernel/cmdline"/>
-       {{% if "ol" in product or "rhel" in product %}}
-       <criteria operator="OR">
-         <criteria operator="AND">
--          <extend_definition comment="Generic test for s390x architecture"
--          definition_ref="system_info_architecture_s390_64" />
--          <criterion comment="Check if argument fips=1 for Linux kernel is present in /boot/loader/entries/.*.conf"
--          test_ref="test_fips_1_argument_in_boot_loader_entries_conf" />
-+          <extend_definition definition_ref="system_info_architecture_s390_64"
-+            comment="Generic test for s390x architecture"/>
-+          <criterion test_ref="test_fips_1_argument_in_boot_loader_entries_conf"
-+            comment="Check if argument fips=1 for Linux kernel is present in /boot/loader/entries/.*.conf"/>
-         </criteria>
-         <criteria operator="AND">
-           <criteria negate="true">
--            <extend_definition comment="Generic test for NOT s390x architecture"
--            definition_ref="system_info_architecture_s390_64" />
-+            <extend_definition definition_ref="system_info_architecture_s390_64"
-+              comment="Generic test for NOT s390x architecture"/>
-           </criteria>
-           {{% if product in ["ol8", "rhel8"] %}}
--          <criterion comment="check if the kernel boot parameter is configured for FIPS mode"
--          test_ref="test_grubenv_fips_mode" />
-+          <criterion test_ref="test_grubenv_fips_mode"
-+            comment="check if the kernel boot parameter is configured for FIPS mode"/>
-           {{% else %}}
--          <criterion comment="Check if argument fips=1 for Linux kernel is present in /boot/loader/entries/.*.conf"
--          test_ref="test_fips_1_argument_in_boot_loader_entries_conf" />
-+          <criterion test_ref="test_fips_1_argument_in_boot_loader_entries_conf"
-+            comment="Check if argument fips=1 for Linux kernel is present in /boot/loader/entries/.*.conf"/>
-           {{% endif %}}
-         </criteria>
-       </criteria>
-@@ -34,58 +40,71 @@
-     </criteria>
-   </definition>
- 
--  <ind:textfilecontent54_test id="test_fips_1_argument_in_boot_loader_entries_conf"
--  comment="Check if argument fips=1 is present in the line starting with 'options ' in /boot/loader/entries/.*.conf"
--  check="all" check_existence="all_exist" version="1">
-+  <ind:textfilecontent54_test id="test_fips_1_argument_in_boot_loader_entries_conf" version="1"
-+    check="all" check_existence="all_exist"
-+    comment="Check if argument fips=1 is present in the line starting with 'options ' in /boot/loader/entries/.*.conf">
-     <ind:object object_ref="object_fips_1_argument_in_boot_loader_entries_conf" />
-     <ind:state state_ref="state_fips_1_argument_in_captured_group" />
-   </ind:textfilecontent54_test>
-+
-   <ind:textfilecontent54_object id="object_fips_1_argument_in_boot_loader_entries_conf" version="1">
-     <ind:filepath operation="pattern match">^/boot/loader/entries/.*.conf</ind:filepath>
-     <ind:pattern operation="pattern match">^options (.*)$</ind:pattern>
-     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
-   </ind:textfilecontent54_object>
-+
-   <ind:textfilecontent54_state id="state_fips_1_argument_in_captured_group" version="1">
-     <ind:subexpression datatype="string" operation="pattern match">^(?:.*\s)?fips=1(?:\s.*)?$</ind:subexpression>
-   </ind:textfilecontent54_state>
--  <ind:textfilecontent54_test id="test_fips_1_argument_in_etc_kernel_cmdline"
--  comment="Check if argument fips=1 is present in /etc/kernel/cmdline"
--  check="all" check_existence="all_exist" version="1">
-+
-+  <ind:textfilecontent54_test id="test_fips_1_argument_in_etc_kernel_cmdline" version="1"
-+    check="all" check_existence="all_exist"
-+    comment="Check if argument fips=1 is present in /etc/kernel/cmdline">
-     <ind:object object_ref="object_fips_1_argument_in_etc_kernel_cmdline" />
-     <ind:state state_ref="state_fips_1_argument_in_captured_group" />
-   </ind:textfilecontent54_test>
-+
-   <ind:textfilecontent54_object id="object_fips_1_argument_in_etc_kernel_cmdline" version="1">
-     <ind:filepath operation="pattern match">^/etc/kernel/cmdline</ind:filepath>
-     <ind:pattern operation="pattern match">^(.*)$</ind:pattern>
-     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
-   </ind:textfilecontent54_object>
- 
--  <ind:variable_test check="at least one" comment="tests if var_system_crypto_policy is set to FIPS" id="test_system_crypto_policy_value" version="1">
-+  <ind:variable_test id="test_system_crypto_policy_value" version="1"
-+    check="at least one" comment="tests if var_system_crypto_policy is set to FIPS">
-     <ind:object object_ref="obj_system_crypto_policy_value" />
-     <ind:state state_ref="ste_system_crypto_policy_value" />
-   </ind:variable_test>
-+
-   <ind:variable_object id="obj_system_crypto_policy_value" version="1">
-     <ind:var_ref>var_system_crypto_policy</ind:var_ref>
-   </ind:variable_object>
--  <ind:variable_state comment="variable value is set to 'FIPS' or 'FIPS:modifier', where the modifier corresponds to a crypto policy module that further restricts the modified crypto policy." id="ste_system_crypto_policy_value" version="2">
-+
-+  <ind:variable_state id="ste_system_crypto_policy_value" version="2"
-+    comment="variable value is set to 'FIPS' or 'FIPS:modifier', where the modifier corresponds to a crypto policy module that further restricts the modified crypto policy.">
-   {{% if product in ["ol9","rhel9"] -%}}
-     <ind:value operation="pattern match" datatype="string">^FIPS(:OSPP)?$</ind:value>
-   {{%- else %}}
--  {{# Legacy and more relaxed list of crypto policies that were historically considered FIPS-compatible. More recent products should use the more restricted list of options #}}
-+  {{# Legacy and more relaxed list of crypto policies that were historically considered
-+      FIPS-compatible. More recent products should use the more restricted list of options #}}
-     <ind:value operation="pattern match" datatype="string">^FIPS(:(OSPP|NO-SHA1|NO-CAMELLIA))?$</ind:value>
-   {{%- endif %}}
-   </ind:variable_state>
-+
-   {{% if product in ["ol8","rhel8"] %}}
--  <ind:textfilecontent54_test check="all" check_existence="all_exist" id="test_grubenv_fips_mode"
--  comment="Fips mode selected in running kernel opts" version="1">
-+  <ind:textfilecontent54_test id="test_grubenv_fips_mode" version="1"
-+    check="all" check_existence="all_exist"
-+    comment="Fips mode selected in running kernel opts">
-     <ind:object object_ref="obj_grubenv_fips_mode" />
-   </ind:textfilecontent54_test>
--  <ind:textfilecontent54_object id="obj_grubenv_fips_mode"
--  version="1">
-+
-+  <ind:textfilecontent54_object id="obj_grubenv_fips_mode" version="1">
-     <ind:filepath>/boot/grub2/grubenv</ind:filepath>
-     <ind:pattern operation="pattern match">fips=1</ind:pattern>
-     <ind:instance datatype="int">1</ind:instance>
-   </ind:textfilecontent54_object>
-   {{% endif %}}
--  <external_variable comment="defined crypto policy" datatype="string" id="var_system_crypto_policy" version="1" />
-+
-+  <external_variable id="var_system_crypto_policy" version="1"
-+    datatype="string" comment="defined crypto policy"/>
- </def-group>
-
-From 6a62a2f1b61e51326c7cadd2a0494200d98cc02e Mon Sep 17 00:00:00 2001
-From: Marcus Burghardt <maburgha@redhat.com>
-Date: Thu, 27 Jul 2023 10:20:33 +0200
-Subject: [PATCH 2/2] Improve OVAL comments for better readability
-
-Simplified the comments and aligned the respective lines to the
-project Style Guides.
----
- .../fips/enable_fips_mode/oval/shared.xml     | 31 ++++++++++---------
- 1 file changed, 16 insertions(+), 15 deletions(-)
-
-diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-index 0ec076a5fb7..88aae7aaab9 100644
---- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-@@ -3,36 +3,36 @@
-     {{{ oval_metadata("Check if FIPS mode is enabled on the system") }}}
-     <criteria operator="AND">
-       <extend_definition definition_ref="etc_system_fips_exists"
--        comment="check /etc/system-fips exists"/>
-+        comment="check /etc/system-fips file existence"/>
-       <extend_definition definition_ref="sysctl_crypto_fips_enabled"
--        comment="check sysctl crypto.fips_enabled = 1"/>
-+        comment="check option crypto.fips_enabled = 1 in sysctl"/>
-       <extend_definition definition_ref="enable_dracut_fips_module"
--        comment="Dracut FIPS module is enabled"/>
-+        comment="dracut FIPS module is enabled"/>
-       <extend_definition definition_ref="configure_crypto_policy"
-         comment="system cryptography policy is configured"/>
-       <criterion test_ref="test_system_crypto_policy_value"
--        comment="check if system crypto policy selection in var_system_crypto_policy in the profile is set to FIPS"/>
-+        comment="check if var_system_crypto_policy variable selection is set to FIPS"/>
-       <criterion test_ref="test_fips_1_argument_in_etc_kernel_cmdline"
--        comment="Check if argument fips=1 for Linux kernel is present in /etc/kernel/cmdline"/>
-+        comment="check if kernel option fips=1 is present in /etc/kernel/cmdline"/>
-       {{% if "ol" in product or "rhel" in product %}}
-       <criteria operator="OR">
-         <criteria operator="AND">
-           <extend_definition definition_ref="system_info_architecture_s390_64"
--            comment="Generic test for s390x architecture"/>
-+            comment="generic test for s390x architecture"/>
-           <criterion test_ref="test_fips_1_argument_in_boot_loader_entries_conf"
--            comment="Check if argument fips=1 for Linux kernel is present in /boot/loader/entries/.*.conf"/>
-+            comment="check if kernel option fips=1 is present in /boot/loader/entries/.*.conf"/>
-         </criteria>
-         <criteria operator="AND">
-           <criteria negate="true">
-             <extend_definition definition_ref="system_info_architecture_s390_64"
--              comment="Generic test for NOT s390x architecture"/>
-+              comment="generic test for non-s390x architecture"/>
-           </criteria>
-           {{% if product in ["ol8", "rhel8"] %}}
-           <criterion test_ref="test_grubenv_fips_mode"
-             comment="check if the kernel boot parameter is configured for FIPS mode"/>
-           {{% else %}}
-           <criterion test_ref="test_fips_1_argument_in_boot_loader_entries_conf"
--            comment="Check if argument fips=1 for Linux kernel is present in /boot/loader/entries/.*.conf"/>
-+            comment="check if kernel option fips=1 is present in /boot/loader/entries/.*.conf"/>
-           {{% endif %}}
-         </criteria>
-       </criteria>
-@@ -42,7 +42,7 @@
- 
-   <ind:textfilecontent54_test id="test_fips_1_argument_in_boot_loader_entries_conf" version="1"
-     check="all" check_existence="all_exist"
--    comment="Check if argument fips=1 is present in the line starting with 'options ' in /boot/loader/entries/.*.conf">
-+    comment="check if kernel option fips=1 is present in options in /boot/loader/entries/.*.conf">
-     <ind:object object_ref="object_fips_1_argument_in_boot_loader_entries_conf" />
-     <ind:state state_ref="state_fips_1_argument_in_captured_group" />
-   </ind:textfilecontent54_test>
-@@ -59,7 +59,7 @@
- 
-   <ind:textfilecontent54_test id="test_fips_1_argument_in_etc_kernel_cmdline" version="1"
-     check="all" check_existence="all_exist"
--    comment="Check if argument fips=1 is present in /etc/kernel/cmdline">
-+    comment="check if kernel option fips=1 is present in /etc/kernel/cmdline">
-     <ind:object object_ref="object_fips_1_argument_in_etc_kernel_cmdline" />
-     <ind:state state_ref="state_fips_1_argument_in_captured_group" />
-   </ind:textfilecontent54_test>
-@@ -71,7 +71,7 @@
-   </ind:textfilecontent54_object>
- 
-   <ind:variable_test id="test_system_crypto_policy_value" version="1"
--    check="at least one" comment="tests if var_system_crypto_policy is set to FIPS">
-+    check="at least one" comment="test if var_system_crypto_policy selection is set to FIPS">
-     <ind:object object_ref="obj_system_crypto_policy_value" />
-     <ind:state state_ref="ste_system_crypto_policy_value" />
-   </ind:variable_test>
-@@ -81,7 +81,8 @@
-   </ind:variable_object>
- 
-   <ind:variable_state id="ste_system_crypto_policy_value" version="2"
--    comment="variable value is set to 'FIPS' or 'FIPS:modifier', where the modifier corresponds to a crypto policy module that further restricts the modified crypto policy.">
-+    comment="variable value is set to 'FIPS' or 'FIPS:modifier', where the modifier corresponds
-+to a crypto policy module that further restricts the modified crypto policy.">
-   {{% if product in ["ol9","rhel9"] -%}}
-     <ind:value operation="pattern match" datatype="string">^FIPS(:OSPP)?$</ind:value>
-   {{%- else %}}
-@@ -94,7 +95,7 @@
-   {{% if product in ["ol8","rhel8"] %}}
-   <ind:textfilecontent54_test id="test_grubenv_fips_mode" version="1"
-     check="all" check_existence="all_exist"
--    comment="Fips mode selected in running kernel opts">
-+    comment="FIPS mode is selected in running kernel options">
-     <ind:object object_ref="obj_grubenv_fips_mode" />
-   </ind:textfilecontent54_test>
- 
-@@ -106,5 +107,5 @@
-   {{% endif %}}
- 
-   <external_variable id="var_system_crypto_policy" version="1"
--    datatype="string" comment="defined crypto policy"/>
-+    datatype="string" comment="variable which selects the crypto policy"/>
- </def-group>
diff --git a/SOURCES/scap-security-guide-0.1.70-remove_sebool_secure_insmod_from_anssi-PR_11001.patch b/SOURCES/scap-security-guide-0.1.70-remove_sebool_secure_insmod_from_anssi-PR_11001.patch
deleted file mode 100644
index bf45744..0000000
--- a/SOURCES/scap-security-guide-0.1.70-remove_sebool_secure_insmod_from_anssi-PR_11001.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 08b9f875630e119d90a5a1fc3694f6168ad19cb9 Mon Sep 17 00:00:00 2001
-From: Vojtech Polasek <vpolasek@redhat.com>
-Date: Thu, 17 Aug 2023 10:50:09 +0200
-Subject: [PATCH] remove sebool_secure_mode_insmod from RHEL ANSSI high
-
----
- products/rhel8/profiles/anssi_bp28_high.profile | 2 ++
- products/rhel9/profiles/anssi_bp28_high.profile | 2 ++
- 2 files changed, 4 insertions(+)
-
-diff --git a/products/rhel8/profiles/anssi_bp28_high.profile b/products/rhel8/profiles/anssi_bp28_high.profile
-index e2eeabbb78d..204e141b1f5 100644
---- a/products/rhel8/profiles/anssi_bp28_high.profile
-+++ b/products/rhel8/profiles/anssi_bp28_high.profile
-@@ -17,3 +17,5 @@ description: |-
- 
- selections:
-     - anssi:all:high
-+    # the following rule renders UEFI systems unbootable
-+    - '!sebool_secure_mode_insmod'
-diff --git a/products/rhel9/profiles/anssi_bp28_high.profile b/products/rhel9/profiles/anssi_bp28_high.profile
-index e2eeabbb78d..204e141b1f5 100644
---- a/products/rhel9/profiles/anssi_bp28_high.profile
-+++ b/products/rhel9/profiles/anssi_bp28_high.profile
-@@ -17,3 +17,5 @@ description: |-
- 
- selections:
-     - anssi:all:high
-+    # the following rule renders UEFI systems unbootable
-+    - '!sebool_secure_mode_insmod'
diff --git a/SPECS/scap-security-guide.spec b/SPECS/scap-security-guide.spec
index f01e398..138ce60 100644
--- a/SPECS/scap-security-guide.spec
+++ b/SPECS/scap-security-guide.spec
@@ -5,7 +5,7 @@
 # global _default_patch_fuzz 2  # Normally shouldn't be needed as patches should apply cleanly
 
 Name:		scap-security-guide
-Version:	0.1.69
+Version:	0.1.72
 Release:	2%{?dist}
 Summary:	Security guidance and baselines in SCAP formats
 License:	BSD-3-Clause
@@ -14,13 +14,8 @@ URL:		https://github.com/ComplianceAsCode/content/
 Source0:	https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
 # Include tarball with last released rhel6 content
 Source1:	%{_static_rhel6_content}.tar.bz2
-# Patch prevents cjis, rht-ccp and standard profiles in RHEL8 datastream
-Patch0: disable-not-in-good-shape-profiles.patch
-# Fix rule enable_fips_mode
-Patch1: scap-security-guide-0.1.70-improve_readability_enable_fips_mode-PR_10911.patch
-Patch2: scap-security-guide-0.1.70-fix_enable_fips_mode-PR_10961.patch
-# remove rule sebool_secure_mode_insmod from ANSSI high profile because it prevents UEFI-based systems from booting
-Patch3: scap-security-guide-0.1.70-remove_sebool_secure_insmod_from_anssi-PR_11001.patch
+# Patch hides cjis, rht-ccp and standard profiles for RHEL8
+Patch0: hide-profiles-not-in-good-shape-for-RHEL.patch
 
 BuildArch:	noarch
 
@@ -127,6 +122,24 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name
 %endif
 
 %changelog
+* Fri Feb 16 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-2
+- Unlist profiles no longer maintained in RHEL8.
+
+* Wed Feb 14 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-1
+- Rebase to a new upstream release 0.1.72 (RHEL-25250)
+- Increase CIS standards coverage regarding SSH and cron (RHEL-1314)
+- Increase compatibility of accounts_tmout rule for ksh (RHEL-16896 and RHEL-1811)
+- Align Ansible and Bash remediation in sssd_certificate_verification rule (RHEL-1313)
+- Add a warning to rule service_rngd_enabled about rule applicability (RHEL-1819)
+- Add rule to terminate idle user sessions after defined time (RHEL-1801)
+- Allow spaces around equal sign in /etc/sudoers (RHEL-1904)
+- Add remediation for rule fapolicy_default_deny (RHEL-1817)
+- Fix invalid syntax in file /usr/share/scap-security-guide/ansible/rhel8-playbook-ospp.yml (RHEL-19127)
+- Refactor ensure_pam_wheel_group_empty (RHEL-1905)
+- Prevent remediation of display_login_attempts rule from creating redundant configuration entries (RHEL-1809)
+- Update PCI-DSS to v4 (RHEL-1808)
+- Fix regex in Ansible remediation of configure_ssh_crypto_policy (RHEL-1820)
+
 * Thu Aug 17 2023 Vojtech Polasek <vpolasek@redhat.com> - 0.1.69-2
 - remove problematic rule from ANSSI High profile (RHBZ#2221695)