scap-security-guide/SOURCES/scap-security-guide-0.1.60-rhel8_stig_v1r4-PR_7930.patch
2022-04-26 18:09:24 +00:00

2251 lines
634 KiB
Diff

commit a9b9db2a5e9ad655258a0f8823f57519b6bb37f8
Author: Gabriel Becker <ggasparb@redhat.com>
Date: Thu Feb 24 17:40:22 2022 +0100
Manual edited patch scap-security-guide-0.1.60-rhel8_stig_v1r4-PR_7930.patch.
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
index 1b71c7d..bccc7eb 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
@@ -14,7 +14,7 @@ rationale: |-
A misconfigured umask value could result in files with excessive permissions that can be read or
written to by unauthorized users.
-severity: unknown
+severity: medium
identifiers:
cce@rhcos4: CCE-84261-7
@@ -31,7 +31,8 @@ references:
nerc-cip: CIP-003-3 R5.1.1,CIP-003-3 R5.3,CIP-004-3 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
nist: AC-6(1),CM-6(a)
nist-csf: PR.IP-2
- srg: SRG-OS-000480-GPOS-00228
+ srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
+ stigid@rhel8: RHEL-08-020353
ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly'
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
index 85e98cf..822463e 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
@@ -12,7 +12,7 @@ rationale: |-
A misconfigured umask value could result in files with excessive permissions that can be read or
written to by unauthorized users.
-severity: unknown
+severity: medium
identifiers:
cce@rhcos4: CCE-84262-5
@@ -33,7 +33,8 @@ references:
nerc-cip: CIP-003-3 R5.1.1,CIP-003-3 R5.3,CIP-004-3 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
nist: AC-6(1),CM-6(a)
nist-csf: PR.IP-2
- srg: SRG-OS-000480-GPOS-00228
+ srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
+ stigid@rhel8: RHEL-08-020353
ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly'
diff --git a/products/rhel8/profiles/stig.profile b/products/rhel8/profiles/stig.profile
index 5e9a221..3582e44 100644
--- a/products/rhel8/profiles/stig.profile
+++ b/products/rhel8/profiles/stig.profile
@@ -1,7 +1,7 @@
documentation_complete: true
metadata:
- version: V1R3
+ version: V1R4
SMEs:
- ggbecker
@@ -11,7 +11,7 @@ title: 'DISA STIG for Red Hat Enterprise Linux 8'
description: |-
This profile contains configuration checks that align to the
- DISA STIG for Red Hat Enterprise Linux 8 V1R3.
+ DISA STIG for Red Hat Enterprise Linux 8 V1R4.
In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
configuration baseline as applicable to the operating system tier of
@@ -162,8 +162,6 @@ selections:
# RHEL-08-010171
- package_policycoreutils_installed
- # RHEL-08-010180
-
# RHEL-08-010190
- dir_perms_world_writable_sticky_bits
@@ -352,7 +350,6 @@ selections:
- partition_for_tmp
# RHEL-08-010544
- ### NOTE: Will probably show up in V1R3 - Q3 of 21'
- partition_for_var_tmp
# RHEL-08-010550
@@ -621,6 +618,8 @@ selections:
# RHEL-08-020353
- accounts_umask_etc_bashrc
+ - accounts_umask_etc_csh_cshrc
+ - accounts_umask_etc_profile
# RHEL-08-030000
- audit_rules_suid_privilege_function
diff --git a/products/rhel8/profiles/stig_gui.profile b/products/rhel8/profiles/stig_gui.profile
index 0fdd755..e1f0f71 100644
--- a/products/rhel8/profiles/stig_gui.profile
+++ b/products/rhel8/profiles/stig_gui.profile
@@ -1,7 +1,7 @@
documentation_complete: true
metadata:
- version: V1R3
+ version: V1R4
SMEs:
- ggbecker
@@ -11,7 +11,7 @@ title: 'DISA STIG with GUI for Red Hat Enterprise Linux 8'
description: |-
This profile contains configuration checks that align to the
- DISA STIG with GUI for Red Hat Enterprise Linux 8 V1R3.
+ DISA STIG with GUI for Red Hat Enterprise Linux 8 V1R4.
In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
configuration baseline as applicable to the operating system tier of
diff --git a/products/rhel9/profiles/stig.profile b/products/rhel9/profiles/stig.profile
index 8d60468..9acb63a 100644
--- a/products/rhel9/profiles/stig.profile
+++ b/products/rhel9/profiles/stig.profile
@@ -143,8 +143,6 @@ selections:
# RHEL-08-010171
- package_policycoreutils_installed
- # RHEL-08-010180
-
# RHEL-08-010190
- dir_perms_world_writable_sticky_bits
@@ -309,7 +307,6 @@ selections:
- partition_for_tmp
# RHEL-08-010544
- ### NOTE: Will probably show up in V1R3 - Q3 of 21'
- partition_for_var_tmp
# RHEL-08-010550
@@ -566,6 +563,8 @@ selections:
# RHEL-08-020353
- accounts_umask_etc_bashrc
+ - accounts_umask_etc_csh_cshrc
+ - accounts_umask_etc_profile
# RHEL-08-030000
# - audit_rules_suid_privilege_function # not supported in RHEL9 ATM
diff --git a/shared/references/disa-stig-rhel8-v1r3-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v1r4-xccdf-manual.xml
similarity index 80%
rename from shared/references/disa-stig-rhel8-v1r3-xccdf-manual.xml
rename to shared/references/disa-stig-rhel8-v1r4-xccdf-manual.xml
index abff501..46c5fa1 100644
--- a/shared/references/disa-stig-rhel8-v1r3-xccdf-manual.xml
+++ b/shared/references/disa-stig-rhel8-v1r4-xccdf-manual.xml
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?><?xml-stylesheet type='text/xsl' href='STIG_unclass.xsl'?><Benchmark xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/schema/xccdf-1.1.4.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd" id="RHEL_8_STIG" xml:lang="en" xmlns="http://checklists.nist.gov/xccdf/1.1"><status date="2021-06-14">accepted</status><title>Red Hat Enterprise Linux 8 Security Technical Implementation Guide</title><description>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.</description><notice id="terms-of-use" xml:lang="en"></notice><front-matter xml:lang="en"></front-matter><rear-matter xml:lang="en"></rear-matter><reference href="https://cyber.mil"><dc:publisher>DISA</dc:publisher><dc:source>STIG.DOD.MIL</dc:source></reference><plain-text id="release-info">Release: 3 Benchmark Date: 23 Jul 2021</plain-text><plain-text id="generator">3.2.2.36079</plain-text><plain-text id="conventionsVersion">1.10.0</plain-text><version>1</version><Profile id="MAC-1_Classified"><title>I - Mission Critical Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-1_Public"><title>I - Mission Critical Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-1_Sensitive"><title>I - Mission Critical Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-2_Classified"><title>II - Mission Support Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-2_Public"><title>II - Mission Support Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-2_Sensitive"><title>II - Mission Support Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-3_Classified"><title>III - Administrative Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-3_Public"><title>III - Administrative Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Profile id="MAC-3_Sensitive"><title>III - Administrative Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230242" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /></Profile><Group id="V-230221"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230221r743913_rule" weight="10.0" severity="high"><version>RHEL-08-010000</version><title>RHEL 8 must be a vendor-supported release.</title><description>&lt;VulnDiscussion&gt;An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.
+<?xml version="1.0" encoding="utf-8"?><?xml-stylesheet type='text/xsl' href='STIG_unclass.xsl'?><Benchmark xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cpe="http://cpe.mitre.org/language/2.0" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/schema/xccdf-1.1.4.xsd http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd" id="RHEL_8_STIG" xml:lang="en" xmlns="http://checklists.nist.gov/xccdf/1.1"><status date="2021-08-18">accepted</status><title>Red Hat Enterprise Linux 8 Security Technical Implementation Guide</title><description>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.</description><notice id="terms-of-use" xml:lang="en"></notice><front-matter xml:lang="en"></front-matter><rear-matter xml:lang="en"></rear-matter><reference href="https://cyber.mil"><dc:publisher>DISA</dc:publisher><dc:source>STIG.DOD.MIL</dc:source></reference><plain-text id="release-info">Release: 4 Benchmark Date: 27 Oct 2021</plain-text><plain-text id="generator">3.2.2.36079</plain-text><plain-text id="conventionsVersion">1.10.0</plain-text><version>1</version><Profile id="MAC-1_Classified"><title>I - Mission Critical Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-1_Public"><title>I - Mission Critical Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-1_Sensitive"><title>I - Mission Critical Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-2_Classified"><title>II - Mission Support Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-2_Public"><title>II - Mission Support Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-2_Sensitive"><title>II - Mission Support Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-3_Classified"><title>III - Administrative Classified</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-3_Public"><title>III - Administrative Public</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Profile id="MAC-3_Sensitive"><title>III - Administrative Sensitive</title><description>&lt;ProfileDescription&gt;&lt;/ProfileDescription&gt;</description><select idref="V-230221" selected="true" /><select idref="V-230222" selected="true" /><select idref="V-230223" selected="true" /><select idref="V-230224" selected="true" /><select idref="V-230225" selected="true" /><select idref="V-230226" selected="true" /><select idref="V-230227" selected="true" /><select idref="V-230228" selected="true" /><select idref="V-230229" selected="true" /><select idref="V-230230" selected="true" /><select idref="V-230231" selected="true" /><select idref="V-230232" selected="true" /><select idref="V-230233" selected="true" /><select idref="V-230234" selected="true" /><select idref="V-230235" selected="true" /><select idref="V-230236" selected="true" /><select idref="V-230237" selected="true" /><select idref="V-230238" selected="true" /><select idref="V-230239" selected="true" /><select idref="V-230240" selected="true" /><select idref="V-230241" selected="true" /><select idref="V-230243" selected="true" /><select idref="V-230244" selected="true" /><select idref="V-230245" selected="true" /><select idref="V-230246" selected="true" /><select idref="V-230247" selected="true" /><select idref="V-230248" selected="true" /><select idref="V-230249" selected="true" /><select idref="V-230250" selected="true" /><select idref="V-230251" selected="true" /><select idref="V-230252" selected="true" /><select idref="V-230253" selected="true" /><select idref="V-230254" selected="true" /><select idref="V-230255" selected="true" /><select idref="V-230256" selected="true" /><select idref="V-230257" selected="true" /><select idref="V-230258" selected="true" /><select idref="V-230259" selected="true" /><select idref="V-230260" selected="true" /><select idref="V-230261" selected="true" /><select idref="V-230262" selected="true" /><select idref="V-230263" selected="true" /><select idref="V-230264" selected="true" /><select idref="V-230265" selected="true" /><select idref="V-230266" selected="true" /><select idref="V-230267" selected="true" /><select idref="V-230268" selected="true" /><select idref="V-230269" selected="true" /><select idref="V-230270" selected="true" /><select idref="V-230271" selected="true" /><select idref="V-230272" selected="true" /><select idref="V-230273" selected="true" /><select idref="V-230274" selected="true" /><select idref="V-230275" selected="true" /><select idref="V-230276" selected="true" /><select idref="V-230277" selected="true" /><select idref="V-230278" selected="true" /><select idref="V-230279" selected="true" /><select idref="V-230280" selected="true" /><select idref="V-230281" selected="true" /><select idref="V-230282" selected="true" /><select idref="V-230283" selected="true" /><select idref="V-230284" selected="true" /><select idref="V-230285" selected="true" /><select idref="V-230286" selected="true" /><select idref="V-230287" selected="true" /><select idref="V-230288" selected="true" /><select idref="V-230289" selected="true" /><select idref="V-230290" selected="true" /><select idref="V-230291" selected="true" /><select idref="V-230292" selected="true" /><select idref="V-230293" selected="true" /><select idref="V-230294" selected="true" /><select idref="V-230295" selected="true" /><select idref="V-230296" selected="true" /><select idref="V-230297" selected="true" /><select idref="V-230298" selected="true" /><select idref="V-230299" selected="true" /><select idref="V-230300" selected="true" /><select idref="V-230301" selected="true" /><select idref="V-230302" selected="true" /><select idref="V-230303" selected="true" /><select idref="V-230304" selected="true" /><select idref="V-230305" selected="true" /><select idref="V-230306" selected="true" /><select idref="V-230307" selected="true" /><select idref="V-230308" selected="true" /><select idref="V-230309" selected="true" /><select idref="V-230310" selected="true" /><select idref="V-230311" selected="true" /><select idref="V-230312" selected="true" /><select idref="V-230313" selected="true" /><select idref="V-230314" selected="true" /><select idref="V-230315" selected="true" /><select idref="V-230316" selected="true" /><select idref="V-230317" selected="true" /><select idref="V-230318" selected="true" /><select idref="V-230319" selected="true" /><select idref="V-230320" selected="true" /><select idref="V-230321" selected="true" /><select idref="V-230322" selected="true" /><select idref="V-230323" selected="true" /><select idref="V-230324" selected="true" /><select idref="V-230325" selected="true" /><select idref="V-230326" selected="true" /><select idref="V-230327" selected="true" /><select idref="V-230328" selected="true" /><select idref="V-230329" selected="true" /><select idref="V-230330" selected="true" /><select idref="V-230331" selected="true" /><select idref="V-230332" selected="true" /><select idref="V-230333" selected="true" /><select idref="V-230334" selected="true" /><select idref="V-230335" selected="true" /><select idref="V-230336" selected="true" /><select idref="V-230337" selected="true" /><select idref="V-230338" selected="true" /><select idref="V-230339" selected="true" /><select idref="V-230340" selected="true" /><select idref="V-230341" selected="true" /><select idref="V-230342" selected="true" /><select idref="V-230343" selected="true" /><select idref="V-230344" selected="true" /><select idref="V-230345" selected="true" /><select idref="V-230346" selected="true" /><select idref="V-230347" selected="true" /><select idref="V-230348" selected="true" /><select idref="V-230349" selected="true" /><select idref="V-230350" selected="true" /><select idref="V-230351" selected="true" /><select idref="V-230352" selected="true" /><select idref="V-230353" selected="true" /><select idref="V-230354" selected="true" /><select idref="V-230355" selected="true" /><select idref="V-230356" selected="true" /><select idref="V-230357" selected="true" /><select idref="V-230358" selected="true" /><select idref="V-230359" selected="true" /><select idref="V-230360" selected="true" /><select idref="V-230361" selected="true" /><select idref="V-230362" selected="true" /><select idref="V-230363" selected="true" /><select idref="V-230364" selected="true" /><select idref="V-230365" selected="true" /><select idref="V-230366" selected="true" /><select idref="V-230367" selected="true" /><select idref="V-230368" selected="true" /><select idref="V-230369" selected="true" /><select idref="V-230370" selected="true" /><select idref="V-230371" selected="true" /><select idref="V-230372" selected="true" /><select idref="V-230373" selected="true" /><select idref="V-230374" selected="true" /><select idref="V-230375" selected="true" /><select idref="V-230376" selected="true" /><select idref="V-230377" selected="true" /><select idref="V-230378" selected="true" /><select idref="V-230379" selected="true" /><select idref="V-230380" selected="true" /><select idref="V-230381" selected="true" /><select idref="V-230382" selected="true" /><select idref="V-230383" selected="true" /><select idref="V-230384" selected="true" /><select idref="V-230385" selected="true" /><select idref="V-230386" selected="true" /><select idref="V-230387" selected="true" /><select idref="V-230388" selected="true" /><select idref="V-230389" selected="true" /><select idref="V-230390" selected="true" /><select idref="V-230391" selected="true" /><select idref="V-230392" selected="true" /><select idref="V-230393" selected="true" /><select idref="V-230394" selected="true" /><select idref="V-230395" selected="true" /><select idref="V-230396" selected="true" /><select idref="V-230397" selected="true" /><select idref="V-230398" selected="true" /><select idref="V-230399" selected="true" /><select idref="V-230400" selected="true" /><select idref="V-230401" selected="true" /><select idref="V-230402" selected="true" /><select idref="V-230403" selected="true" /><select idref="V-230404" selected="true" /><select idref="V-230405" selected="true" /><select idref="V-230406" selected="true" /><select idref="V-230407" selected="true" /><select idref="V-230408" selected="true" /><select idref="V-230409" selected="true" /><select idref="V-230410" selected="true" /><select idref="V-230411" selected="true" /><select idref="V-230412" selected="true" /><select idref="V-230413" selected="true" /><select idref="V-230414" selected="true" /><select idref="V-230415" selected="true" /><select idref="V-230416" selected="true" /><select idref="V-230417" selected="true" /><select idref="V-230418" selected="true" /><select idref="V-230419" selected="true" /><select idref="V-230420" selected="true" /><select idref="V-230421" selected="true" /><select idref="V-230422" selected="true" /><select idref="V-230423" selected="true" /><select idref="V-230424" selected="true" /><select idref="V-230425" selected="true" /><select idref="V-230426" selected="true" /><select idref="V-230427" selected="true" /><select idref="V-230428" selected="true" /><select idref="V-230429" selected="true" /><select idref="V-230430" selected="true" /><select idref="V-230431" selected="true" /><select idref="V-230432" selected="true" /><select idref="V-230433" selected="true" /><select idref="V-230434" selected="true" /><select idref="V-230435" selected="true" /><select idref="V-230436" selected="true" /><select idref="V-230437" selected="true" /><select idref="V-230438" selected="true" /><select idref="V-230439" selected="true" /><select idref="V-230440" selected="true" /><select idref="V-230441" selected="true" /><select idref="V-230442" selected="true" /><select idref="V-230443" selected="true" /><select idref="V-230444" selected="true" /><select idref="V-230445" selected="true" /><select idref="V-230446" selected="true" /><select idref="V-230447" selected="true" /><select idref="V-230448" selected="true" /><select idref="V-230449" selected="true" /><select idref="V-230450" selected="true" /><select idref="V-230451" selected="true" /><select idref="V-230452" selected="true" /><select idref="V-230453" selected="true" /><select idref="V-230454" selected="true" /><select idref="V-230455" selected="true" /><select idref="V-230456" selected="true" /><select idref="V-230457" selected="true" /><select idref="V-230458" selected="true" /><select idref="V-230459" selected="true" /><select idref="V-230460" selected="true" /><select idref="V-230461" selected="true" /><select idref="V-230462" selected="true" /><select idref="V-230463" selected="true" /><select idref="V-230464" selected="true" /><select idref="V-230465" selected="true" /><select idref="V-230466" selected="true" /><select idref="V-230467" selected="true" /><select idref="V-230468" selected="true" /><select idref="V-230469" selected="true" /><select idref="V-230470" selected="true" /><select idref="V-230471" selected="true" /><select idref="V-230472" selected="true" /><select idref="V-230473" selected="true" /><select idref="V-230474" selected="true" /><select idref="V-230475" selected="true" /><select idref="V-230476" selected="true" /><select idref="V-230477" selected="true" /><select idref="V-230478" selected="true" /><select idref="V-230479" selected="true" /><select idref="V-230480" selected="true" /><select idref="V-230481" selected="true" /><select idref="V-230482" selected="true" /><select idref="V-230483" selected="true" /><select idref="V-230484" selected="true" /><select idref="V-230485" selected="true" /><select idref="V-230486" selected="true" /><select idref="V-230487" selected="true" /><select idref="V-230488" selected="true" /><select idref="V-230489" selected="true" /><select idref="V-230491" selected="true" /><select idref="V-230492" selected="true" /><select idref="V-230493" selected="true" /><select idref="V-230494" selected="true" /><select idref="V-230495" selected="true" /><select idref="V-230496" selected="true" /><select idref="V-230497" selected="true" /><select idref="V-230498" selected="true" /><select idref="V-230499" selected="true" /><select idref="V-230500" selected="true" /><select idref="V-230502" selected="true" /><select idref="V-230503" selected="true" /><select idref="V-230504" selected="true" /><select idref="V-230505" selected="true" /><select idref="V-230506" selected="true" /><select idref="V-230507" selected="true" /><select idref="V-230508" selected="true" /><select idref="V-230509" selected="true" /><select idref="V-230510" selected="true" /><select idref="V-230511" selected="true" /><select idref="V-230512" selected="true" /><select idref="V-230513" selected="true" /><select idref="V-230514" selected="true" /><select idref="V-230515" selected="true" /><select idref="V-230516" selected="true" /><select idref="V-230517" selected="true" /><select idref="V-230518" selected="true" /><select idref="V-230519" selected="true" /><select idref="V-230520" selected="true" /><select idref="V-230521" selected="true" /><select idref="V-230522" selected="true" /><select idref="V-230523" selected="true" /><select idref="V-230524" selected="true" /><select idref="V-230525" selected="true" /><select idref="V-230526" selected="true" /><select idref="V-230527" selected="true" /><select idref="V-230529" selected="true" /><select idref="V-230530" selected="true" /><select idref="V-230531" selected="true" /><select idref="V-230532" selected="true" /><select idref="V-230533" selected="true" /><select idref="V-230534" selected="true" /><select idref="V-230535" selected="true" /><select idref="V-230536" selected="true" /><select idref="V-230537" selected="true" /><select idref="V-230538" selected="true" /><select idref="V-230539" selected="true" /><select idref="V-230540" selected="true" /><select idref="V-230541" selected="true" /><select idref="V-230542" selected="true" /><select idref="V-230543" selected="true" /><select idref="V-230544" selected="true" /><select idref="V-230545" selected="true" /><select idref="V-230546" selected="true" /><select idref="V-230547" selected="true" /><select idref="V-230548" selected="true" /><select idref="V-230549" selected="true" /><select idref="V-230550" selected="true" /><select idref="V-230551" selected="true" /><select idref="V-230552" selected="true" /><select idref="V-230553" selected="true" /><select idref="V-230554" selected="true" /><select idref="V-230555" selected="true" /><select idref="V-230556" selected="true" /><select idref="V-230557" selected="true" /><select idref="V-230558" selected="true" /><select idref="V-230559" selected="true" /><select idref="V-230560" selected="true" /><select idref="V-230561" selected="true" /><select idref="V-237640" selected="true" /><select idref="V-237641" selected="true" /><select idref="V-237642" selected="true" /><select idref="V-237643" selected="true" /><select idref="V-244519" selected="true" /><select idref="V-244520" selected="true" /><select idref="V-244521" selected="true" /><select idref="V-244522" selected="true" /><select idref="V-244523" selected="true" /><select idref="V-244524" selected="true" /><select idref="V-244525" selected="true" /><select idref="V-244526" selected="true" /><select idref="V-244527" selected="true" /><select idref="V-244528" selected="true" /><select idref="V-244529" selected="true" /><select idref="V-244530" selected="true" /><select idref="V-244531" selected="true" /><select idref="V-244532" selected="true" /><select idref="V-244533" selected="true" /><select idref="V-244534" selected="true" /><select idref="V-244535" selected="true" /><select idref="V-244536" selected="true" /><select idref="V-244537" selected="true" /><select idref="V-244538" selected="true" /><select idref="V-244539" selected="true" /><select idref="V-244540" selected="true" /><select idref="V-244541" selected="true" /><select idref="V-244542" selected="true" /><select idref="V-244543" selected="true" /><select idref="V-244544" selected="true" /><select idref="V-244545" selected="true" /><select idref="V-244546" selected="true" /><select idref="V-244547" selected="true" /><select idref="V-244548" selected="true" /><select idref="V-244549" selected="true" /><select idref="V-244550" selected="true" /><select idref="V-244551" selected="true" /><select idref="V-244552" selected="true" /><select idref="V-244553" selected="true" /><select idref="V-244554" selected="true" /><select idref="V-245540" selected="true" /><select idref="V-250315" selected="true" /><select idref="V-250316" selected="true" /><select idref="V-250317" selected="true" /></Profile><Group id="V-230221"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230221r743913_rule" weight="10.0" severity="high"><version>RHEL-08-010000</version><title>RHEL 8 must be a vendor-supported release.</title><description>&lt;VulnDiscussion&gt;An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.
Red Hat offers the Extended Update Support (EUS) ad-on to a Red Hat Enterprise Linux subscription, for a fee, for those customers who wish to standardize on a specific minor release for an extended period. The RHEL 8 minor releases eligible for EUS are 8.1, 8.2, 8.4, 8.6, and 8.8. Each RHEL 8 EUS stream is available for 24 months from the availability of the minor release. RHEL 8.10 will be the final minor release overall. For more details on the Red Hat Enterprise Linux Life Cycle visit https://access.redhat.com/support/policy/updates/errata.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-32865r567410_fix">Upgrade to a supported version of RHEL 8.</fixtext><fix id="F-32865r567410_fix" /><check system="C-32890r743912_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the version of the operating system is vendor supported.
@@ -46,7 +46,7 @@ If package updates have not been performed on the system within the timeframe th
Typical update frequency may be overridden by Information Assurance Vulnerability Alert (IAVA) notifications from CYBERCOM.
-If the operating system is in non-compliance with the Information Assurance Vulnerability Management (IAVM) process, this is a finding.</check-content></check></Rule></Group><Group id="V-230223"><title>SRG-OS-000033-GPOS-00014</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230223r627750_rule" weight="10.0" severity="high"><version>RHEL-08-010020</version><title>RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.</title><description>&lt;VulnDiscussion&gt;Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the Federal Government since this provides assurance they have been tested and validated.
+If the operating system is in non-compliance with the Information Assurance Vulnerability Management (IAVM) process, this is a finding.</check-content></check></Rule></Group><Group id="V-230223"><title>SRG-OS-000033-GPOS-00014</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230223r792855_rule" weight="10.0" severity="high"><version>RHEL-08-010020</version><title>RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.</title><description>&lt;VulnDiscussion&gt;Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the Federal Government since this provides assurance they have been tested and validated.
RHEL 8 utilizes GRUB 2 as the default bootloader. Note that GRUB 2 command-line parameters are defined in the "kernelopts" variable of the /boot/grub2/grubenv file for all kernel boot entries. The command "fips-mode-setup" modifies the "kernelopts" variable, which in turn updates all kernel boot entries.
@@ -60,19 +60,17 @@ Enable FIPS mode after installation (not strict FIPS compliant) with the followi
$ sudo fips-mode-setup --enable
-Reboot the system for the changes to take effect.</fixtext><fix id="F-32867r567416_fix" /><check system="C-32892r567415_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system implements DoD-approved encryption to protect the confidentiality of remote access sessions.
+Reboot the system for the changes to take effect.</fixtext><fix id="F-32867r567416_fix" /><check system="C-32892r792854_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system implements DoD-approved encryption to protect the confidentiality of remote access sessions.
Check to see if FIPS mode is enabled with the following command:
-$ sudo fipscheck
+$ fips-mode-setup --check
-usage: fipscheck [-s &lt;hmac-suffix&gt;] &lt;paths-to-files&gt;
+FIPS mode is enabled
-fips mode is on
+If FIPS mode is "enabled", check to see if the kernel boot parameter is configured for FIPS mode with the following command:
-If FIPS mode is "on", check to see if the kernel boot parameter is configured for FIPS mode with the following command:
-
-$ sudo grub2-editenv - list | grep fips
+$ sudo grub2-editenv list | grep fips
kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
@@ -480,21 +478,7 @@ $ sudo yum list installed policycoreutils
policycoreutils.x86_64 2.9-3.el8 @anaconda
-If the policycoreutils package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-230242"><title>SRG-OS-000138-GPOS-00069</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230242r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010180</version><title>All RHEL 8 public directories must be owned by root or a system account to prevent unauthorized and unintended information transferred via shared system resources.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
-
-This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DoD or other government agencies.
-
-There may be shared resources with configurable protections (e.g., files in storage) that may be assessed on specific information system components.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-32886r567473_fix">Configure all public directories to be owned by root or a system account to prevent unauthorized and unintended information transferred via shared system resources.
-
-Set the owner of all public directories as root or a system account using the command, replace "[Public Directory]" with any directory path not owned by root or a system account:
-
-$ sudo chown root [Public Directory]</fixtext><fix id="F-32886r567473_fix" /><check system="C-32911r567472_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Check to see that all public directories are owned by root or a system account with the following command:
-
-$ sudo find / -type d -perm -0002 -exec ls -lLd {} \;
-
-drwxrwxrwxt 7 root root 4096 Jul 26 11:19 /tmp
-
-If any of the returned directories are not owned by root or a system account, this is a finding.</check-content></check></Rule></Group><Group id="V-230243"><title>SRG-OS-000138-GPOS-00069</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230243r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010190</version><title>A sticky bit must be set on all RHEL 8 public directories to prevent unauthorized and unintended information transferred via shared system resources.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
+If the policycoreutils package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-230243"><title>SRG-OS-000138-GPOS-00069</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230243r792857_rule" weight="10.0" severity="medium"><version>RHEL-08-010190</version><title>A sticky bit must be set on all RHEL 8 public directories to prevent unauthorized and unintended information transferred via shared system resources.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DoD or other government agencies.
@@ -502,13 +486,13 @@ There may be shared resources with configurable protections (e.g., files in stor
Set the sticky bit on all world-writable directories using the command, replace "[World-Writable Directory]" with any directory path missing the sticky bit:
-$ sudo chmod 1777 [World-Writable Directory]</fixtext><fix id="F-32887r567476_fix" /><check system="C-32912r567475_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that all world-writable directories have the sticky bit set.
+$ sudo chmod 1777 [World-Writable Directory]</fixtext><fix id="F-32887r567476_fix" /><check system="C-32912r792856_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that all world-writable directories have the sticky bit set.
Check to see that all world-writable directories have the sticky bit set by running the following command:
$ sudo find / -type d \( -perm -0002 -a ! -perm -1000 \) -print 2&gt;/dev/null
-drwxrwxrwxt 7 root root 4096 Jul 26 11:19 /tmp
+drwxrwxrwt 7 root root 4096 Jul 26 11:19 /tmp
If any of the returned directories are world-writable and do not have the sticky bit set, this is a finding.</check-content></check></Rule></Group><Group id="V-230244"><title>SRG-OS-000163-GPOS-00072</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230244r743934_rule" weight="10.0" severity="medium"><version>RHEL-08-010200</version><title>RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.</title><description>&lt;VulnDiscussion&gt;Terminating an idle SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle SSH session will also free up resources committed by the managed network element.
@@ -695,7 +679,7 @@ $ sudo grep -i MinProtocol /etc/crypto-policies/back-ends/opensslcnf.config
MinProtocol = TLSv1.2
-If the "MinProtocol" is set to anything older than "TLSv1.2", this is a finding.</check-content></check></Rule></Group><Group id="V-230256"><title>SRG-OS-000250-GPOS-00093</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230256r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010295</version><title>The RHEL 8 operating system must implement DoD-approved TLS encryption in the GnuTLS package.</title><description>&lt;VulnDiscussion&gt;Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
+If the "MinProtocol" is set to anything older than "TLSv1.2", this is a finding.</check-content></check></Rule></Group><Group id="V-230256"><title>SRG-OS-000250-GPOS-00093</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230256r792859_rule" weight="10.0" severity="medium"><version>RHEL-08-010295</version><title>The RHEL 8 operating system must implement DoD-approved TLS encryption in the GnuTLS package.</title><description>&lt;VulnDiscussion&gt;Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
Transport Layer Security (TLS) encryption is a required security setting as a number of known vulnerabilities have been reported against Secure Sockets Layer (SSL) and earlier versions of TLS. Encryption of private information is essential to ensuring data confidentiality. If private information is not encrypted, it can be intercepted and easily read by an unauthorized party. SQL Server must use a minimum of FIPS 140-2-approved TLS version 1.2, and all non-FIPS-approved SSL and TLS versions must be disabled. NIST SP 800-52 specifies the preferred configurations for government systems.
@@ -707,21 +691,21 @@ Satisfies: SRG-OS-000250-GPOS-00093, SRG-OS-000423-GPOS-00187&lt;/VulnDiscussion
+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0
-A reboot is required for the changes to take effect.</fixtext><fix id="F-32900r567515_fix" /><check system="C-32925r567514_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the GnuTLS library is configured to only allow DoD-approved SSL/TLS Versions:
+A reboot is required for the changes to take effect.</fixtext><fix id="F-32900r567515_fix" /><check system="C-32925r792858_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the GnuTLS library is configured to only allow DoD-approved SSL/TLS Versions:
$ sudo grep -io +vers.* /etc/crypto-policies/back-ends/gnutls.config
+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0:+COMP-NULL:%PROFILE_MEDIUM
-If the "gnutls.config" does not list "-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:VERS-DTLS1.0" to disable unapproved SSL/TLS versions, this is a finding.</check-content></check></Rule></Group><Group id="V-230257"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230257r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010300</version><title>RHEL 8 system commands must have mode 0755 or less permissive.</title><description>&lt;VulnDiscussion&gt;If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If the "gnutls.config" does not list "-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0" to disable unapproved SSL/TLS versions, this is a finding.</check-content></check></Rule></Group><Group id="V-230257"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230257r792862_rule" weight="10.0" severity="medium"><version>RHEL-08-010300</version><title>RHEL 8 system commands must have mode 755 or less permissive.</title><description>&lt;VulnDiscussion&gt;If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
-This requirement applies to RHEL 8 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges. Only qualified and authorized individuals will be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-32901r567518_fix">Configure the system commands to be protected from unauthorized access.
+This requirement applies to RHEL 8 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges. Only qualified and authorized individuals will be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-32901r792861_fix">Configure the system commands to be protected from unauthorized access.
-Run the following command, replacing "[FILE]" with any system command with a mode more permissive than "0755".
+Run the following command, replacing "[FILE]" with any system command with a mode more permissive than "755".
-$ sudo chmod 0755 [FILE]</fixtext><fix id="F-32901r567518_fix" /><check system="C-32926r567517_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system commands contained in the following directories have mode "0755" or less permissive with the following command:
+$ sudo chmod 755 [FILE]</fixtext><fix id="F-32901r792861_fix" /><check system="C-32926r792860_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system commands contained in the following directories have mode "755" or less permissive with the following command:
-$ sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin -perm /0022 -exec ls -l {} \;
+$ sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin -perm /022 -exec ls -l {} \;
If any system commands are found to be group-writable or world-writable, this is a finding.</check-content></check></Rule></Group><Group id="V-230258"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230258r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010310</version><title>RHEL 8 system commands must be owned by root.</title><description>&lt;VulnDiscussion&gt;If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
@@ -733,23 +717,23 @@ $ sudo chown root [FILE]</fixtext><fix id="F-32902r567521_fix" /><check system="
$ sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -user root -exec ls -l {} \;
-If any system commands are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230259"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230259r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010320</version><title>RHEL 8 system commands must be group-owned by root or a system account.</title><description>&lt;VulnDiscussion&gt;If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If any system commands are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230259"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230259r792864_rule" weight="10.0" severity="medium"><version>RHEL-08-010320</version><title>RHEL 8 system commands must be group-owned by root or a system account.</title><description>&lt;VulnDiscussion&gt;If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
This requirement applies to RHEL 8 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges. Only qualified and authorized individuals will be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-32903r567524_fix">Configure the system commands to be protected from unauthorized access.
Run the following command, replacing "[FILE]" with any system command file not group-owned by "root" or a required system account.
-$ sudo chgrp root [FILE]</fixtext><fix id="F-32903r567524_fix" /><check system="C-32928r567523_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system commands contained in the following directories are group-owned by "root" with the following command:
+$ sudo chgrp root [FILE]</fixtext><fix id="F-32903r567524_fix" /><check system="C-32928r792863_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system commands contained in the following directories are group-owned by "root", or a required system account, with the following command:
$ sudo find -L /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin ! -group root -exec ls -l {} \;
-If any system commands are returned and is not owned by a required system account, this is a finding.</check-content></check></Rule></Group><Group id="V-230260"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230260r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010330</version><title>RHEL 8 library files must have mode 0755 or less permissive.</title><description>&lt;VulnDiscussion&gt;If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+If any system commands are returned and is not group-owned by a required system account, this is a finding.</check-content></check></Rule></Group><Group id="V-230260"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230260r792867_rule" weight="10.0" severity="medium"><version>RHEL-08-010330</version><title>RHEL 8 library files must have mode 755 or less permissive.</title><description>&lt;VulnDiscussion&gt;If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
-This requirement applies to RHEL 8 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges. Only qualified and authorized individuals will be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-32904r567527_fix">Configure the library files to be protected from unauthorized access. Run the following command, replacing "[FILE]" with any library file with a mode more permissive than 0755.
+This requirement applies to RHEL 8 with software libraries that are accessible and configurable, as in the case of interpreted languages. Software libraries also include privileged programs that execute with escalated privileges. Only qualified and authorized individuals will be allowed to obtain access to information system components for purposes of initiating changes, including upgrades and modifications.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001499</ident><fixtext fixref="F-32904r792866_fix">Configure the library files to be protected from unauthorized access. Run the following command, replacing "[FILE]" with any library file with a mode more permissive than 755.
-$ sudo chmod 0755 [FILE]</fixtext><fix id="F-32904r567527_fix" /><check system="C-32929r567526_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system-wide shared library files contained in the following directories have mode "0755" or less permissive with the following command:
+$ sudo chmod 755 [FILE]</fixtext><fix id="F-32904r792866_fix" /><check system="C-32929r792865_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system-wide shared library files contained in the following directories have mode "755" or less permissive with the following command:
-$ sudo find -L /lib /lib64 /usr/lib /usr/lib64 -perm /0022 -type f -exec ls -l {} \;
+$ sudo find -L /lib /lib64 /usr/lib /usr/lib64 -perm /022 -type f -exec ls -l {} \;
If any system-wide shared library file is found to be group-writable or world-writable, this is a finding.</check-content></check></Rule></Group><Group id="V-230261"><title>SRG-OS-000259-GPOS-00100</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230261r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010340</version><title>RHEL 8 library files must be owned by root.</title><description>&lt;VulnDiscussion&gt;If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
@@ -850,19 +834,28 @@ $ sudo grep -i localpkg_gpgcheck /etc/dnf/dnf.conf
localpkg_gpgcheck =True
-If "localpkg_gpgcheck" is not set to either "1", "True", or "yes", commented out, or is missing from "/etc/dnf/dnf.conf", this is a finding.</check-content></check></Rule></Group><Group id="V-230266"><title>SRG-OS-000366-GPOS-00153</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230266r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010372</version><title>RHEL 8 must prevent the loading of a new kernel for later execution.</title><description>&lt;VulnDiscussion&gt;Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
+If "localpkg_gpgcheck" is not set to either "1", "True", or "yes", commented out, or is missing from "/etc/dnf/dnf.conf", this is a finding.</check-content></check></Rule></Group><Group id="V-230266"><title>SRG-OS-000366-GPOS-00153</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230266r792870_rule" weight="10.0" severity="medium"><version>RHEL-08-010372</version><title>RHEL 8 must prevent the loading of a new kernel for later execution.</title><description>&lt;VulnDiscussion&gt;Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
-Disabling kexec_load prevents an unsigned kernel image (that could be a windows kernel or modified vulnerable kernel) from being loaded. Kexec can be used subvert the entire secureboot process and should be avoided at all costs especially since it can load unsigned kernel images.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001749</ident><fixtext fixref="F-32910r567545_fix">Configure the operating system to disable kernel image loading.
+Disabling kexec_load prevents an unsigned kernel image (that could be a windows kernel or modified vulnerable kernel) from being loaded. Kexec can be used subvert the entire secureboot process and should be avoided at all costs especially since it can load unsigned kernel images.
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001749</ident><fixtext fixref="F-32910r792869_fix">Configure the operating system to disable kernel image loading.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
kernel.kexec_load_disabled = 1
Load settings from all system configuration files with the following command:
-$ sudo sysctl --system</fixtext><fix id="F-32910r567545_fix" /><check system="C-32935r567544_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to disable kernel image loading with the following commands:
+$ sudo sysctl --system</fixtext><fix id="F-32910r792869_fix" /><check system="C-32935r792868_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to disable kernel image loading with the following commands:
-Check the status of the kernel.kexec_load_disabled kernel parameter
+Check the status of the kernel.kexec_load_disabled kernel parameter.
$ sudo sysctl kernel.kexec_load_disabled
@@ -870,29 +863,41 @@ kernel.kexec_load_disabled = 1
If "kernel.kexec_load_disabled" is not set to "1" or is missing, this is a finding.
-Check that the configuration files are present to enable this kernel parameter
+Check that the configuration files are present to enable this kernel parameter.
-$ sudo grep -r kernel.kexec_load_disabled /etc/sysctl.conf /etc/sysctl.d/*.conf
+$ sudo grep -r kernel.kexec_load_disabled /etc/sysctl.d/*.conf
/etc/sysctl.d/99-sysctl.conf:kernel.kexec_load_disabled = 1
-If "kernel.kexec_load_disabled" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230267"><title>SRG-OS-000312-GPOS-00122</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230267r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010373</version><title>RHEL 8 must enable kernel parameters to enforce discretionary access control on symlinks.</title><description>&lt;VulnDiscussion&gt;Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
+If "kernel.kexec_load_disabled" is not set to "1", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230267"><title>SRG-OS-000312-GPOS-00122</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230267r792873_rule" weight="10.0" severity="medium"><version>RHEL-08-010373</version><title>RHEL 8 must enable kernel parameters to enforce discretionary access control on symlinks.</title><description>&lt;VulnDiscussion&gt;Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
When discretionary access control policies are implemented, subjects are not constrained with regard to what actions they can take with information for which they have already been granted access. Thus, subjects that have been granted access to information are not prevented from passing (i.e., the subjects have the discretion to pass) the information to other subjects or objects. A subject that is constrained in its operation by Mandatory Access Control policies is still able to operate under the less rigorous constraints of this requirement. Thus, while Mandatory Access Control imposes constraints preventing a subject from passing information to another subject operating at a different sensitivity level, this requirement permits the subject to pass the information to any subject at the same sensitivity level. The policy is bounded by the information system boundary. Once the information is passed outside the control of the information system, additional means may be required to ensure the constraints remain in effect. While the older, more traditional definitions of discretionary access control require identity-based access control, that limitation is not required for this use of discretionary access control.
By enabling the fs.protected_symlinks kernel parameter, symbolic links are permitted to be followed only when outside a sticky world-writable directory, or when the UID of the link and follower match, or when the directory owner matches the symlink's owner. Disallowing such symlinks helps mitigate vulnerabilities based on insecure file system accessed by privileged programs, avoiding an exploitation vector exploiting unsafe use of open() or creat().
-Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002165</ident><fixtext fixref="F-32911r567548_fix">Configure the operating system to enable DAC on symlinks.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002165</ident><fixtext fixref="F-32911r792872_fix">Configure the operating system to enable DAC on symlinks.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
fs.protected_symlinks = 1
Load settings from all system configuration files with the following command:
-$ sudo sysctl --system</fixtext><fix id="F-32911r567548_fix" /><check system="C-32936r567547_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to enable DAC on symlinks with the following commands:
+$ sudo sysctl --system</fixtext><fix id="F-32911r792872_fix" /><check system="C-32936r792871_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to enable DAC on symlinks with the following commands:
-Check the status of the fs.protected_symlinks kernel parameter
+Check the status of the fs.protected_symlinks kernel parameter.
$ sudo sysctl fs.protected_symlinks
@@ -900,103 +905,141 @@ fs.protected_symlinks = 1
If "fs.protected_symlinks" is not set to "1" or is missing, this is a finding.
-Check that the configuration files are present to enable this kernel parameter
+Check that the configuration files are present to enable this kernel parameter.
-$ sudo grep -r fs.protected_symlinks /etc/sysctl.conf /etc/sysctl.d/*.conf
+$ sudo grep -r fs.protected_symlinks /etc/sysctl.d/*.conf
/etc/sysctl.d/99-sysctl.conf:fs.protected_symlinks = 1
-If "fs.protected_symlinks" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230268"><title>SRG-OS-000312-GPOS-00122</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230268r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010374</version><title>RHEL 8 must enable kernel parameters to enforce discretionary access control on hardlinks.</title><description>&lt;VulnDiscussion&gt;Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
-
-When discretionary access control policies are implemented, subjects are not constrained with regard to what actions they can take with information for which they have already been granted access. Thus, subjects that have been granted access to information are not prevented from passing (i.e., the subjects have the discretion to pass) the information to other subjects or objects. A subject that is constrained in its operation by Mandatory Access Control policies is still able to operate under the less rigorous constraints of this requirement. Thus, while Mandatory Access Control imposes constraints preventing a subject from passing information to another subject operating at a different sensitivity level, this requirement permits the subject to pass the information to any subject at the same sensitivity level. The policy is bounded by the information system boundary. Once the information is passed outside the control of the information system, additional means may be required to ensure the constraints remain in effect. While the older, more traditional definitions of discretionary access control require identity-based access control, that limitation is not required for this use of discretionary access control.
-
-By enabling the fs.protected_hardlinks kernel parameter, users can no longer create soft or hard links to files they do not own. Disallowing such hardlinks mitigate vulnerabilities based on insecure file system accessed by privileged programs, avoiding an exploitation vector exploiting unsafe use of open() or creat().
-
-Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002165</ident><fixtext fixref="F-32912r567551_fix">Configure the operating system to enable DAC on hardlinks.
+If "fs.protected_symlinks" is not set to "1", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230268"><title>SRG-OS-000312-GPOS-00122</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230268r792876_rule" weight="10.0" severity="medium"><version>RHEL-08-010374</version><title>RHEL 8 must enable kernel parameters to enforce discretionary access control on hardlinks.</title><description>&lt;VulnDiscussion&gt;Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
+
+When discretionary access control policies are implemented, subjects are not constrained with regard to what actions they can take with information for which they have already been granted access. Thus, subjects that have been granted access to information are not prevented from passing (i.e., the subjects have the discretion to pass) the information to other subjects or objects. A subject that is constrained in its operation by Mandatory Access Control policies is still able to operate under the less rigorous constraints of this requirement. Thus, while Mandatory Access Control imposes constraints preventing a subject from passing information to another subject operating at a different sensitivity level, this requirement permits the subject to pass the information to any subject at the same sensitivity level. The policy is bounded by the information system boundary. Once the information is passed outside the control of the information system, additional means may be required to ensure the constraints remain in effect. While the older, more traditional definitions of discretionary access control require identity-based access control, that limitation is not required for this use of discretionary access control.
+
+By enabling the fs.protected_hardlinks kernel parameter, users can no longer create soft or hard links to files they do not own. Disallowing such hardlinks mitigate vulnerabilities based on insecure file system accessed by privileged programs, avoiding an exploitation vector exploiting unsafe use of open() or creat().
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.
+
+Satisfies: SRG-OS-000312-GPOS-00122, SRG-OS-000312-GPOS-00123, SRG-OS-000312-GPOS-00124, SRG-OS-000324-GPOS-00125&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002165</ident><fixtext fixref="F-32912r792875_fix">Configure the operating system to enable DAC on hardlinks.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
fs.protected_hardlinks = 1
Load settings from all system configuration files with the following command:
-$ sudo sysctl --system</fixtext><fix id="F-32912r567551_fix" /><check system="C-32937r619895_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to enable DAC on hardlinks with the following commands:
-
-Check the status of the fs.protected_hardlinks kernel parameter.
-
-$ sudo sysctl fs.protected_hardlinks
-
-fs.protected_hardlinks = 1
-
-If "fs.protected_hardlinks" is not set to "1" or is missing, this is a finding.
-
-Check that the configuration files are present to enable this kernel parameter.
-
-$ sudo grep -r fs.protected_hardlinks /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf:fs.protected_hardlinks = 1
-
-If "fs.protected_hardlinks" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230269"><title>SRG-OS-000138-GPOS-00069</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230269r627750_rule" weight="10.0" severity="low"><version>RHEL-08-010375</version><title>RHEL 8 must restrict access to the kernel message buffer.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
-
-This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DoD or other government agencies.
-
-There may be shared resources with configurable protections (e.g., files in storage) that may be assessed on specific information system components.
-
-Restricting access to the kernel message buffer limits access to only root. This prevents attackers from gaining additional system information as a non-privileged user.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-32913r567554_fix">Configure the operating system to restrict access to the kernel message buffer.
+$ sudo sysctl --system</fixtext><fix id="F-32912r792875_fix" /><check system="C-32937r792874_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to enable DAC on hardlinks with the following commands:
+
+Check the status of the fs.protected_hardlinks kernel parameter.
+
+$ sudo sysctl fs.protected_hardlinks
+
+fs.protected_hardlinks = 1
+
+If "fs.protected_hardlinks" is not set to "1" or is missing, this is a finding.
+
+Check that the configuration files are present to enable this kernel parameter.
+
+$ sudo grep -r fs.protected_hardlinks /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf:fs.protected_hardlinks = 1
+
+If "fs.protected_hardlinks" is not set to "1", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230269"><title>SRG-OS-000138-GPOS-00069</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230269r792879_rule" weight="10.0" severity="low"><version>RHEL-08-010375</version><title>RHEL 8 must restrict access to the kernel message buffer.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
+
+This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DoD or other government agencies.
+
+There may be shared resources with configurable protections (e.g., files in storage) that may be assessed on specific information system components.
+
+Restricting access to the kernel message buffer limits access to only root. This prevents attackers from gaining additional system information as a non-privileged user.
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-32913r792878_fix">Configure the operating system to restrict access to the kernel message buffer.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
kernel.dmesg_restrict = 1
Load settings from all system configuration files with the following command:
-$ sudo sysctl --system</fixtext><fix id="F-32913r567554_fix" /><check system="C-32938r619897_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to restrict access to the kernel message buffer with the following commands:
-
-Check the status of the kernel.dmesg_restrict kernel parameter.
-
-$ sudo sysctl kernel.dmesg_restrict
-
-kernel.dmesg_restrict = 1
-
-If "kernel.dmesg_restrict" is not set to "1" or is missing, this is a finding.
-
-Check that the configuration files are present to enable this kernel parameter.
-
-$ sudo grep -r kernel.dmesg_restrict /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf:kernel.dmesg_restrict = 1
-
-If "kernel.dmesg_restrict" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230270"><title>SRG-OS-000138-GPOS-00069</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230270r627750_rule" weight="10.0" severity="low"><version>RHEL-08-010376</version><title>RHEL 8 must prevent kernel profiling by unprivileged users.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
-
-This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DoD or other government agencies.
-
-There may be shared resources with configurable protections (e.g., files in storage) that may be assessed on specific information system components.
-
-Setting the kernel.perf_event_paranoid kernel parameter to "2" prevents attackers from gaining additional system information as a non-privileged user.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-32914r567557_fix">Configure the operating system to prevent kernel profiling by unprivileged users.
+$ sudo sysctl --system</fixtext><fix id="F-32913r792878_fix" /><check system="C-32938r792877_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to restrict access to the kernel message buffer with the following commands:
+
+Check the status of the kernel.dmesg_restrict kernel parameter.
+
+$ sudo sysctl kernel.dmesg_restrict
+
+kernel.dmesg_restrict = 1
+
+If "kernel.dmesg_restrict" is not set to "1" or is missing, this is a finding.
+
+Check that the configuration files are present to enable this kernel parameter.
+
+$ sudo grep -r kernel.dmesg_restrict /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf:kernel.dmesg_restrict = 1
+
+If "kernel.dmesg_restrict" is not set to "1", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230270"><title>SRG-OS-000138-GPOS-00069</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230270r792882_rule" weight="10.0" severity="low"><version>RHEL-08-010376</version><title>RHEL 8 must prevent kernel profiling by unprivileged users.</title><description>&lt;VulnDiscussion&gt;Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
+
+This requirement generally applies to the design of an information technology product, but it can also apply to the configuration of particular information system components that are, or use, such products. This can be verified by acceptance/validation processes in DoD or other government agencies.
+
+There may be shared resources with configurable protections (e.g., files in storage) that may be assessed on specific information system components.
+
+Setting the kernel.perf_event_paranoid kernel parameter to "2" prevents attackers from gaining additional system information as a non-privileged user.
-Add or edit the following line in a system configuration file in the "/etc/sysctl.d/" directory:
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001090</ident><fixtext fixref="F-32914r792881_fix">Configure the operating system to prevent kernel profiling by unprivileged users.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
kernel.perf_event_paranoid = 2
Load settings from all system configuration files with the following command:
-$ sudo sysctl --system</fixtext><fix id="F-32914r567557_fix" /><check system="C-32939r619899_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to prevent kernel profiling by unprivileged users with the following commands:
-
-Check the status of the kernel.perf_event_paranoid kernel parameter.
-
-$ sudo sysctl kernel.perf_event_paranoid
-
-kernel.perf_event_paranoid = 2
-
-If "kernel.perf_event_paranoid" is not set to "2" or is missing, this is a finding.
-
-Check that the configuration files are present to enable this kernel parameter.
-
-$ sudo grep -r kernel.perf_event_paranoid /etc/sysctl.conf /etc/sysctl.d/*.conf
-
-/etc/sysctl.d/99-sysctl.conf:kernel.perf_event_paranoid = 2
-
-If "kernel.perf_event_paranoid" is not set to "2", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230271"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230271r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010380</version><title>RHEL 8 must require users to provide a password for privilege escalation.</title><description>&lt;VulnDiscussion&gt;Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
+$ sudo sysctl --system</fixtext><fix id="F-32914r792881_fix" /><check system="C-32939r792880_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system is configured to prevent kernel profiling by unprivileged users with the following commands:
+
+Check the status of the kernel.perf_event_paranoid kernel parameter.
+
+$ sudo sysctl kernel.perf_event_paranoid
+
+kernel.perf_event_paranoid = 2
+
+If "kernel.perf_event_paranoid" is not set to "2" or is missing, this is a finding.
+
+Check that the configuration files are present to enable this kernel parameter.
+
+$ sudo grep -r kernel.perf_event_paranoid /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf:kernel.perf_event_paranoid = 2
+
+If "kernel.perf_event_paranoid" is not set to "2", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230271"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230271r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010380</version><title>RHEL 8 must require users to provide a password for privilege escalation.</title><description>&lt;VulnDiscussion&gt;Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate.
@@ -1093,7 +1136,7 @@ If "dmesg" does not show "NX (Execute Disable) protection" active, check the cpu
$ sudo less /proc/cpuinfo | grep -i flags
flags : fpu vme de pse tsc ms nx rdtscp lm constant_tsc
-If "flags" does not contain the "nx" flag, this is a finding.</check-content></check></Rule></Group><Group id="V-230277"><title>SRG-OS-000134-GPOS-00068</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230277r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010421</version><title>RHEL 8 must clear the page allocator to prevent use-after-free attacks.</title><description>&lt;VulnDiscussion&gt;Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
+If "flags" does not contain the "nx" flag, this is a finding.</check-content></check></Rule></Group><Group id="V-230277"><title>SRG-OS-000134-GPOS-00068</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230277r792884_rule" weight="10.0" severity="medium"><version>RHEL-08-010421</version><title>RHEL 8 must clear the page allocator to prevent use-after-free attacks.</title><description>&lt;VulnDiscussion&gt;Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
Poisoning writes an arbitrary value to freed pages, so any modification or reference to that page after being freed or before being initialized will be detected and prevented. This prevents many types of use-after-free vulnerabilities at little performance cost. Also prevents leak of data and detection of corrupted memory.
@@ -1103,11 +1146,11 @@ $ sudo grubby --update-kernel=ALL --args="page_poison=1"
Add or modify the following line in "/etc/default/grub" to ensure the configuration survives kernel updates:
-GRUB_CMDLINE_LINUX="page_poison=1"</fixtext><fix id="F-32921r567578_fix" /><check system="C-32946r567577_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that GRUB 2 is configured to enable page poisoning to mitigate use-after-free vulnerabilities with the following commands:
+GRUB_CMDLINE_LINUX="page_poison=1"</fixtext><fix id="F-32921r567578_fix" /><check system="C-32946r792883_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that GRUB 2 is configured to enable page poisoning to mitigate use-after-free vulnerabilities with the following commands:
Check that the current GRUB 2 configuration has page poisoning enabled:
-$ sudo grub2-editenv - list | grep page_poison
+$ sudo grub2-editenv list | grep page_poison
kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 page_poison=1 vsyscall=none audit=1 audit_backlog_limit=8192 boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
@@ -1119,7 +1162,7 @@ $ sudo grep page_poison /etc/default/grub
GRUB_CMDLINE_LINUX="page_poison=1"
-If "page_poison" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230278"><title>SRG-OS-000134-GPOS-00068</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230278r743948_rule" weight="10.0" severity="medium"><version>RHEL-08-010422</version><title>RHEL 8 must disable virtual syscalls.</title><description>&lt;VulnDiscussion&gt;Syscalls are special routines in the Linux kernel, which userspace applications ask to do privileged tasks. Invoking a system call is an expensive operation because the processor must interrupt the currently executing task and switch context to kernel mode and then back to userspace after the system call completes. Virtual Syscalls map into user space a page that contains some variables and the implementation of some system calls. This allows the system calls to be executed in userspace to alleviate the context switching expense.
+If "page_poison" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230278"><title>SRG-OS-000134-GPOS-00068</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230278r792886_rule" weight="10.0" severity="medium"><version>RHEL-08-010422</version><title>RHEL 8 must disable virtual syscalls.</title><description>&lt;VulnDiscussion&gt;Syscalls are special routines in the Linux kernel, which userspace applications ask to do privileged tasks. Invoking a system call is an expensive operation because the processor must interrupt the currently executing task and switch context to kernel mode and then back to userspace after the system call completes. Virtual Syscalls map into user space a page that contains some variables and the implementation of some system calls. This allows the system calls to be executed in userspace to alleviate the context switching expense.
Virtual Syscalls provide an opportunity of attack for a user who has control of the return instruction pointer. Disabling vsyscalls help to prevent return oriented programming (ROP) attacks via buffer overflows and overruns. If the system intends to run containers based on RHEL 6 components, then virtual syscalls will need enabled so the components function properly.
@@ -1129,11 +1172,11 @@ $ sudo grubby --update-kernel=ALL --args="vsyscall=none"
Add or modify the following line in "/etc/default/grub" to ensure the configuration survives kernel updates:
-GRUB_CMDLINE_LINUX="vsyscall=none"</fixtext><fix id="F-32922r743947_fix" /><check system="C-32947r743946_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that GRUB 2 is configured to disable vsyscalls with the following commands:
+GRUB_CMDLINE_LINUX="vsyscall=none"</fixtext><fix id="F-32922r743947_fix" /><check system="C-32947r792885_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that GRUB 2 is configured to disable vsyscalls with the following commands:
Check that the current GRUB 2 configuration disables vsyscalls:
-$ sudo grub2-editenv - list | grep vsyscall
+$ sudo grub2-editenv list | grep vsyscall
kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 page_poison=1 vsyscall=none audit=1 audit_backlog_limit=8192 boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
@@ -1145,7 +1188,7 @@ $ sudo grep vsyscall /etc/default/grub
GRUB_CMDLINE_LINUX="vsyscall=none"
-If "vsyscall" is not set to "none", is missing or commented out and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230279"><title>SRG-OS-000134-GPOS-00068</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230279r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010423</version><title>RHEL 8 must clear SLUB/SLAB objects to prevent use-after-free attacks.</title><description>&lt;VulnDiscussion&gt;Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
+If "vsyscall" is not set to "none", is missing or commented out and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230279"><title>SRG-OS-000134-GPOS-00068</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230279r792888_rule" weight="10.0" severity="medium"><version>RHEL-08-010423</version><title>RHEL 8 must clear SLUB/SLAB objects to prevent use-after-free attacks.</title><description>&lt;VulnDiscussion&gt;Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
Poisoning writes an arbitrary value to freed pages, so any modification or reference to that page after being freed or before being initialized will be detected and prevented. This prevents many types of use-after-free vulnerabilities at little performance cost. Also prevents leak of data and detection of corrupted memory.
@@ -1157,11 +1200,11 @@ $ sudo grubby --update-kernel=ALL --args="slub_debug=P"
Add or modify the following line in "/etc/default/grub" to ensure the configuration survives kernel updates:
-GRUB_CMDLINE_LINUX="slub_debug=P"</fixtext><fix id="F-32923r567584_fix" /><check system="C-32948r567583_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that GRUB 2 is configured to enable poisoning of SLUB/SLAB objects to mitigate use-after-free vulnerabilities with the following commands:
+GRUB_CMDLINE_LINUX="slub_debug=P"</fixtext><fix id="F-32923r567584_fix" /><check system="C-32948r792887_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that GRUB 2 is configured to enable poisoning of SLUB/SLAB objects to mitigate use-after-free vulnerabilities with the following commands:
Check that the current GRUB 2 configuration has poisoning of SLUB/SLAB objects enabled:
-$ sudo grub2-editenv - list | grep slub_debug
+$ sudo grub2-editenv list | grep slub_debug
kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 slub_debug=P page_poison=1 vsyscall=none audit=1 audit_backlog_limit=8192 boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
@@ -1173,29 +1216,43 @@ $ sudo grep slub_debug /etc/default/grub
GRUB_CMDLINE_LINUX="slub_debug=P"
-If "slub_debug" is not set to "P", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230280"><title>SRG-OS-000433-GPOS-00193</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230280r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010430</version><title>RHEL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.</title><description>&lt;VulnDiscussion&gt;Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
+If "slub_debug" is not set to "P", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230280"><title>SRG-OS-000433-GPOS-00193</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230280r792891_rule" weight="10.0" severity="medium"><version>RHEL-08-010430</version><title>RHEL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.</title><description>&lt;VulnDiscussion&gt;Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
+
+Examples of attacks are buffer overflow attacks.
-Examples of attacks are buffer overflow attacks.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002824</ident><fixtext fixref="F-32924r567587_fix">Configure the operating system to implement virtual address space randomization.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
-Set the system to the required kernel parameter by adding the following line to "/etc/sysctl.d/*.conf"(or modify the line to have the required value):
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002824</ident><fixtext fixref="F-32924r792890_fix">Configure the operating system to implement virtual address space randomization.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
kernel.randomize_va_space=2
Issue the following command to make the changes take effect:
-$ sudo sysctl --system</fixtext><fix id="F-32924r567587_fix" /><check system="C-32949r567586_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 implements ASLR with the following command:
+$ sudo sysctl --system</fixtext><fix id="F-32924r792890_fix" /><check system="C-32949r792889_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 implements ASLR with the following command:
$ sudo sysctl kernel.randomize_va_space
kernel.randomize_va_space = 2
-If nothing is returned, verify the kernel parameter "randomize_va_space" is set to "2" with the following command:
+If "kernel.randomize_va_space" is not set to "2", this is a finding.
+
+Check that the configuration files are present to enable this kernel parameter.
+
+$ sudo grep -r kernel.randomize_va_space /etc/sysctl.d/*.conf
-$ sudo cat /proc/sys/kernel/randomize_va_space
+/etc/sysctl.d/99-sysctl.conf:kernel.randomize_va_space = 2
-2
+If "kernel.randomize_va_space" is not set to "2", is missing or commented out, this is a finding.
-If "kernel.randomize_va_space" is not set to "2", this is a finding.</check-content></check></Rule></Group><Group id="V-230281"><title>SRG-OS-000437-GPOS-00194</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230281r627750_rule" weight="10.0" severity="low"><version>RHEL-08-010440</version><title>YUM must remove all software components after updated versions have been installed on RHEL 8.</title><description>&lt;VulnDiscussion&gt;Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002617</ident><fixtext fixref="F-32925r567590_fix">Configure the operating system to remove all software components after updated versions have been installed.
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230281"><title>SRG-OS-000437-GPOS-00194</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230281r627750_rule" weight="10.0" severity="low"><version>RHEL-08-010440</version><title>YUM must remove all software components after updated versions have been installed on RHEL 8.</title><description>&lt;VulnDiscussion&gt;Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-002617</ident><fixtext fixref="F-32925r567590_fix">Configure the operating system to remove all software components after updated versions have been installed.
Set the "clean_requirements_on_remove" option to "True" in the "/etc/dnf/dnf.conf" file:
@@ -1545,19 +1602,41 @@ Main PID: 1130 (code=exited, status=0/SUCCESS)
If the "kdump" service is active, ask the System Administrator if the use of the service is required and documented with the Information System Security Officer (ISSO).
-If the service is active and is not documented, this is a finding.</check-content></check></Rule></Group><Group id="V-230311"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230311r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010671</version><title>RHEL 8 must disable the kernel.core_pattern.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-32955r567680_fix">Configure RHEL 8 to disable storing core dumps by adding the following line to a file in the "/etc/sysctl.d" directory:
+If the service is active and is not documented, this is a finding.</check-content></check></Rule></Group><Group id="V-230311"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230311r792894_rule" weight="10.0" severity="medium"><version>RHEL-08-010671</version><title>RHEL 8 must disable the kernel.core_pattern.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-32955r792893_fix">Configure RHEL 8 to disable storing core dumps.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
kernel.core_pattern = |/bin/false
The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
-$ sudo sysctl --system</fixtext><fix id="F-32955r567680_fix" /><check system="C-32980r567679_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 disables storing core dumps with the following commands:
+$ sudo sysctl --system</fixtext><fix id="F-32955r792893_fix" /><check system="C-32980r792892_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 disables storing core dumps with the following commands:
$ sudo sysctl kernel.core_pattern
kernel.core_pattern = |/bin/false
-If the returned line does not have a value of "|/bin/false", or a line is not returned and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230312"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230312r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010672</version><title>RHEL 8 must disable acquiring, saving, and processing core dumps.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If the returned line does not have a value of "|/bin/false", or a line is not returned and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
+
+Check that the configuration files are present to enable this kernel parameter.
+
+$ sudo grep -r kernel.core_pattern /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf:kernel.core_pattern = |/bin/false
+
+If "kernel.core_pattern" is not set to "|/bin/false", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230312"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230312r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010672</version><title>RHEL 8 must disable acquiring, saving, and processing core dumps.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.
@@ -1646,14 +1725,13 @@ $ sudo grep nameserver /etc/resolv.conf
nameserver 192.168.1.2
nameserver 192.168.1.3
-If less than two lines are returned that are not commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230317"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230317r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-010690</version><title>Executable search paths within the initialization files of all local interactive RHEL 8 users must only contain paths that resolve to the system default or the users home directory.</title><description>&lt;VulnDiscussion&gt;The executable search path (typically the PATH environment variable) contains a list of directories for the shell to search to find executables. If this path includes the current working directory (other than the user's home directory), executables in these directories may be executed instead of system commands. This variable is formatted as a colon-separated list of directories. If there is an empty entry, such as a leading or trailing colon or two consecutive colons, this is interpreted as the current working directory. If deviations from the default system search path for the local interactive user are required, they must be documented with the Information System Security Officer (ISSO).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-32961r567698_fix">Edit the local interactive user initialization files to change any PATH variable statements that reference directories other than their home directory.
+If less than two lines are returned that are not commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230317"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230317r792896_rule" weight="10.0" severity="medium"><version>RHEL-08-010690</version><title>Executable search paths within the initialization files of all local interactive RHEL 8 users must only contain paths that resolve to the system default or the users home directory.</title><description>&lt;VulnDiscussion&gt;The executable search path (typically the PATH environment variable) contains a list of directories for the shell to search to find executables. If this path includes the current working directory (other than the user's home directory), executables in these directories may be executed instead of system commands. This variable is formatted as a colon-separated list of directories. If there is an empty entry, such as a leading or trailing colon or two consecutive colons, this is interpreted as the current working directory. If deviations from the default system search path for the local interactive user are required, they must be documented with the Information System Security Officer (ISSO).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-32961r567698_fix">Edit the local interactive user initialization files to change any PATH variable statements that reference directories other than their home directory.
-If a local interactive user requires path variables to reference a directory owned by the application, it must be documented with the ISSO.</fixtext><fix id="F-32961r567698_fix" /><check system="C-32986r567697_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that all local interactive user initialization file executable search path statements do not contain statements that will reference a working directory other than user home directories with the following commands:
+If a local interactive user requires path variables to reference a directory owned by the application, it must be documented with the ISSO.</fixtext><fix id="F-32961r567698_fix" /><check system="C-32986r792895_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that all local interactive user initialization file executable search path statements do not contain statements that will reference a working directory other than user home directories with the following commands:
-$ sudo grep -i path /home/*/.*
+$ sudo grep -i path= /home/*/.*
/home/[localinteractiveuser]/.bash_profile:PATH=$PATH:$HOME/.local/bin:$HOME/bin
-/home/[localinteractiveuser]/.bash_profile:export PATH
If any local interactive user initialization files have executable search path statements that include directories outside of their home directory and is not documented with the ISSO as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230318"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230318r743960_rule" weight="10.0" severity="medium"><version>RHEL-08-010700</version><title>All RHEL 8 world-writable directories must be owned by root, sys, bin, or an application user.</title><description>&lt;VulnDiscussion&gt;If a world-writable directory is not owned by root, sys, bin, or an application User Identifier (UID), unauthorized users may be able to modify files created by others.
@@ -2309,27 +2387,27 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011&lt;/VulnDiscussion
$ sudo grep -i tmux /etc/shells
-If any output is produced, this is a finding.</check-content></check></Rule></Group><Group id="V-230351"><title>SRG-OS-000028-GPOS-00009</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230351r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-020050</version><title>RHEL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.</title><description>&lt;VulnDiscussion&gt;A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
-
-The session lock is implemented at the point where session activity can be determined. Rather than be forced to wait for a period of time to expire before the user session can be locked, RHEL 8 needs to provide users with the ability to manually invoke a session lock so users can secure their session if it is necessary to temporarily vacate the immediate physical vicinity.
-
-Tmux is a terminal multiplexer that enables a number of terminals to be created, accessed, and controlled from a single screen. Red Hat endorses tmux as the recommended session controlling package.
-
-Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000056</ident><fixtext fixref="F-32995r619869_fix">Configure the operating system to enable a user's session lock until that user re-establishes access using established identification and authentication procedures.
-
-Select/Create an authselect profile and incorporate the "with-smartcard-lock-on-removal" feature with the following example:
-
-$ sudo authselect select sssd with-smartcard with-smartcard-lock-on-removal
-
-Alternatively, the dconf settings can be edited in the /etc/dconf/db/* location.
-
-Edit or add the "[org/gnome/settings-daemon/peripherals/smartcard]" section of the database file and add or update the following lines:
-
-removal-action='lock-screen'
-
-Update the system databases:
-
-$ sudo dconf update</fixtext><fix id="F-32995r619869_fix" /><check system="C-33020r567799_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system enables a user's session lock until that user re-establishes access using established identification and authentication procedures with the following command:
+If any output is produced, this is a finding.</check-content></check></Rule></Group><Group id="V-230351"><title>SRG-OS-000028-GPOS-00009</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230351r792899_rule" weight="10.0" severity="medium"><version>RHEL-08-020050</version><title>RHEL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed.</title><description>&lt;VulnDiscussion&gt;A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
+
+The session lock is implemented at the point where session activity can be determined. Rather than be forced to wait for a period of time to expire before the user session can be locked, RHEL 8 needs to provide users with the ability to manually invoke a session lock so users can secure their session if it is necessary to temporarily vacate the immediate physical vicinity.
+
+Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000056</ident><fixtext fixref="F-32995r792898_fix">Configure the operating system to enable a user's session lock until that user re-establishes access using established identification and authentication procedures.
+
+Select/Create an authselect profile and incorporate the "with-smartcard-lock-on-removal" feature with the following example:
+
+$ sudo authselect select sssd with-smartcard with-smartcard-lock-on-removal
+
+Alternatively, the dconf settings can be edited in the /etc/dconf/db/* location.
+
+Edit or add the "[org/gnome/settings-daemon/peripherals/smartcard]" section of the database file and add or update the following lines:
+
+removal-action='lock-screen'
+
+Update the system databases:
+
+$ sudo dconf update</fixtext><fix id="F-32995r792898_fix" /><check system="C-33020r792897_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system enables a user's session lock until that user re-establishes access using established identification and authentication procedures with the following command:
+
+This requirement assumes the use of the RHEL 8 default graphical user interface, Gnome Shell. If the system does not have any graphical user interface installed, this requirement is Not Applicable.
$ sudo grep -R removal-action /etc/dconf/db/*
@@ -2875,22 +2953,24 @@ Note: The example is for a system that is configured to create users home direct
# grep -i umask /home/*/.*
-If any local interactive user initialization files are found to have a umask statement that has a value less restrictive than "077", this is a finding.</check-content></check></Rule></Group><Group id="V-230385"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230385r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-020353</version><title>RHEL 8 must define default permissions for logon and non-logon shells.</title><description>&lt;VulnDiscussion&gt;The umask controls the default access mode assigned to newly created files. A umask of 077 limits new files to mode 600 or less permissive. Although umask can be represented as a four-digit number, the first digit representing special access modes is typically ignored or required to be "0". This requirement applies to the globally configured system defaults and the local interactive user defaults for each account on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33029r567902_fix">Configure the operating system to define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
+If any local interactive user initialization files are found to have a umask statement that has a value less restrictive than "077", this is a finding.</check-content></check></Rule></Group><Group id="V-230385"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230385r792902_rule" weight="10.0" severity="medium"><version>RHEL-08-020353</version><title>RHEL 8 must define default permissions for logon and non-logon shells.</title><description>&lt;VulnDiscussion&gt;The umask controls the default access mode assigned to newly created files. A umask of 077 limits new files to mode 600 or less permissive. Although umask can be represented as a four-digit number, the first digit representing special access modes is typically ignored or required to be "0". This requirement applies to the globally configured system defaults and the local interactive user defaults for each account on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33029r792901_fix">Configure the operating system to define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
-Add or edit the lines for the "UMASK" parameter in the "/etc/bashrc" and "etc/csh.cshrc" files to "077":
+Add or edit the lines for the "UMASK" parameter in the "/etc/bashrc", "/etc/csh.cshrc" and "/etc/profile"files to "077":
-UMASK 077</fixtext><fix id="F-33029r567902_fix" /><check system="C-33054r567901_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that the umask default for installed shells is "077".
+UMASK 077</fixtext><fix id="F-33029r792901_fix" /><check system="C-33054r792900_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify that the umask default for installed shells is "077".
-Check for the value of the "UMASK" parameter in the "/etc/bashrc" and "/etc/csh.cshrc" files with the following command:
+Check for the value of the "UMASK" parameter in the "/etc/bashrc", "/etc/csh.cshrc" and "/etc/profile" files with the following command:
-Note: If the value of the "UMASK" parameter is set to "000" in either the "/etc/bashrc" or the "/etc/csh.cshrc" files, the Severity is raised to a CAT I.
+Note: If the value of the "UMASK" parameter is set to "000" in the "/etc/bashrc" the "/etc/csh.cshrc" or the "/etc/profile" files, the Severity is raised to a CAT I.
-# grep -i umask /etc/bashrc /etc/csh.cshrc
+# grep -i umask /etc/bashrc /etc/csh.cshrc /etc/profile
/etc/bashrc: umask 077
/etc/bashrc: umask 077
/etc/csh.cshrc: umask 077
/etc/csh.cshrc: umask 077
+/etc/profile: umask 077
+/etc/profile: umask 077
If the value for the "UMASK" parameter is not "077", or the "UMASK" parameter is missing or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230386"><title>SRG-OS-000326-GPOS-00126</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230386r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-030000</version><title>The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.</title><description>&lt;VulnDiscussion&gt;Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.
@@ -4427,7 +4507,7 @@ $ sudo grep -w lastlog /etc/audit/audit.rules
-w /var/log/lastlog -p wa -k logins
-If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230468"><title>SRG-OS-000062-GPOS-00031</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230468r627750_rule" weight="10.0" severity="low"><version>RHEL-08-030601</version><title>RHEL 8 must enable auditing of processes that start prior to the audit daemon.</title><description>&lt;VulnDiscussion&gt;Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If the command does not return a line, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230468"><title>SRG-OS-000062-GPOS-00031</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230468r792904_rule" weight="10.0" severity="low"><version>RHEL-08-030601</version><title>RHEL 8 must enable auditing of processes that start prior to the audit daemon.</title><description>&lt;VulnDiscussion&gt;Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
If auditing is enabled late in the startup process, the actions of some startup processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
@@ -4451,9 +4531,9 @@ $ sudo grubby --update-kernel=ALL --args="audit=1"
Add or modify the following line in "/etc/default/grub" to ensure the configuration survives kernel updates:
-GRUB_CMDLINE_LINUX="audit=1"</fixtext><fix id="F-33112r568151_fix" /><check system="C-33137r568150_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 enables auditing of processes that start prior to the audit daemon with the following commands:
+GRUB_CMDLINE_LINUX="audit=1"</fixtext><fix id="F-33112r568151_fix" /><check system="C-33137r792903_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 enables auditing of processes that start prior to the audit daemon with the following commands:
-$ sudo grub2-editenv - list | grep audit
+$ sudo grub2-editenv list | grep audit
kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 audit=1 audit_backlog_limit=8192 boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
@@ -4465,7 +4545,7 @@ $ sudo grep audit /etc/default/grub
GRUB_CMDLINE_LINUX="audit=1"
-If "audit" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230469"><title>SRG-OS-000341-GPOS-00132</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230469r744004_rule" weight="10.0" severity="low"><version>RHEL-08-030602</version><title>RHEL 8 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.</title><description>&lt;VulnDiscussion&gt;Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
+If "audit" is not set to "1", is missing or commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230469"><title>SRG-OS-000341-GPOS-00132</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230469r792906_rule" weight="10.0" severity="low"><version>RHEL-08-030602</version><title>RHEL 8 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.</title><description>&lt;VulnDiscussion&gt;Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
If auditing is enabled late in the startup process, the actions of some startup processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
@@ -4477,9 +4557,9 @@ $ sudo grubby --update-kernel=ALL --args="audit_backlog_limit=8192"
Add or modify the following line in "/etc/default/grub" to ensure the configuration survives kernel updates:
-GRUB_CMDLINE_LINUX="audit_backlog_limit=8192"</fixtext><fix id="F-33113r568154_fix" /><check system="C-33138r744003_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 allocates a sufficient audit_backlog_limit to capture processes that start prior to the audit daemon with the following commands:
+GRUB_CMDLINE_LINUX="audit_backlog_limit=8192"</fixtext><fix id="F-33113r568154_fix" /><check system="C-33138r792905_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 allocates a sufficient audit_backlog_limit to capture processes that start prior to the audit daemon with the following commands:
-$ sudo grub2-editenv - list | grep audit
+$ sudo grub2-editenv list | grep audit
kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 audit=1 audit_backlog_limit=8192 boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
@@ -4894,7 +4974,7 @@ $ sudo yum remove sendmail</fixtext><fix id="F-33133r568214_fix" /><check system
$ sudo yum list installed sendmail
-If the sendmail package is installed, this is a finding.</check-content></check></Rule></Group><Group id="V-230491"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230491r627750_rule" weight="10.0" severity="low"><version>RHEL-08-040004</version><title>RHEL 8 must enable mitigations against processor-based vulnerabilities.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If the sendmail package is installed, this is a finding.</check-content></check></Rule></Group><Group id="V-230491"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230491r792908_rule" weight="10.0" severity="low"><version>RHEL-08-040004</version><title>RHEL 8 must enable mitigations against processor-based vulnerabilities.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
Operating systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions).
@@ -4908,9 +4988,9 @@ $ sudo grubby --update-kernel=ALL --args="pti=on"
Add or modify the following line in "/etc/default/grub" to ensure the configuration survives kernel updates:
-GRUB_CMDLINE_LINUX="pti=on"</fixtext><fix id="F-33135r568220_fix" /><check system="C-33160r568219_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 enables kernel page-table isolation with the following commands:
+GRUB_CMDLINE_LINUX="pti=on"</fixtext><fix id="F-33135r568220_fix" /><check system="C-33160r792907_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 enables kernel page-table isolation with the following commands:
-$ sudo grub2-editenv - list | grep pti
+$ sudo grub2-editenv list | grep pti
kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet fips=1 audit=1 audit_backlog_limit=8192 pti=on boot=UUID=8d171156-cd61-421c-ba41-1c021ac29e82
@@ -4987,22 +5067,22 @@ $ sudo dmesg | grep -i video
[ 47.235752] usbcore: registered new interface driver uvcvideo
[ 47.235756] USB Video Class driver (1.1.1)
-If the camera driver blacklist is missing, a camera driver is determined to be in use, and the collaborative computing device has not been authorized for use, this is a finding.</check-content></check></Rule></Group><Group id="V-230494"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230494r627750_rule" weight="10.0" severity="low"><version>RHEL-08-040021</version><title>RHEL 8 must disable the asynchronous transfer mode (ATM) protocol.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If the camera driver blacklist is missing, a camera driver is determined to be in use, and the collaborative computing device has not been authorized for use, this is a finding.</check-content></check></Rule></Group><Group id="V-230494"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230494r792911_rule" weight="10.0" severity="low"><version>RHEL-08-040021</version><title>RHEL 8 must disable the asynchronous transfer mode (ATM) protocol.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
Failing to disconnect unused protocols can result in a system compromise.
-The Asynchronous Transfer Mode (ATM) is a protocol operating on network, data link, and physical layers, based on virtual circuits and virtual paths. Disabling ATM protects the system against exploitation of any laws in its implementation.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33138r568229_fix">Configure the operating system to disable the ability to use the ATM protocol kernel module.
+The Asynchronous Transfer Mode (ATM) is a protocol operating on network, data link, and physical layers, based on virtual circuits and virtual paths. Disabling ATM protects the system against exploitation of any laws in its implementation.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33138r792910_fix">Configure the operating system to disable the ability to use the ATM protocol kernel module.
Add or update the following lines in the file "/etc/modprobe.d/blacklist.conf":
-install ATM /bin/true
-blacklist ATM
+install atm /bin/true
+blacklist atm
-Reboot the system for the settings to take effect.</fixtext><fix id="F-33138r568229_fix" /><check system="C-33163r568228_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the ATM protocol kernel module.
+Reboot the system for the settings to take effect.</fixtext><fix id="F-33138r792910_fix" /><check system="C-33163r792909_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the ATM protocol kernel module.
-$ sudo grep -ri ATM /etc/modprobe.d/* | grep -i "/bin/true"
+$ sudo grep -r atm /etc/modprobe.d/* | grep "/bin/true"
-install ATM /bin/true
+install atm /bin/true
If the command does not return any output, or the line is commented out, and use of the ATM protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
@@ -5010,26 +5090,26 @@ Verify the operating system disables the ability to use the ATM protocol.
Check to see if the ATM protocol is disabled with the following command:
-$ sudo grep -ri ATM /etc/modprobe.d/* | grep -i "blacklist"
+$ sudo grep -r atm /etc/modprobe.d/* | grep "blacklist"
-blacklist ATM
+blacklist atm
-If the command does not return any output or the output is not "blacklist atm", and use of the ATM protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230495"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230495r627750_rule" weight="10.0" severity="low"><version>RHEL-08-040022</version><title>RHEL 8 must disable the controller area network (CAN) protocol.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If the command does not return any output or the output is not "blacklist atm", and use of the ATM protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230495"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230495r792914_rule" weight="10.0" severity="low"><version>RHEL-08-040022</version><title>RHEL 8 must disable the controller area network (CAN) protocol.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
Failing to disconnect unused protocols can result in a system compromise.
-The Controller Area Network (CAN) is a serial communications protocol, which was initially developed for automotive and is now also used in marine, industrial, and medical applications. Disabling CAN protects the system against exploitation of any flaws in its implementation.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33139r568232_fix">Configure the operating system to disable the ability to use the CAN protocol kernel module.
+The Controller Area Network (CAN) is a serial communications protocol, which was initially developed for automotive and is now also used in marine, industrial, and medical applications. Disabling CAN protects the system against exploitation of any flaws in its implementation.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33139r792913_fix">Configure the operating system to disable the ability to use the CAN protocol kernel module.
Add or update the following lines in the file "/etc/modprobe.d/blacklist.conf":
-install CAN /bin/true
-blacklist CAN
+install can /bin/true
+blacklist can
-Reboot the system for the settings to take effect.</fixtext><fix id="F-33139r568232_fix" /><check system="C-33164r568231_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the CAN protocol kernel module.
+Reboot the system for the settings to take effect.</fixtext><fix id="F-33139r792913_fix" /><check system="C-33164r792912_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the CAN protocol kernel module.
-$ sudo grep -ri CAN /etc/modprobe.d/* | grep -i "/bin/true"
+$ sudo grep -r can /etc/modprobe.d/* | grep "/bin/true"
-install CAN /bin/true
+install can /bin/true
If the command does not return any output, or the line is commented out, and use of the CAN protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
@@ -5037,26 +5117,26 @@ Verify the operating system disables the ability to use the CAN protocol.
Check to see if the CAN protocol is disabled with the following command:
-$ sudo grep -ri CAN /etc/modprobe.d/* | grep -i "blacklist"
+$ sudo grep -r can /etc/modprobe.d/* | grep "blacklist"
-blacklist CAN
+blacklist can
-If the command does not return any output or the output is not "blacklist CAN", and use of the CAN protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230496"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230496r744017_rule" weight="10.0" severity="low"><version>RHEL-08-040023</version><title>RHEL 8 must disable the stream control transmission protocol (SCTP).</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If the command does not return any output or the output is not "blacklist can", and use of the CAN protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230496"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230496r792917_rule" weight="10.0" severity="low"><version>RHEL-08-040023</version><title>RHEL 8 must disable the stream control transmission protocol (SCTP).</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
Failing to disconnect unused protocols can result in a system compromise.
-The Stream Control Transmission Protocol (SCTP) is a transport layer protocol, designed to support the idea of message-oriented communication, with several streams of messages within one connection. Disabling SCTP protects the system against exploitation of any flaws in its implementation.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33140r744016_fix">Configure the operating system to disable the ability to use the SCTP kernel module.
+The Stream Control Transmission Protocol (SCTP) is a transport layer protocol, designed to support the idea of message-oriented communication, with several streams of messages within one connection. Disabling SCTP protects the system against exploitation of any flaws in its implementation.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33140r792916_fix">Configure the operating system to disable the ability to use the SCTP kernel module.
Add or update the following lines in the file "/etc/modprobe.d/blacklist.conf":
-install SCTP /bin/true
-blacklist SCTP
+install sctp /bin/true
+blacklist sctp
-Reboot the system for the settings to take effect.</fixtext><fix id="F-33140r744016_fix" /><check system="C-33165r744015_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the SCTP kernel module.
+Reboot the system for the settings to take effect.</fixtext><fix id="F-33140r792916_fix" /><check system="C-33165r792915_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the SCTP kernel module.
-$ sudo grep -ri SCTP /etc/modprobe.d/* | grep -i "/bin/true"
+$ sudo grep -r sctp /etc/modprobe.d/* | grep "/bin/true"
-install SCTP /bin/true
+install sctp /bin/true
If the command does not return any output, or the line is commented out, and use of the SCTP is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
@@ -5064,26 +5144,26 @@ Verify the operating system disables the ability to use the SCTP.
Check to see if the SCTP is disabled with the following command:
-$ sudo grep -ri SCTP /etc/modprobe.d/* | grep -i "blacklist"
+$ sudo grep -r sctp /etc/modprobe.d/* | grep "blacklist"
-blacklist SCTP
+blacklist sctp
-If the command does not return any output or the output is not "blacklist SCTP", and use of the SCTP is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230497"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230497r627750_rule" weight="10.0" severity="low"><version>RHEL-08-040024</version><title>RHEL 8 must disable the transparent inter-process communication (TIPC) protocol.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If the command does not return any output or the output is not "blacklist sctp", and use of the SCTP is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230497"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230497r792920_rule" weight="10.0" severity="low"><version>RHEL-08-040024</version><title>RHEL 8 must disable the transparent inter-process communication (TIPC) protocol.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
Failing to disconnect unused protocols can result in a system compromise.
-The Transparent Inter-Process Communication (TIPC) protocol is designed to provide communications between nodes in a cluster. Disabling TIPC protects the system against exploitation of any flaws in its implementation.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33141r568238_fix">Configure the operating system to disable the ability to use the TIPC protocol kernel module.
+The Transparent Inter-Process Communication (TIPC) protocol is designed to provide communications between nodes in a cluster. Disabling TIPC protects the system against exploitation of any flaws in its implementation.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33141r792919_fix">Configure the operating system to disable the ability to use the TIPC protocol kernel module.
Add or update the following lines in the file "/etc/modprobe.d/blacklist.conf":
-install TIPC /bin/true
-blacklist TIPC
+install tipc /bin/true
+blacklist tipc
-Reboot the system for the settings to take effect.</fixtext><fix id="F-33141r568238_fix" /><check system="C-33166r568237_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the TIPC protocol kernel module.
+Reboot the system for the settings to take effect.</fixtext><fix id="F-33141r792919_fix" /><check system="C-33166r792918_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the TIPC protocol kernel module.
-$ sudo grep -ri TIPC /etc/modprobe.d/* | grep -i "/bin/true"
+$ sudo grep -r tipc /etc/modprobe.d/* | grep "/bin/true"
-install TIPC /bin/true
+install tipc /bin/true
If the command does not return any output, or the line is commented out, and use of the TIPC protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
@@ -5091,11 +5171,11 @@ Verify the operating system disables the ability to use the TIPC protocol.
Check to see if the TIPC protocol is disabled with the following command:
-$ sudo grep -ri TIPC /etc/modprobe.d/* | grep -i "blacklist"
+$ sudo grep -r tipc /etc/modprobe.d/* | grep "blacklist"
-blacklist TIPC
+blacklist tipc
-If the command does not return any output or the output is not "blacklist TIPC", and use of the TIPC protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230498"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230498r627750_rule" weight="10.0" severity="low"><version>RHEL-08-040025</version><title>RHEL 8 must disable mounting of cramfs.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If the command does not return any output or the output is not "blacklist tipc", and use of the TIPC protocol is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230498"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230498r792922_rule" weight="10.0" severity="low"><version>RHEL-08-040025</version><title>RHEL 8 must disable mounting of cramfs.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
Removing support for unneeded filesystem types reduces the local attack surface of the server.
@@ -5106,9 +5186,9 @@ Add or update the following lines in the file "/etc/modprobe.d/blacklist.conf":
install cramfs /bin/true
blacklist cramfs
-Reboot the system for the settings to take effect.</fixtext><fix id="F-33142r568241_fix" /><check system="C-33167r568240_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the cramfs kernel module.
+Reboot the system for the settings to take effect.</fixtext><fix id="F-33142r568241_fix" /><check system="C-33167r792921_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the cramfs kernel module.
-$ sudo grep -ri cramfs /etc/modprobe.d/* | grep -i "/bin/true"
+$ sudo grep -r cramfs /etc/modprobe.d/* | grep "/bin/true"
install cramfs /bin/true
@@ -5118,11 +5198,11 @@ Verify the operating system disables the ability to use the cramfs kernel module
Check to see if the cramfs kernel module is disabled with the following command:
-$ sudo grep -ri cramfs /etc/modprobe.d/* | grep -i "blacklist"
+$ sudo grep -r cramfs /etc/modprobe.d/* | grep "blacklist"
blacklist cramfs
-If the command does not return any output or the output is not "blacklist cramfs", and use of the cramfs kernel module is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230499"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230499r627750_rule" weight="10.0" severity="low"><version>RHEL-08-040026</version><title>RHEL 8 must disable IEEE 1394 (FireWire) Support.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If the command does not return any output or the output is not "blacklist cramfs", and use of the cramfs kernel module is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230499"><title>SRG-OS-000095-GPOS-00049</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230499r792924_rule" weight="10.0" severity="low"><version>RHEL-08-040026</version><title>RHEL 8 must disable IEEE 1394 (FireWire) Support.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
The IEEE 1394 (FireWire) is a serial bus standard for high-speed real-time communication. Disabling FireWire protects the system against exploitation of any flaws in its implementation.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000381</ident><fixtext fixref="F-33143r568244_fix">Configure the operating system to disable the ability to use the firewire-core kernel module.
@@ -5131,9 +5211,9 @@ Add or update the following lines in the file "/etc/modprobe.d/blacklist.conf":
install firewire-core /bin/true
blacklist firewire-core
-Reboot the system for the settings to take effect.</fixtext><fix id="F-33143r568244_fix" /><check system="C-33168r568243_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the firewire-core kernel module.
+Reboot the system for the settings to take effect.</fixtext><fix id="F-33143r568244_fix" /><check system="C-33168r792923_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system disables the ability to load the firewire-core kernel module.
-$ sudo grep -ri firewire-core /etc/modprobe.d/* | grep -i "/bin/true"
+$ sudo grep -r firewire-core /etc/modprobe.d/* | grep "/bin/true"
install firewire-core /bin/true
@@ -5143,7 +5223,7 @@ Verify the operating system disables the ability to use the firewire-core kernel
Check to see if the firewire-core kernel module is disabled with the following command:
-$ sudo grep -ri firewire-core /etc/modprobe.d/* | grep -i "blacklist"
+$ sudo grep -r firewire-core /etc/modprobe.d/* | grep "blacklist"
blacklist firewire-core
@@ -5543,65 +5623,65 @@ $ sudo cat /etc/fstab | grep /var/log/audit
/dev/mapper/rhel-var-log-audit /var/log/audit xfs defaults,nodev,nosuid,noexec 0 0
-If results are returned and the "noexec" option is missing, or if /var/log/audit is mounted without the "noexec" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230520"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230520r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040132</version><title>RHEL 8 must mount /var/tmp with the nodev option.</title><description>&lt;VulnDiscussion&gt;The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
-
-The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
-
-The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
-
-The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-33164r568307_fix">Configure the system so that /var/tmp is mounted with the "nodev" option by adding /modifying the /etc/fstab with the following line:
+If results are returned and the "noexec" option is missing, or if /var/log/audit is mounted without the "noexec" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230520"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230520r792927_rule" weight="10.0" severity="medium"><version>RHEL-08-040132</version><title>RHEL 8 must mount /var/tmp with the nodev option.</title><description>&lt;VulnDiscussion&gt;The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+
+The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
+
+The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
+
+The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-33164r792926_fix">Configure the system so that /var/tmp is mounted with the "nodev" option by adding /modifying the /etc/fstab with the following line:
-/dev/mapper/rhel-var-log-audit /var/tmp xfs defaults,nodev,nosuid,noexec 0 0</fixtext><fix id="F-33164r568307_fix" /><check system="C-33189r568306_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify "/var/tmp" is mounted with the "nodev" option:
+/dev/mapper/rhel-var-tmp /var/tmp xfs defaults,nodev,nosuid,noexec 0 0</fixtext><fix id="F-33164r792926_fix" /><check system="C-33189r792925_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify "/var/tmp" is mounted with the "nodev" option:
$ sudo mount | grep /var/tmp
-/dev/mapper/rhel-var-log-audit on /var/tmp type xfs (rw,nodev,nosuid,noexec,seclabel)
+/dev/mapper/rhel-var-tmp on /var/tmp type xfs (rw,nodev,nosuid,noexec,seclabel)
Verify that the "nodev" option is configured for /var/tmp:
$ sudo cat /etc/fstab | grep /var/tmp
-/dev/mapper/rhel-var-log-audit /var/tmp xfs defaults,nodev,nosuid,noexec 0 0
+/dev/mapper/rhel-var-tmp /var/tmp xfs defaults,nodev,nosuid,noexec 0 0
-If results are returned and the "nodev" option is missing, or if /var/tmp is mounted without the "nodev" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230521"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230521r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040133</version><title>RHEL 8 must mount /var/tmp with the nosuid option.</title><description>&lt;VulnDiscussion&gt;The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
-
-The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
-
-The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
-
-The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-33165r568310_fix">Configure the system so that /var/tmp is mounted with the "nosuid" option by adding /modifying the /etc/fstab with the following line:
+If results are returned and the "nodev" option is missing, or if /var/tmp is mounted without the "nodev" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230521"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230521r792930_rule" weight="10.0" severity="medium"><version>RHEL-08-040133</version><title>RHEL 8 must mount /var/tmp with the nosuid option.</title><description>&lt;VulnDiscussion&gt;The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+
+The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
+
+The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
+
+The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-33165r792929_fix">Configure the system so that /var/tmp is mounted with the "nosuid" option by adding /modifying the /etc/fstab with the following line:
-/dev/mapper/rhel-var-log-audit /var/tmp xfs defaults,nodev,nosuid,noexec 0 0</fixtext><fix id="F-33165r568310_fix" /><check system="C-33190r568309_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify "/var/tmp" is mounted with the "nosuid" option:
+/dev/mapper/rhel-var-tmp /var/tmp xfs defaults,nodev,nosuid,noexec 0 0</fixtext><fix id="F-33165r792929_fix" /><check system="C-33190r792928_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify "/var/tmp" is mounted with the "nosuid" option:
$ sudo mount | grep /var/tmp
-/dev/mapper/rhel-var-log-audit on /var/tmp type xfs (rw,nodev,nosuid,noexec,seclabel)
+/dev/mapper/rhel-var-tmp on /var/tmp type xfs (rw,nodev,nosuid,noexec,seclabel)
Verify that the "nosuid" option is configured for /var/tmp:
$ sudo cat /etc/fstab | grep /var/tmp
-/dev/mapper/rhel-var-log-audit /var/tmp xfs defaults,nodev,nosuid,noexec 0 0
+/dev/mapper/rhel-var-tmp /var/tmp xfs defaults,nodev,nosuid,noexec 0 0
-If results are returned and the "nosuid" option is missing, or if /var/tmp is mounted without the "nosuid" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230522"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230522r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040134</version><title>RHEL 8 must mount /var/tmp with the noexec option.</title><description>&lt;VulnDiscussion&gt;The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
-
-The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
-
-The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
-
-The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-33166r568313_fix">Configure the system so that /var/tmp is mounted with the "noexec" option by adding /modifying the /etc/fstab with the following line:
+If results are returned and the "nosuid" option is missing, or if /var/tmp is mounted without the "nosuid" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230522"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230522r792933_rule" weight="10.0" severity="medium"><version>RHEL-08-040134</version><title>RHEL 8 must mount /var/tmp with the noexec option.</title><description>&lt;VulnDiscussion&gt;The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
+
+The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
+
+The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
-/dev/mapper/rhel-var-log-audit /var/tmp xfs defaults,nodev,nosuid,noexec 0 0</fixtext><fix id="F-33166r568313_fix" /><check system="C-33191r568312_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify "/var/tmp" is mounted with the "noexec" option:
+The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001764</ident><fixtext fixref="F-33166r792932_fix">Configure the system so that /var/tmp is mounted with the "noexec" option by adding /modifying the /etc/fstab with the following line:
+
+/dev/mapper/rhel-var-tmp /var/tmp xfs defaults,nodev,nosuid,noexec 0 0</fixtext><fix id="F-33166r792932_fix" /><check system="C-33191r792931_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify "/var/tmp" is mounted with the "noexec" option:
$ sudo mount | grep /var/tmp
-/dev/mapper/rhel-var-log-audit on /var/tmp type xfs (rw,nodev,nosuid,noexec,seclabel)
+/dev/mapper/rhel-var-tmp on /var/tmp type xfs (rw,nodev,nosuid,noexec,seclabel)
Verify that the "noexec" option is configured for /var/tmp:
$ sudo cat /etc/fstab | grep /var/tmp
-/dev/mapper/rhel-var-log-audit /var/tmp xfs defaults,nodev,nosuid,noexec 0 0
+/dev/mapper/rhel-var-tmp /var/tmp xfs defaults,nodev,nosuid,noexec 0 0
If results are returned and the "noexec" option is missing, or if /var/tmp is mounted without the "noexec" option, this is a finding.</check-content></check></Rule></Group><Group id="V-230523"><title>SRG-OS-000368-GPOS-00154</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230523r744023_rule" weight="10.0" severity="medium"><version>RHEL-08-040135</version><title>The RHEL 8 fapolicy module must be installed.</title><description>&lt;VulnDiscussion&gt;The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
@@ -5774,13 +5854,25 @@ If the account is associated with system commands or applications, the UID shoul
$ sudo awk -F: '$3 == 0 {print $1}' /etc/passwd
-If any accounts other than root have a UID of "0", this is a finding.</check-content></check></Rule></Group><Group id="V-230535"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230535r744035_rule" weight="10.0" severity="medium"><version>RHEL-08-040210</version><title>RHEL 8 must prevent IPv6 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33179r744034_fix">Configure RHEL 8 to prevent IPv6 ICMP redirect messages from being accepted with the following command:
+If any accounts other than root have a UID of "0", this is a finding.</check-content></check></Rule></Group><Group id="V-230535"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230535r792936_rule" weight="10.0" severity="medium"><version>RHEL-08-040210</version><title>RHEL 8 must prevent IPv6 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33179r792935_fix">Configure RHEL 8 to prevent IPv6 ICMP redirect messages from being accepted.
-$ sudo sysctl -w net.ipv6.conf.default.accept_redirects=0
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
+net.ipv6.conf.default.accept_redirects = 0
+
+Load settings from all system configuration files with the following command:
-net.ipv6.conf.default.accept_redirects=0</fixtext><fix id="F-33179r744034_fix" /><check system="C-33204r744033_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 will not accept IPv6 ICMP redirect messages.
+$ sudo sysctl --system</fixtext><fix id="F-33179r792935_fix" /><check system="C-33204r792934_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 will not accept IPv6 ICMP redirect messages.
Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
@@ -5790,15 +5882,37 @@ $ sudo sysctl net.ipv6.conf.default.accept_redirects
net.ipv6.conf.default.accept_redirects = 0
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230536"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230536r744037_rule" weight="10.0" severity="medium"><version>RHEL-08-040220</version><title>RHEL 8 must not send Internet Control Message Protocol (ICMP) redirects.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.ipv6.conf.default.accept_redirects /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.default.accept_redirects = 0
-There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). There is only a directive to disable sending of IPv4 redirected packets. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33180r568355_fix">Configure RHEL 8 to not allow interfaces to perform IPv4 ICMP redirects with the following command:
+If "net.ipv6.conf.default.accept_redirects" is not set to "0", is missing or commented out, this is a finding.
-$ sudo sysctl -w net.ipv4.conf.all.send_redirects=0
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230536"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230536r792939_rule" weight="10.0" severity="medium"><version>RHEL-08-040220</version><title>RHEL 8 must not send Internet Control Message Protocol (ICMP) redirects.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
+There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). There is only a directive to disable sending of IPv4 redirected packets. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.
-net.ipv4.conf.all.send_redirects=0</fixtext><fix id="F-33180r568355_fix" /><check system="C-33205r744036_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not IPv4 ICMP redirect messages.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33180r792938_fix">Configure RHEL 8 to not allow interfaces to perform IPv4 ICMP redirects.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
+
+net.ipv4.conf.all.send_redirects=0
+
+Load settings from all system configuration files with the following command:
+
+$ sudo sysctl --system</fixtext><fix id="F-33180r792938_fix" /><check system="C-33205r792937_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not IPv4 ICMP redirect messages.
Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
@@ -5808,30 +5922,74 @@ $ sudo sysctl net.ipv4.conf.all.send_redirects
net.ipv4.conf.all.send_redirects = 0
-If the returned line does not have a value of "0", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230537"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230537r744039_rule" weight="10.0" severity="medium"><version>RHEL-08-040230</version><title>RHEL 8 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</title><description>&lt;VulnDiscussion&gt;Responding to broadcast ICMP echoes facilitates network mapping and provides a vector for amplification attacks.
+If the returned line does not have a value of "0", or a line is not returned, this is a finding.
-There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). IPv6 does not implement the same method of broadcast as IPv4. Instead, IPv6 uses multicast addressing to the all-hosts multicast group. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33181r568358_fix">Configure RHEL 8 to not respond to IPv4 ICMP echoes sent to a broadcast address with the following command:
+Check that the configuration files are present to enable this network parameter.
-$ sudo sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1
+$ sudo grep -r net.ipv4.conf.all.send_redirects /etc/sysctl.d/*.conf
-If "1" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.send_redirects = 0
-net.ipv4.icmp_echo_ignore_broadcasts=1</fixtext><fix id="F-33181r568358_fix" /><check system="C-33206r744038_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not respond to ICMP echoes sent to a broadcast address.
+If "net.ipv4.conf.all.send_redirects" is not set to "0", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230537"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230537r792942_rule" weight="10.0" severity="medium"><version>RHEL-08-040230</version><title>RHEL 8 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</title><description>&lt;VulnDiscussion&gt;Responding to broadcast ICMP echoes facilitates network mapping and provides a vector for amplification attacks.
+
+There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). IPv6 does not implement the same method of broadcast as IPv4. Instead, IPv6 uses multicast addressing to the all-hosts multicast group. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33181r792941_fix">Configure RHEL 8 to not respond to IPv4 ICMP echoes sent to a broadcast address.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
+
+net.ipv4.icmp_echo_ignore_broadcasts=1
+
+Load settings from all system configuration files with the following command:
+
+$ sudo sysctl --system</fixtext><fix id="F-33181r792941_fix" /><check system="C-33206r792940_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not respond to ICMP echoes sent to a broadcast address.
Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
+
Check the value of the "icmp_echo_ignore_broadcasts" variable with the following command:
$ sudo sysctl net.ipv4.icmp_echo_ignore_broadcasts
net.ipv4.icmp_echo_ignore_broadcasts = 1
-If the returned line does not have a value of "1", a line is not returned, or the retuned line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230538"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230538r744042_rule" weight="10.0" severity="medium"><version>RHEL-08-040240</version><title>RHEL 8 must not forward IPv6 source-routed packets.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33182r744041_fix">Configure RHEL 8 to not forward IPv6 source-routed packets with the following command:
+If the returned line does not have a value of "1", a line is not returned, or the retuned line is commented out, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.ipv4.icmp_echo_ignore_broadcasts /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.icmp_echo_ignore_broadcasts = 1
+
+If "net.ipv4.icmp_echo_ignore_broadcasts" is not set to "1", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230538"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230538r792945_rule" weight="10.0" severity="medium"><version>RHEL-08-040240</version><title>RHEL 8 must not forward IPv6 source-routed packets.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33182r792944_fix">Configure RHEL 8 to not forward IPv6 source-routed packets.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
-$ sudo sysctl -w net.ipv6.conf.all.accept_source_route=0
+net.ipv6.conf.all.accept_source_route=0
-If "0" is not the system's all value then add or update the following line in the appropriate file under "/etc/sysctl.d":
+Load settings from all system configuration files with the following command:
-net.ipv6.conf.all.accept_source_route=0</fixtext><fix id="F-33182r744041_fix" /><check system="C-33207r744040_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv6 source-routed packets.
+$ sudo sysctl --system</fixtext><fix id="F-33182r792944_fix" /><check system="C-33207r792943_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv6 source-routed packets.
Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
@@ -5841,13 +5999,35 @@ $ sudo sysctl net.ipv6.conf.all.accept_source_route
net.ipv6.conf.all.accept_source_route = 0
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230539"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230539r744045_rule" weight="10.0" severity="medium"><version>RHEL-08-040250</version><title>RHEL 8 must not forward IPv6 source-routed packets by default.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33183r744044_fix">Configure RHEL 8 to not forward IPv6 source-routed packets by default with the following command:
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.ipv6.conf.all.accept_source_route /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.all.accept_source_route = 0
+
+If "net.ipv6.conf.all.accept_source_route" is not set to "0", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230539"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230539r792948_rule" weight="10.0" severity="medium"><version>RHEL-08-040250</version><title>RHEL 8 must not forward IPv6 source-routed packets by default.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
-$ sudo sysctl -w net.ipv6.conf.default.accept_source_route=0
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33183r792947_fix">Configure RHEL 8 to not forward IPv6 source-routed packets by default.
-net.ipv6.conf.default.accept_source_route=0</fixtext><fix id="F-33183r744044_fix" /><check system="C-33208r744043_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv6 source-routed packets by default.
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
+
+net.ipv6.conf.default.accept_source_route=0
+
+Load settings from all system configuration files with the following command:
+
+$ sudo sysctl --system</fixtext><fix id="F-33183r792947_fix" /><check system="C-33208r792946_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv6 source-routed packets by default.
Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
@@ -5857,39 +6037,75 @@ $ sudo sysctl net.ipv6.conf.default.accept_source_route
net.ipv6.conf.default.accept_source_route = 0
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230540"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230540r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040260</version><title>RHEL 8 must not be performing packet forwarding unless the system is a router.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33184r568367_fix">Configure RHEL 8 to not allow packet forwarding, unless the system is a router with the following commands:
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
-$ sudo sysctl -w net.ipv4.ip_forward=0
+Check that the configuration files are present to enable this network parameter.
-$ sudo sysctl -w net.ipv6.conf.all.forwarding=0
+$ sudo grep -r net.ipv6.conf.default.accept_source_route /etc/sysctl.d/*.conf
-If "0" is not the system's default value then add or update the following lines in the appropriate file under "/etc/sysctl.d":
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.default.accept_source_route = 0
-net.ipv4.ip_forward=0
+If "net.ipv6.conf.default.accept_source_route" is not set to "0", is missing or commented out, this is a finding.
-net.ipv6.conf.all.forwarding=0</fixtext><fix id="F-33184r568367_fix" /><check system="C-33209r568366_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 is not performing packet forwarding, unless the system is a router.
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230540"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230540r792951_rule" weight="10.0" severity="medium"><version>RHEL-08-040260</version><title>RHEL 8 must not enable IPv6 packet forwarding unless the system is a router.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
-Note: If either IPv4 or IPv6 is disabled on the system, this requirement only applies to the active internet protocol version.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
-Check to see if IP forwarding is enabled using the following commands:
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33184r792950_fix">Configure RHEL 8 to not allow IPv6 packet forwarding, unless the system is a router.
-$ sudo sysctl net.ipv4.ip_forward
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
-net.ipv4.ip_forward = 0
+net.ipv6.conf.all.forwarding=0
+
+Load settings from all system configuration files with the following command:
+
+$ sudo sysctl --system</fixtext><fix id="F-33184r792950_fix" /><check system="C-33209r792949_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 is not performing IPv6 packet forwarding, unless the system is a router.
+
+Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
+
+Check that IPv6 forwarding is disabled using the following commands:
$ sudo sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 0
-If IP forwarding value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230541"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230541r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040261</version><title>RHEL 8 must not accept router advertisements on all IPv6 interfaces.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
+If the IPv6 forwarding value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.ipv6.conf.all.forwarding /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.all.forwarding = 0
+
+If "net.ipv6.conf.all.forwarding" is not set to "0", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230541"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230541r792954_rule" weight="10.0" severity="medium"><version>RHEL-08-040261</version><title>RHEL 8 must not accept router advertisements on all IPv6 interfaces.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
+
+An illicit router advertisement message could result in a man-in-the-middle attack.
-An illicit router advertisement message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33185r568370_fix">Configure RHEL 8 to not accept router advertisements on all IPv6 interfaces unless the system is a router with the following commands:
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
-$ sudo sysctl -w net.ipv6.conf.all.accept_ra=0
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33185r792953_fix">Configure RHEL 8 to not accept router advertisements on all IPv6 interfaces unless the system is a router.
-If "0" is not the system's default value then add or update the following lines in the appropriate file under "/etc/sysctl.d":
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
-net.ipv6.conf.all.accept_ra=0</fixtext><fix id="F-33185r568370_fix" /><check system="C-33210r568369_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept router advertisements on all IPv6 interfaces, unless the system is a router.
+net.ipv6.conf.all.accept_ra=0
+
+Load settings from all system configuration files with the following command:
+
+$ sudo sysctl --system</fixtext><fix id="F-33185r792953_fix" /><check system="C-33210r792952_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept router advertisements on all IPv6 interfaces, unless the system is a router.
Note: If IPv6 is disabled on the system, this requirement is not applicable.
@@ -5899,15 +6115,37 @@ $ sudo sysctl net.ipv6.conf.all.accept_ra
net.ipv6.conf.all.accept_ra = 0
-If the "accept_ra" value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230542"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230542r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040262</version><title>RHEL 8 must not accept router advertisements on all IPv6 interfaces by default.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
+If the "accept_ra" value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.ipv6.conf.all.accept_ra /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.all.accept_ra = 0
-An illicit router advertisement message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33186r568373_fix">Configure RHEL 8 to not accept router advertisements on all IPv6 interfaces by default unless the system is a router with the following commands:
+If "net.ipv6.conf.all.accept_ra" is not set to "0", is missing or commented out, this is a finding.
-$ sudo sysctl -w net.ipv6.conf.default.accept_ra=0
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230542"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230542r792957_rule" weight="10.0" severity="medium"><version>RHEL-08-040262</version><title>RHEL 8 must not accept router advertisements on all IPv6 interfaces by default.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
-If "0" is not the system's default value then add or update the following lines in the appropriate file under "/etc/sysctl.d":
+An illicit router advertisement message could result in a man-in-the-middle attack.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33186r792956_fix">Configure RHEL 8 to not accept router advertisements on all IPv6 interfaces by default unless the system is a router.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
+
+net.ipv6.conf.default.accept_ra=0
+
+Load settings from all system configuration files with the following command:
-net.ipv6.conf.default.accept_ra=0</fixtext><fix id="F-33186r568373_fix" /><check system="C-33211r568372_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept router advertisements on all IPv6 interfaces by default, unless the system is a router.
+$ sudo sysctl --system</fixtext><fix id="F-33186r792956_fix" /><check system="C-33211r792955_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept router advertisements on all IPv6 interfaces by default, unless the system is a router.
Note: If IPv6 is disabled on the system, this requirement is not applicable.
@@ -5917,15 +6155,37 @@ $ sudo sysctl net.ipv6.conf.default.accept_ra
net.ipv6.conf.default.accept_ra = 0
-If the "accept_ra" value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.</check-content></check></Rule></Group><Group id="V-230543"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230543r744047_rule" weight="10.0" severity="medium"><version>RHEL-08-040270</version><title>RHEL 8 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
+If the "accept_ra" value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
-There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). There is only a directive to disable sending of IPv4 redirected packets. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33187r568376_fix">Configure RHEL 8 to not allow interfaces to perform Internet Protocol version 4 (IPv4) ICMP redirects by default with the following command:
+Check that the configuration files are present to enable this network parameter.
-$ sudo sysctl -w net.ipv4.conf.default.send_redirects=0
+$ sudo grep -r net.ipv6.conf.default.accept_ra /etc/sysctl.d/*.conf
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.default.accept_ra = 0
-net.ipv4.conf.default.send_redirects=0</fixtext><fix id="F-33187r568376_fix" /><check system="C-33212r744046_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not allow interfaces to perform Internet Protocol version 4 (IPv4) ICMP redirects by default.
+If "net.ipv6.conf.default.accept_ra" is not set to "0", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230543"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230543r792960_rule" weight="10.0" severity="medium"><version>RHEL-08-040270</version><title>RHEL 8 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
+
+There are notable differences between Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). There is only a directive to disable sending of IPv4 redirected packets. Refer to RFC4294 for an explanation of "IPv6 Node Requirements", which resulted in this difference between IPv4 and IPv6.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33187r792959_fix">Configure RHEL 8 to not allow interfaces to perform Internet Protocol version 4 (IPv4) ICMP redirects by default.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
+
+net.ipv4.conf.default.send_redirects = 0
+
+Load settings from all system configuration files with the following command:
+
+$ sudo sysctl --system</fixtext><fix id="F-33187r792959_fix" /><check system="C-33212r792958_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not allow interfaces to perform Internet Protocol version 4 (IPv4) ICMP redirects by default.
Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
@@ -5935,13 +6195,35 @@ $ sudo sysctl net.ipv4.conf.default.send_redirects
net.ipv4.conf.default.send_redirects=0
-If the returned line does not have a value of "0", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230544"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230544r744050_rule" weight="10.0" severity="medium"><version>RHEL-08-040280</version><title>RHEL 8 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33188r744049_fix">Configure RHEL 8 to ignore IPv6 ICMP redirect messages with the following command:
+If the returned line does not have a value of "0", or a line is not returned, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.ipv4.conf.default.send_redirects /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.default.send_redirects = 0
-$ sudo sysctl -w net.ipv6.conf.all.accept_redirects=0
+If "net.ipv4.conf.default.send_redirects" is not set to "0", is missing or commented out, this is a finding.
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230544"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230544r792963_rule" weight="10.0" severity="medium"><version>RHEL-08-040280</version><title>RHEL 8 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
-net.ipv6.conf.all.accept_redirects = 0</fixtext><fix id="F-33188r744049_fix" /><check system="C-33213r744048_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 ignores IPv6 ICMP redirect messages.
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33188r792962_fix">Configure RHEL 8 to ignore IPv6 ICMP redirect messages.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
+
+net.ipv6.conf.all.accept_redirects = 0
+
+Load settings from all system configuration files with the following command:
+
+$ sudo sysctl --system</fixtext><fix id="F-33188r792962_fix" /><check system="C-33213r792961_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 ignores IPv6 ICMP redirect messages.
Note: If IPv6 is disabled on the system, this requirement is Not Applicable.
@@ -5951,75 +6233,181 @@ $ sudo sysctl net.ipv6.conf.all.accept_redirects
net.ipv6.conf.all.accept_redirects = 0
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-230545"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230545r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040281</version><title>RHEL 8 must disable access to network bpf syscall from unprivileged processes.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33189r568382_fix">Configure RHEL 8 to prevent privilege escalation thru the kernel by disabling access to the bpf syscall by adding the following line to a file in the "/etc/sysctl.d" directory:
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.ipv6.conf.all.accept_redirects /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: net.ipv6.conf.all.accept_redirects = 0
+
+If "net.ipv6.conf.all.accept_redirects" is not set to "0", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230545"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230545r792966_rule" weight="10.0" severity="medium"><version>RHEL-08-040281</version><title>RHEL 8 must disable access to network bpf syscall from unprivileged processes.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33189r792965_fix">Configure RHEL 8 to prevent privilege escalation thru the kernel by disabling access to the bpf syscall by adding the following line to a file, which begins with "99-", in the "/etc/sysctl.d" directory:
kernel.unprivileged_bpf_disabled = 1
The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
-$ sudo sysctl --system</fixtext><fix id="F-33189r568382_fix" /><check system="C-33214r568381_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 prevents privilege escalation thru the kernel by disabling access to the bpf syscall with the following commands:
+$ sudo sysctl --system</fixtext><fix id="F-33189r792965_fix" /><check system="C-33214r792964_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 prevents privilege escalation thru the kernel by disabling access to the bpf syscall with the following commands:
$ sudo sysctl kernel.unprivileged_bpf_disabled
kernel.unprivileged_bpf_disabled = 1
-If the returned line does not have a value of "1", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230546"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230546r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040282</version><title>RHEL 8 must restrict usage of ptrace to descendant processes.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33190r568385_fix">Configure RHEL 8 to restrict usage of ptrace to descendant processes by adding the following line to a file in the "/etc/sysctl.d" directory:
+If the returned line does not have a value of "1", or a line is not returned, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r kernel.unprivileged_bpf_disabled /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: kernel.unprivileged_bpf_disabled = 1
+
+If "kernel.unprivileged_bpf_disabled" is not set to "1", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230546"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230546r792969_rule" weight="10.0" severity="medium"><version>RHEL-08-040282</version><title>RHEL 8 must restrict usage of ptrace to descendant processes.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33190r792968_fix">Configure RHEL 8 to restrict usage of ptrace to descendant processes by adding the following line to a file, which begins with "99-", in the "/etc/sysctl.d" directory:
kernel.yama.ptrace_scope = 1
The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
-$ sudo sysctl --system</fixtext><fix id="F-33190r568385_fix" /><check system="C-33215r568384_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 restricts usage of ptrace to descendant processes with the following commands:
+$ sudo sysctl --system</fixtext><fix id="F-33190r792968_fix" /><check system="C-33215r792967_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 restricts usage of ptrace to descendant processes with the following commands:
$ sudo sysctl kernel.yama.ptrace_scope
kernel.yama.ptrace_scope = 1
-If the returned line does not have a value of "1", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230547"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230547r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040283</version><title>RHEL 8 must restrict exposed kernel pointer addresses access.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33191r568388_fix">Configure RHEL 8 to restrict exposed kernel pointer addresses access by adding the following line to a file in the "/etc/sysctl.d" directory:
+If the returned line does not have a value of "1", or a line is not returned, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r kernel.yama.ptrace_scope /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: kernel.yama.ptrace_scope = 1
+
+If "kernel.yama.ptrace_scope" is not set to "1", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230547"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230547r792972_rule" weight="10.0" severity="medium"><version>RHEL-08-040283</version><title>RHEL 8 must restrict exposed kernel pointer addresses access.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33191r792971_fix">Configure RHEL 8 to restrict exposed kernel pointer addresses access by adding the following line to a file, which begins with "99-", in the "/etc/sysctl.d" directory:
kernel.kptr_restrict = 1
The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
-$ sudo sysctl --system</fixtext><fix id="F-33191r568388_fix" /><check system="C-33216r568387_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 restricts exposed kernel pointer addresses access with the following commands:
+$ sudo sysctl --system</fixtext><fix id="F-33191r792971_fix" /><check system="C-33216r792970_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 restricts exposed kernel pointer addresses access with the following commands:
$ sudo sysctl kernel.kptr_restrict
kernel.kptr_restrict = 1
-If the returned line does not have a value of "1", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230548"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230548r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040284</version><title>RHEL 8 must disable the use of user namespaces.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If the returned line does not have a value of "1", or a line is not returned, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r kernel.kptr_restrict /etc/sysctl.d/*.conf
-User namespaces are used primarily for Linux container. The value 0 disallows the use of user namespaces. When containers are not in use, namespaces should be disallowed. When containers are deployed on a system, the value should be set to a large non-zero value. The default value is 7182.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33192r568391_fix">Configure RHEL 8 to disable the use of user namespaces by adding the following line to a file in the "/etc/sysctl.d" directory:
+/etc/sysctl.d/99-sysctl.conf: kernel.kptr_restrict = 1
-Note: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable.
+If "kernel.kptr_restrict" is not set to "1", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230548"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230548r792975_rule" weight="10.0" severity="medium"><version>RHEL-08-040284</version><title>RHEL 8 must disable the use of user namespaces.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33192r792974_fix">Configure RHEL 8 to disable the use of user namespaces by adding the following line to a file, which begins with "99-", in the "/etc/sysctl.d" directory:
+
+Note: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable.
user.max_user_namespaces = 0
The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
-$ sudo sysctl --system</fixtext><fix id="F-33192r568391_fix" /><check system="C-33217r568390_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 disables the use of user namespaces with the following commands:
+$ sudo sysctl --system</fixtext><fix id="F-33192r792974_fix" /><check system="C-33217r792973_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 disables the use of user namespaces with the following commands:
-Note: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable.
+Note: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable.
$ sudo sysctl user.max_user_namespaces
user.max_user_namespaces = 0
-If the returned line does not have a value of "0", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230549"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230549r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040285</version><title>RHEL 8 must use reverse path filtering on all IPv4 interfaces.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+If the returned line does not have a value of "0", or a line is not returned, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r user.max_user_namespaces /etc/sysctl.d/*.conf
-Enabling reverse path filtering drops packets with source addresses that are not routable. There is not an equivalent filter for IPv6 traffic.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33193r568394_fix">Configure RHEL 8 to use reverse path filtering on all IPv4 interfaces by adding the following line to a file in the "/etc/sysctl.d" directory:
+/etc/sysctl.d/99-sysctl.conf: user.max_user_namespaces = 0
+
+If "user.max_user_namespaces" is not set to "0", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230549"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230549r792978_rule" weight="10.0" severity="medium"><version>RHEL-08-040285</version><title>RHEL 8 must use reverse path filtering on all IPv4 interfaces.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33193r792977_fix">Configure RHEL 8 to use reverse path filtering on all IPv4 interfaces by adding the following line to a file, which begins with "99-", in the "/etc/sysctl.d" directory:
net.ipv4.conf.all.rp_filter = 1
The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
-$ sudo sysctl --system</fixtext><fix id="F-33193r568394_fix" /><check system="C-33218r568393_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 uses reverse path filtering on all IPv4 interfaces with the following commands:
+$ sudo sysctl --system</fixtext><fix id="F-33193r792977_fix" /><check system="C-33218r792976_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 uses reverse path filtering on all IPv4 interfaces with the following commands:
$ sudo sysctl net.ipv4.conf.all.rp_filter
net.ipv4.conf.all.rp_filter = 1
-If the returned line does not have a value of "1", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-230550"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230550r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040290</version><title>RHEL 8 must be configured to prevent unrestricted mail relaying.</title><description>&lt;VulnDiscussion&gt;If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33194r568397_fix">If "postfix" is installed, modify the "/etc/postfix/main.cf" file to restrict client connections to the local network with the following command:
+If the returned line does not have a value of "1", or a line is not returned, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.ipv4.conf.all.rp_filter /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.rp_filter = 1
+
+If "net.ipv4.conf.all.rp_filter" is not set to "1", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-230550"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230550r627750_rule" weight="10.0" severity="medium"><version>RHEL-08-040290</version><title>RHEL 8 must be configured to prevent unrestricted mail relaying.</title><description>&lt;VulnDiscussion&gt;If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-33194r568397_fix">If "postfix" is installed, modify the "/etc/postfix/main.cf" file to restrict client connections to the local network with the following command:
$ sudo postconf -e 'smtpd_client_restrictions = permit_mynetworks,reject'</fixtext><fix id="F-33194r568397_fix" /><check system="C-33219r568396_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the system is configured to prevent unrestricted mail relaying.
@@ -6237,7 +6625,7 @@ $ sudo egrep -i '(!rootpw|!targetpw|!runaspw)' /etc/sudoers /etc/sudoers.d/* | g
If no results are returned, this is a finding
If "Defaults !targetpw" is not defined, this is a finding.
If "Defaults !rootpw" is not defined, this is a finding.
-If "Defaults !runaspw" is not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-237643"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237643r646899_rule" weight="10.0" severity="medium"><version>RHEL-08-010384</version><title>RHEL 8 must require re-authentication when using the "sudo" command.</title><description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization.
+If "Defaults !runaspw" is not defined, this is a finding.</check-content></check></Rule></Group><Group id="V-237643"><title>SRG-OS-000373-GPOS-00156</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-237643r792980_rule" weight="10.0" severity="medium"><version>RHEL-08-010384</version><title>RHEL 8 must require re-authentication when using the "sudo" command.</title><description>&lt;VulnDiscussion&gt;Without re-authentication, users may access resources or perform tasks for which they do not have authorization.
When operating systems provide the capability to escalate a functional capability, it is critical the organization requires the user to re-authenticate when using the "sudo" command.
@@ -6247,10 +6635,10 @@ $ sudo visudo
Add or modify the following line:
Defaults timestamp_timeout=[value]
-Note: The "[value]" must be a number that is greater than or equal to "0".</fixtext><fix id="F-40825r646898_fix" /><check system="C-40862r646897_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.
+Note: The "[value]" must be a number that is greater than or equal to "0".</fixtext><fix id="F-40825r646898_fix" /><check system="C-40862r792979_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify the operating system requires re-authentication when using the "sudo" command to elevate privileges.
$ sudo grep -i 'timestamp_timeout' /etc/sudoers /etc/sudoers.d/*
-/etc/sudoers:Defaults timestamp_timout=0
+/etc/sudoers:Defaults timestamp_timeout=0
If "timestamp_timeout" is set to a negative number, is commented out, or no results are returned, this is a finding.</check-content></check></Rule></Group><Group id="V-244519"><title>SRG-OS-000023-GPOS-00006</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244519r743806_rule" weight="10.0" severity="medium"><version>RHEL-08-010049</version><title>RHEL 8 must display a banner before granting local or remote access to the system via a graphical user logon.</title><description>&lt;VulnDiscussion&gt;Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
@@ -6294,7 +6682,9 @@ $ sudo grep rounds /etc/pam.d/system-auth
password sufficient pam_unix.so sha512 rounds=5000
-If "rounds" has a value below "5000", or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-244521"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244521r743812_rule" weight="10.0" severity="medium"><version>RHEL-08-010141</version><title>RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require a unique superusers name upon booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47753r743811_fix">Configure the system to have a unique name for the grub superusers account.
+If "rounds" has a value below "5000", or is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-244521"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244521r792982_rule" weight="10.0" severity="medium"><version>RHEL-08-010141</version><title>RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require a unique superusers name upon booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
+
+The GRUB 2 superuser account is an account of last resort. Establishing a unique username for this account hardens the boot loader against brute force attacks. Due to the nature of the superuser account database being distinct from the OS account database, this allows the use of a username that is not among those within the OS account database. Examples of non-unique superusers names are root, superuser, unlock, etc.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47753r743811_fix">Configure the system to have a unique name for the grub superusers account.
Edit the /etc/grub.d/01_users file and add or modify the following lines:
@@ -6304,7 +6694,7 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
Generate a new grub.cfg file with the following command:
-$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</fixtext><fix id="F-47753r743811_fix" /><check system="C-47796r743810_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
+$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</fixtext><fix id="F-47753r743811_fix" /><check system="C-47796r792981_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
Verify that a unique name is set as the "superusers" account:
@@ -6312,7 +6702,9 @@ $ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
set superusers="[someuniquestringhere]"
export superusers
-If "superusers" is not set to a unique name or is missing a name, this is a finding.</check-content></check></Rule></Group><Group id="V-244522"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244522r743815_rule" weight="10.0" severity="medium"><version>RHEL-08-010149</version><title>RHEL 8 operating systems booted with a BIOS must require a unique superusers name upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47754r743814_fix">Configure the system to have a unique name for the grub superusers account.
+If "superusers" is identical to any OS account name or is missing a name, this is a finding.</check-content></check></Rule></Group><Group id="V-244522"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244522r792984_rule" weight="10.0" severity="medium"><version>RHEL-08-010149</version><title>RHEL 8 operating systems booted with a BIOS must require a unique superusers name upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
+
+The GRUB 2 superuser account is an account of last resort. Establishing a unique username for this account hardens the boot loader against brute force attacks. Due to the nature of the superuser account database being distinct from the OS account database, this allows the use of a username that is not among those within the OS account database. Examples of non-unique superusers names are root, superuser, unlock, etc.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47754r743814_fix">Configure the system to have a unique name for the grub superusers account.
Edit the /etc/grub.d/01_users file and add or modify the following lines:
@@ -6322,7 +6714,7 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
Generate a new grub.cfg file with the following command:
-$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg</fixtext><fix id="F-47754r743814_fix" /><check system="C-47797r743813_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use UEFI, this is Not Applicable.
+$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg</fixtext><fix id="F-47754r743814_fix" /><check system="C-47797r792983_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use UEFI, this is Not Applicable.
Verify that a unique name is set as the "superusers" account:
@@ -6330,7 +6722,7 @@ $ sudo grep -iw "superusers" /boot/grub2/grub.cfg
set superusers="[someuniquestringhere]"
export superusers
-If "superusers" is not set to a unique name or is missing a name, this is a finding.</check-content></check></Rule></Group><Group id="V-244523"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244523r743818_rule" weight="10.0" severity="medium"><version>RHEL-08-010152</version><title>RHEL 8 operating systems must require authentication upon booting into emergency mode.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid root authentication before it boots into emergency or rescue mode, anyone who invokes emergency or rescue mode is granted privileged access to all files on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47755r743817_fix">Configure the system to require authentication upon booting into emergency mode by adding the following line to the "/usr/lib/systemd/system/emergency.service" file.
+If "superusers" is identical to any OS account name or is missing a name, this is a finding.</check-content></check></Rule></Group><Group id="V-244523"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244523r743818_rule" weight="10.0" severity="medium"><version>RHEL-08-010152</version><title>RHEL 8 operating systems must require authentication upon booting into emergency mode.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid root authentication before it boots into emergency or rescue mode, anyone who invokes emergency or rescue mode is granted privileged access to all files on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-47755r743817_fix">Configure the system to require authentication upon booting into emergency mode by adding the following line to the "/usr/lib/systemd/system/emergency.service" file.
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency</fixtext><fix id="F-47755r743817_fix" /><check system="C-47798r743816_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Check to see if the system requires authentication for emergency mode with the following command:
@@ -6822,13 +7214,25 @@ $ sudo yum list installed openssh-server
openssh-server.x86_64 8.0p1-5.el8 @anaconda
-If the "SSH server" package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-244550"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244550r743899_rule" weight="10.0" severity="medium"><version>RHEL-08-040209</version><title>RHEL 8 must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47782r743898_fix">Configure RHEL 8 to prevent IPv4 ICMP redirect messages from being accepted with the following command:
+If the "SSH server" package is not installed, this is a finding.</check-content></check></Rule></Group><Group id="V-244550"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244550r792987_rule" weight="10.0" severity="medium"><version>RHEL-08-040209</version><title>RHEL 8 must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
-$ sudo sysctl -w net.ipv4.conf.default.accept_redirects=0
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47782r792986_fix">Configure RHEL 8 to prevent IPv4 ICMP redirect messages from being accepted.
-net.ipv4.conf.default.accept_redirects=0</fixtext><fix id="F-47782r743898_fix" /><check system="C-47825r743897_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 will not accept IPv4 ICMP redirect messages.
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
+
+net.ipv4.conf.default.accept_redirects = 0
+
+Load settings from all system configuration files with the following command:
+
+$ sudo sysctl --system</fixtext><fix id="F-47782r792986_fix" /><check system="C-47825r792985_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 will not accept IPv4 ICMP redirect messages.
Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
@@ -6838,13 +7242,35 @@ $ sudo sysctl net.ipv4.conf.default.accept_redirects
net.ipv4.conf.default.accept_redirects = 0
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-244551"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244551r743902_rule" weight="10.0" severity="medium"><version>RHEL-08-040239</version><title>RHEL 8 must not forward IPv4 source-routed packets.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47783r743901_fix">Configure RHEL 8 to not forward IPv4 source-routed packets with the following command:
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.ipv4.conf.default.accept_redirects /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.default.accept_redirects = 0
+
+If "net.ipv4.conf.default.accept_redirects" is not set to "0", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-244551"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244551r792990_rule" weight="10.0" severity="medium"><version>RHEL-08-040239</version><title>RHEL 8 must not forward IPv4 source-routed packets.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47783r792989_fix">Configure RHEL 8 to not forward IPv4 source-routed packets.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
-$ sudo sysctl -w net.ipv4.conf.all.accept_source_route=0
+net.ipv4.conf.all.accept_source_route=0
-If "0" is not the system's all value then add or update the following line in the appropriate file under "/etc/sysctl.d":
+Load settings from all system configuration files with the following command:
-net.ipv4.conf.all.accept_source_route=0</fixtext><fix id="F-47783r743901_fix" /><check system="C-47826r743900_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv4 source-routed packets.
+$ sudo sysctl --system</fixtext><fix id="F-47783r792989_fix" /><check system="C-47826r792988_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv4 source-routed packets.
Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
@@ -6854,13 +7280,35 @@ $ sudo sysctl net.ipv4.conf.all.accept_source_route
net.ipv4.conf.all.accept_source_route = 0
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-244552"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244552r743905_rule" weight="10.0" severity="medium"><version>RHEL-08-040249</version><title>RHEL 8 must not forward IPv4 source-routed packets by default.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47784r743904_fix">Configure RHEL 8 to not forward IPv4 source-routed packets by default with the following command:
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.ipv4.conf.all.accept_source_route /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.accept_source_route = 0
+
+If "net.ipv4.conf.all.accept_source_route" is not set to "0", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-244552"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244552r792993_rule" weight="10.0" severity="medium"><version>RHEL-08-040249</version><title>RHEL 8 must not forward IPv4 source-routed packets by default.</title><description>&lt;VulnDiscussion&gt;Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
-$ sudo sysctl -w net.ipv4.conf.default.accept_source_route=0
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47784r792992_fix">Configure RHEL 8 to not forward IPv4 source-routed packets by default.
-net.ipv4.conf.default.accept_source_route=0</fixtext><fix id="F-47784r743904_fix" /><check system="C-47827r743903_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv4 source-routed packets by default.
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
+
+net.ipv4.conf.default.accept_source_route=0
+
+Load settings from all system configuration files with the following command:
+
+$ sudo sysctl --system</fixtext><fix id="F-47784r792992_fix" /><check system="C-47827r792991_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 does not accept IPv4 source-routed packets by default.
Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
@@ -6870,13 +7318,35 @@ $ sudo sysctl net.ipv4.conf.default.accept_source_route
net.ipv4.conf.default.accept_source_route = 0
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-244553"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244553r743908_rule" weight="10.0" severity="medium"><version>RHEL-08-040279</version><title>RHEL 8 must ignore IPv4 Internet Control Message Protocol (ICMP) redirect messages.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47785r743907_fix">Configure RHEL 8 to ignore IPv4 ICMP redirect messages with the following command:
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.ipv4.conf.default.accept_source_route /etc/sysctl.d/*.conf
-$ sudo sysctl -w net.ipv4.conf.all.accept_redirects=0
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.default.accept_source_route = 0
-If "0" is not the system's default value then add or update the following line in the appropriate file under "/etc/sysctl.d":
+If "net.ipv4.conf.default.accept_source_route" is not set to "0", is missing or commented out, this is a finding.
-net.ipv4.conf.all.accept_redirects = 0</fixtext><fix id="F-47785r743907_fix" /><check system="C-47828r743906_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 ignores IPv4 ICMP redirect messages.
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-244553"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244553r792996_rule" weight="10.0" severity="medium"><version>RHEL-08-040279</version><title>RHEL 8 must ignore IPv4 Internet Control Message Protocol (ICMP) redirect messages.</title><description>&lt;VulnDiscussion&gt;ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47785r792995_fix">Configure RHEL 8 to ignore IPv4 ICMP redirect messages.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
+
+net.ipv4.conf.all.accept_redirects = 0
+
+Load settings from all system configuration files with the following command:
+
+$ sudo sysctl --system</fixtext><fix id="F-47785r792995_fix" /><check system="C-47828r792994_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 ignores IPv4 ICMP redirect messages.
Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
@@ -6886,20 +7356,51 @@ $ sudo sysctl net.ipv4.conf.all.accept_redirects
net.ipv4.conf.all.accept_redirects = 0
-If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.</check-content></check></Rule></Group><Group id="V-244554"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244554r743911_rule" weight="10.0" severity="medium"><version>RHEL-08-040286</version><title>RHEL 8 must enable hardening for the Berkeley Packet Filter Just-in-time compiler.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
-Enabling hardening for the Berkeley Packet Filter (BPF) Just-in-time (JIT) compiler aids in mitigating JIT spraying attacks. Setting the value to "2" enables JIT hardening for all users.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47786r743910_fix">Configure RHEL 8 to enable hardening for the BPF JIT compiler by adding the following line to a file in the "/etc/sysctl.d" directory:
+If the returned line does not have a value of "0", a line is not returned, or the line is commented out, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.ipv4.conf.all.accept_redirects /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.accept_redirects = 0
+
+If "net.ipv4.conf.all.accept_redirects" is not set to "0", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-244554"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-244554r792999_rule" weight="10.0" severity="medium"><version>RHEL-08-040286</version><title>RHEL 8 must enable hardening for the Berkeley Packet Filter Just-in-time compiler.</title><description>&lt;VulnDiscussion&gt;It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
+
+Enabling hardening for the Berkeley Packet Filter (BPF) Just-in-time (JIT) compiler aids in mitigating JIT spraying attacks. Setting the value to "2" enables JIT hardening for all users.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-47786r792998_fix">Configure RHEL 8 to enable hardening for the BPF JIT compiler by adding the following line to a file, which begins with "99-", in the "/etc/sysctl.d" directory:
net.core.bpf_jit_harden = 2
The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command:
-$ sudo sysctl --system</fixtext><fix id="F-47786r743910_fix" /><check system="C-47829r743909_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 enables hardening for the BPF JIT with the following commands:
+$ sudo sysctl --system</fixtext><fix id="F-47786r792998_fix" /><check system="C-47829r792997_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 enables hardening for the BPF JIT with the following commands:
$ sudo sysctl net.core.bpf_jit_harden
net.core.bpf_jit_harden = 2
-If the returned line does not have a value of "2", or a line is not returned, this is a finding.</check-content></check></Rule></Group><Group id="V-245540"><title>SRG-OS-000191-GPOS-00080</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-245540r754730_rule" weight="10.0" severity="medium"><version>RHEL-08-010001</version><title>The RHEL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.</title><description>&lt;VulnDiscussion&gt;Adding endpoint security tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of the system, which may not otherwise exist in an organization's systems management regime.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001233</ident><fixtext fixref="F-48770r754729_fix">Install and enable the latest McAfee ENSLTP package.</fixtext><fix id="F-48770r754729_fix" /><check system="C-48814r754728_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Per OPORD 16-0080, the preferred endpoint security tool is McAfee Endpoint Security for Linux (ENSL) in conjunction with SELinux.
+If the returned line does not have a value of "2", or a line is not returned, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.core.bpf_jit_harden /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: net.core.bpf_jit_harden = 2
+
+If "net.core.bpf_jit_harden" is not set to "2", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group><Group id="V-245540"><title>SRG-OS-000191-GPOS-00080</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-245540r754730_rule" weight="10.0" severity="medium"><version>RHEL-08-010001</version><title>The RHEL 8 operating system must implement the Endpoint Security for Linux Threat Prevention tool.</title><description>&lt;VulnDiscussion&gt;Adding endpoint security tools can provide the capability to automatically take actions in response to malicious behavior, which can provide additional agility in reacting to network threats. These tools also often include a reporting capability to provide network awareness of the system, which may not otherwise exist in an organization's systems management regime.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-001233</ident><fixtext fixref="F-48770r754729_fix">Install and enable the latest McAfee ENSLTP package.</fixtext><fix id="F-48770r754729_fix" /><check system="C-48814r754728_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Per OPORD 16-0080, the preferred endpoint security tool is McAfee Endpoint Security for Linux (ENSL) in conjunction with SELinux.
Procedure:
Check that the following package has been installed:
@@ -6912,4 +7413,102 @@ Verify that the daemon is running:
$ sudo ps -ef | grep -i mfetpd
-If the daemon is not running, this is a finding.</check-content></check></Rule></Group></Benchmark>
\ No newline at end of file
+If the daemon is not running, this is a finding.</check-content></check></Rule></Group><Group id="V-250315"><title>SRG-OS-000021-GPOS-00005</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-250315r793009_rule" weight="10.0" severity="medium"><version>RHEL-08-020027</version><title>RHEL 8 systems, versions 8.2 and above, must configure SELinux context type to allow the use of a non-default faillock tally directory.</title><description>&lt;VulnDiscussion&gt;By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+
+From "faillock.conf" man pages: Note that the default directory that "pam_faillock" uses is usually cleared on system boot so the access will be re-enabled after system reboot. If that is undesirable, a different tally directory must be set with the "dir" option.
+
+SELinux, enforcing a targeted policy, will require any non-default tally directory's security context type to match the default directory's security context type. Without updating the security context type, the pam_faillock module will not write failed login attempts to the non-default tally directory.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000044</ident><ident system="http://cyber.mil/cci">CCI-002238</ident><fixtext fixref="F-53703r793001_fix">Configure RHEL 8 to allow the use of a non-default faillock tally directory while SELinux enforces a targeted policy.
+
+Create a non-default faillock tally directory (if it does not already exist) with the following example:
+
+$ sudo mkdir /var/log/faillock
+
+Update the /etc/selinux/targeted/contexts/files/file_contexts.local with "faillog_t" context type for the non-default faillock tally directory with the following command:
+
+$ sudo semanage fcontext -a -t faillog_t "/var/log/faillock(/.*)?"
+
+Next, update the context type of the non-default faillock directory/subdirectories and files with the following command:
+
+$ sudo restorecon -R -v /var/log/faillock</fixtext><fix id="F-53703r793001_fix" /><check system="C-53749r793000_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>If the system does not have SELinux enabled and enforcing a targeted policy, or if the pam_faillock module is not configured for use, this requirement is not applicable.
+
+Note: This check applies to RHEL versions 8.2 or newer. If the system is RHEL version 8.0 or 8.1, this check is not applicable.
+
+Verify the location of the non-default tally directory for the pam_faillock module with the following command:
+
+$ sudo grep -w dir /etc/security/faillock.conf
+
+dir = /var/log/faillock
+
+Check the security context type of the non-default tally directory with the following command:
+
+$ sudo ls -Zd /var/log/faillock
+
+unconfined_u:object_r:faillog_t:s0 /var/log/faillock
+
+If the security context type of the non-default tally directory is not "faillog_t", this is a finding.</check-content></check></Rule></Group><Group id="V-250316"><title>SRG-OS-000021-GPOS-00005</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-250316r793010_rule" weight="10.0" severity="medium"><version>RHEL-08-020028</version><title>RHEL 8 systems below version 8.2 must configure SELinux context type to allow the use of a non-default faillock tally directory.</title><description>&lt;VulnDiscussion&gt;By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
+
+From "Pam_Faillock" man pages: Note that the default directory that "pam_faillock" uses is usually cleared on system boot so the access will be reenabled after system reboot. If that is undesirable, a different tally directory must be set with the "dir" option.
+
+SELinux, enforcing a targeted policy, will require any non-default tally directory's security context type to match the default directory's security context type. Without updating the security context type, the pam_faillock module will not write failed login attempts to the non-default tally directory.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000044</ident><ident system="http://cyber.mil/cci">CCI-002238</ident><fixtext fixref="F-53704r793004_fix">Configure RHEL 8 to allow the use of a non-default faillock tally directory while SELinux enforces a targeted policy.
+
+Update the /etc/selinux/targeted/contexts/files/file_contexts.local with "faillog_t" context type for the non-default faillock tally directory with the following command:
+
+$ sudo semanage fcontext -a -t faillog_t "/var/log/faillock(/.*)?"
+
+Next, update the context type of the non-default faillock directory/subdirectories and files with the following command:
+
+$ sudo restorecon -R -v /var/log/faillock</fixtext><fix id="F-53704r793004_fix" /><check system="C-53750r793003_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>If the system does not have SELinux enabled and enforcing a targeted policy, or if the pam_faillock module is not configured for use, this requirement is not applicable.
+
+Note: This check applies to RHEL versions 8.0 and 8.1. If the system is RHEL version 8.2 or newer, this check is not applicable.
+
+Verify the location of the non-default tally directory for the pam_faillock module with the following command:
+
+$ sudo grep -w dir /etc/pam.d/password-auth
+
+auth required pam_faillock.so preauth dir=/var/log/faillock
+auth required pam_faillock.so authfail dir=/var/log/faillock
+
+Check the security context type of the non-default tally directory with the following command:
+
+$ sudo ls -Zd /var/log/faillock
+
+unconfined_u:object_r:faillog_t:s0 /var/log/faillock
+
+If the security context type of the non-default tally directory is not "faillog_t", this is a finding.</check-content></check></Rule></Group><Group id="V-250317"><title>SRG-OS-000480-GPOS-00227</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-250317r793008_rule" weight="10.0" severity="medium"><version>RHEL-08-040259</version><title>RHEL 8 must not enable IPv4 packet forwarding unless the system is a router.</title><description>&lt;VulnDiscussion&gt;Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
+
+The sysctl --system command will load settings from all system configuration files. All configuration files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same option, the entry in the file with the lexicographically latest name will take precedence. Files are read from directories in the following list from top to bottom. Once a file of a given filename is loaded, any file of the same name in subsequent directories is ignored.
+/etc/sysctl.d/*.conf
+/run/sysctl.d/*.conf
+/usr/local/lib/sysctl.d/*.conf
+/usr/lib/sysctl.d/*.conf
+/lib/sysctl.d/*.conf
+/etc/sysctl.conf
+
+Based on the information above, if a configuration file that begins with "99-" is created in the "/etc/sysctl.d/" directory, it will take precedence over any other configuration file on the system.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000366</ident><fixtext fixref="F-53705r793007_fix">Configure RHEL 8 to not allow IPv4 packet forwarding, unless the system is a router.
+
+Add or edit the following line in a system configuration file, which begins with "99-", in the "/etc/sysctl.d/" directory:
+
+net.ipv4.conf.all.forwarding=0
+
+Load settings from all system configuration files with the following command:
+
+$ sudo sysctl --system</fixtext><fix id="F-53705r793007_fix" /><check system="C-53751r793006_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>Verify RHEL 8 is not performing IPv4 packet forwarding, unless the system is a router.
+
+Note: If IPv4 is disabled on the system, this requirement is Not Applicable.
+
+Check that IPv4 forwarding is disabled using the following command:
+
+$ sudo sysctl net.ipv4.ip_forward
+
+net.ipv4.ip_forward = 0
+If the IPv4 forwarding value is not "0" and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding.
+
+Check that the configuration files are present to enable this network parameter.
+
+$ sudo grep -r net.ipv4.conf.all.forwarding /etc/sysctl.d/*.conf
+
+/etc/sysctl.d/99-sysctl.conf: net.ipv4.conf.all.forwarding = 0
+
+If "net.ipv4.conf.all.forwarding" is not set to "0", is missing or commented out, this is a finding.
+
+If the configuration file does not begin with "99-", this is a finding.</check-content></check></Rule></Group></Benchmark>
\ No newline at end of file
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
index ca0097b..e4f9dd8 100644
--- a/tests/data/profile_stability/rhel8/stig.profile
+++ b/tests/data/profile_stability/rhel8/stig.profile
@@ -58,7 +58,9 @@ selections:
- accounts_passwords_pam_faillock_interval
- accounts_passwords_pam_faillock_unlock_time
- accounts_umask_etc_bashrc
+- accounts_umask_etc_csh_cshrc
- accounts_umask_etc_login_defs
+- accounts_umask_etc_profile
- accounts_umask_interactive_users
- accounts_user_dot_no_world_writable_programs
- accounts_user_home_paths_only
diff --git a/tests/data/profile_stability/rhel8/stig_gui.profile b/tests/data/profile_stability/rhel8/stig_gui.profile
index 3533208..d37d2ec 100644
--- a/tests/data/profile_stability/rhel8/stig_gui.profile
+++ b/tests/data/profile_stability/rhel8/stig_gui.profile
@@ -69,7 +69,9 @@ selections:
- accounts_passwords_pam_faillock_interval
- accounts_passwords_pam_faillock_unlock_time
- accounts_umask_etc_bashrc
+- accounts_umask_etc_csh_cshrc
- accounts_umask_etc_login_defs
+- accounts_umask_etc_profile
- accounts_umask_interactive_users
- accounts_user_dot_no_world_writable_programs
- accounts_user_home_paths_only