From 1c4d76853efcd70303a161453ffb123fa56f14df Mon Sep 17 00:00:00 2001 From: svet-se Date: Mon, 12 Aug 2024 14:35:43 +0300 Subject: [PATCH 01/12] Add rule auditd_data_retention_action_mail_acct to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../ansible/shared.yml | 2 +- .../auditd_data_retention_action_mail_acct/bash/shared.sh | 2 +- .../auditd_data_retention_action_mail_acct/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 6 ++++++ 5 files changed, 12 insertions(+), 4 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 21c5ee370a6..b3e78c30084 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -1406,8 +1406,9 @@ controls: title: The information system security officer (ISSO) and system administrator (SA), at a minimum, must be alerted of a SLEM 5 audit processing failure event. - rules: [] - status: pending + rules: + - auditd_data_retention_action_mail_acct + status: automated - id: SLEM-05-654010 levels: diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml index b82e6d174b0..bcb4b0de974 100644 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh index dfb8d30350a..06d79abb634 100644 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu {{{ bash_instantiate_variables("var_auditd_action_mail_acct") }}} diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml index 5128e09d4a6..2bfe7c43d08 100644 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml @@ -22,6 +22,7 @@ identifiers: cce@rhel10: CCE-89081-4 cce@sle12: CCE-83030-7 cce@sle15: CCE-85604-7 + cce@slmicro5: CCE-93677-3 references: cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 0db22fc3610..8bcb6b95e88 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -12,6 +12,12 @@ CCE-93668-2 CCE-93669-0 CCE-93670-8 CCE-93677-3 +CCE-93671-6 +CCE-93672-4 +CCE-93673-2 +CCE-93674-0 +CCE-93675-7 +CCE-93676-5 CCE-93678-1 CCE-93679-9 CCE-93680-7 From 672ccf07afb77032d1955c7fa81fa280ceded225 Mon Sep 17 00:00:00 2001 From: svet-se Date: Mon, 12 Aug 2024 14:38:42 +0300 Subject: [PATCH 02/12] Add rule postfix_client_configure_mail_alias to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../postfix_client_configure_mail_alias/ansible/shared.yml | 2 +- .../postfix_client_configure_mail_alias/bash/shared.sh | 2 +- .../postfix_client_configure_mail_alias/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index b3e78c30084..a58256ade21 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -1397,8 +1397,9 @@ controls: The information system security officer (ISSO) and system administrator (SA), at a minimum, must have mail aliases to be notified of a SLEM 5 audit processing failure. - rules: [] - status: pending + rules: + - postfix_client_configure_mail_alias + status: automated - id: SLEM-05-653080 levels: diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml index 3a86771d616..a0330236a11 100644 --- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml +++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_debian +# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh index 743d477751d..001ead7d6b5 100644 --- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh +++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_debian +# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian {{{ bash_instantiate_variables("var_postfix_root_mail_alias") }}} diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml index e465d94f9f4..2b5a6097ebf 100644 --- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml +++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml @@ -24,6 +24,7 @@ identifiers: cce@rhel10: CCE-87937-9 cce@sle12: CCE-83031-5 cce@sle15: CCE-85605-4 + cce@slmicro5: CCE-93678-1 references: disa: CCI-000139,CCI-000366 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 8bcb6b95e88..286813060f1 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -18,7 +18,6 @@ CCE-93673-2 CCE-93674-0 CCE-93675-7 CCE-93676-5 -CCE-93678-1 CCE-93679-9 CCE-93680-7 CCE-93681-5 From d57683617ea437624533ee5fefeb610e47057a29 Mon Sep 17 00:00:00 2001 From: svet-se Date: Mon, 12 Aug 2024 14:43:25 +0300 Subject: [PATCH 03/12] Add rule auditd_data_disk_full_action to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../auditd_data_disk_full_action/ansible/shared.yml | 2 +- .../auditd_data_disk_full_action/bash/shared.sh | 2 +- .../auditd_data_disk_full_action/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index a58256ade21..5ea989d34d3 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -1328,8 +1328,9 @@ controls: title: SLEM 5 audit system must take appropriate action when the audit storage volume is full. - rules: [] - status: pending + rules: + - auditd_data_disk_full_action + status: automated - id: SLEM-05-653040 levels: diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml index 0adf2b5382e..4205bb067f2 100644 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh index ce4f4d02900..698076ac8b0 100644 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu {{{ bash_instantiate_variables("var_auditd_disk_full_action") }}} diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml index 5b13ec28091..e595e81c25c 100644 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml @@ -31,6 +31,7 @@ identifiers: cce@rhel10: CCE-88198-7 cce@sle12: CCE-83032-3 cce@sle15: CCE-85606-2 + cce@slmicro5: CCE-93679-9 references: cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index 286813060f1..f8de29733f1 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -18,7 +18,6 @@ CCE-93673-2 CCE-93674-0 CCE-93675-7 CCE-93676-5 -CCE-93679-9 CCE-93680-7 CCE-93681-5 CCE-93682-3 From 913b9e395a0c1a8e59d10c2d08cadd61423bfedf Mon Sep 17 00:00:00 2001 From: svet-se Date: Mon, 12 Aug 2024 14:53:50 +0300 Subject: [PATCH 04/12] Add rule smartcard_configure_ca to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../smartcard_configure_ca/ansible/shared.yml | 2 +- .../smartcard_configure_ca/bash/{sle15.sh => shared.sh} | 2 +- .../smart_card_login/smartcard_configure_ca/rule.yml | 1 + shared/references/cce-slmicro5-avail.txt | 1 - 5 files changed, 6 insertions(+), 5 deletions(-) rename linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/bash/{sle15.sh => shared.sh} (81%) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index 5ea989d34d3..e663112f577 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -1199,8 +1199,9 @@ controls: SLEM 5, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor. - rules: [] - status: pending + rules: + - smartcard_configure_ca + status: automated - id: SLEM-05-631025 levels: diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/ansible/shared.yml index 12ad81e12dc..8b603a9d2d2 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle +# platform = multi_platform_sle,multi_platform_slmicro # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/bash/sle15.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/bash/shared.sh similarity index 81% rename from linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/bash/sle15.sh rename to linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/bash/shared.sh index 3df62214bbf..b2df8fd1d71 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/bash/sle15.sh +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_sle +# platform = multi_platform_sle,multi_platform_slmicro if rpm -qa pam_pkcs11; then if grep "^\s*cert_policy" /etc/pam_pkcs11/pam_pkcs11.conf | grep -q "ca"; then diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/rule.yml index b1901a0eae9..537ec2ea0a3 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_ca/rule.yml @@ -26,6 +26,7 @@ severity: medium identifiers: cce@sle12: CCE-83198-2 cce@sle15: CCE-83272-5 + cce@slmicro5: CCE-93680-7 references: disa: CCI-000185,CCI-001991 diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt index f8de29733f1..79c81b88e08 100644 --- a/shared/references/cce-slmicro5-avail.txt +++ b/shared/references/cce-slmicro5-avail.txt @@ -18,7 +18,6 @@ CCE-93673-2 CCE-93674-0 CCE-93675-7 CCE-93676-5 -CCE-93680-7 CCE-93681-5 CCE-93682-3 CCE-93683-1 From 66a5c2e25a808f93da50381a8f361d8ed74c5ddb Mon Sep 17 00:00:00 2001 From: svet-se Date: Mon, 12 Aug 2024 15:07:02 +0300 Subject: [PATCH 05/12] Add rule set_password_hashing_algorithm_systemauth to sle micro 5 stig profile --- controls/stig_slmicro5.yml | 5 +++-- .../ansible/shared.yml | 2 +- .../bash/shared.sh | 2 +- .../oval/shared.xml | 2 +- .../set_password_hashing_algorithm_systemauth/rule.yml | 9 +++++---- shared/references/cce-slmicro5-avail.txt | 1 - 6 files changed, 11 insertions(+), 10 deletions(-) diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml index e663112f577..c9faf4d9a26 100644 --- a/controls/stig_slmicro5.yml +++ b/controls/stig_slmicro5.yml @@ -1063,8 +1063,9 @@ controls: title: SLEM 5 must configure the Linux Pluggable Authentication Modules (PAM) to only store encrypted representations of passwords. - rules: [] - status: pending + rules: + - set_password_hashing_algorithm_systemauth + status: automated - id: SLEM-05-611055 levels: diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/ansible/shared.yml index 8b717252d02..f31a2e021c9 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/ansible/shared.yml @@ -4,7 +4,7 @@ # complexity = low # disruption = medium -{{% if product in ["sle15", "sle12"] -%}} +{{% if product in ["sle15", "sle12", "slmicro5"] -%}} {{%- set pam_file="/etc/pam.d/common-password" %}} {{%- set control="required" %}} {{%- else -%}} diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh index 5f06dd45be5..18f72ed0e13 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh @@ -2,7 +2,7 @@ {{{ bash_instantiate_variables("var_password_hashing_algorithm_pam") }}} -{{% if 'sle' in product -%}} +{{% if 'sle' in product or 'slmicro' in product -%}} PAM_FILE_PATH="/etc/pam.d/common-password" CONTROL="required" {{%- elif 'ubuntu' in product -%}} diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/oval/shared.xml index 92394228ad0..c599abe49f5 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/oval/shared.xml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/oval/shared.xml @@ -6,7 +6,7 @@ - {{% if product in ['sle12', 'sle15'] %}} + {{% if product in ['sle12', 'sle15', 'slmicro5'] %}} {{% set pam_file = "/etc/pam.d/common-password" %}} {{% set line_pattern = "^[\s]*password[\s]+(?:(?:required))[\s]+pam_unix\.so[\s]+" %}} {{% elif 'ubuntu' in product %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml index 446d1abb3ff..c61a2255371 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml @@ -2,7 +2,7 @@ documentation_complete: true title: "Set PAM''s Password Hashing Algorithm" -{{% if product in ["sle12", "sle15"] or 'ubuntu' in product %}} +{{% if product in ["sle12", "sle15", "slmicro5"] or 'ubuntu' in product %}} {{% set pam_passwd_file_path = "/etc/pam.d/common-password" %}} {{% else %}} {{% set pam_passwd_file_path = "/etc/pam.d/system-auth" %}} @@ -17,7 +17,7 @@ description: |- {{{ xccdf_value("var_password_hashing_algorithm_pam") }}} and no other hashing algorithms as shown below:
- {{% if product in ["sle12", "sle15"] %}} + {{% if product in ["sle12", "sle15", "slmicro5"] %}} 
password    required    pam_unix.so {{{ xccdf_value("var_password_hashing_algorithm_pam") }}} other arguments...
{{% elif 'ubuntu' in product %}} 
password    [success=1 default=ignore]   pam_unix.so {{{ xccdf_value("var_password_hashing_algorithm_pam") }}} other arguments...
@@ -47,6 +47,7 @@ identifiers: cce@rhel10: CCE-88697-8 cce@sle12: CCE-83184-2 cce@sle15: CCE-85565-0 + cce@slmicro5: CCE-93681-5 references: cis-csc: 1,12,15,16,5 @@ -77,7 +78,7 @@ ocil: |- {{{ xccdf_value("var_password_hashing_algorithm_pam") }}}: 
$ sudo grep "^password.*pam_unix\.so.*{{{ xccdf_value("var_password_hashing_algorithm_pam") }}}" {{{ pam_passwd_file_path }}}
-    {{% if product in ["sle12", "sle15"] -%}}
+    {{% if product in ["sle12", "sle15", "slmicro5"] -%}}
     password required pam_unix.so {{{ xccdf_value("var_password_hashing_algorithm_pam") }}}
     {{% elif 'ubuntu' in product %}}
     password [success=1 default=ignore] pam_unix.so {{{ xccdf_value("var_password_hashing_algorithm_pam") }}}
@@ -97,7 +98,7 @@ fixtext: |-
 
     Edit/modify the following line in the "{{{ pam_passwd_file_path }}}" file to include the {{{ xccdf_value("var_password_hashing_algorithm_pam") }}}
     option for pam_unix.so:
-    {{% if product in ['sle12', 'sle15'] -%}}
+    {{% if product in ['sle12', 'sle15', 'slmicro5'] -%}}
     password required pam_unix.so {{{ xccdf_value("var_password_hashing_algorithm_pam") }}}
     {{% elif 'ubuntu' in product %}}
     password [success=1 default=ignore] pam_unix.so {{{ xccdf_value("var_password_hashing_algorithm_pam") }}}
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 79c81b88e08..881fed7e2f7 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -18,7 +18,6 @@ CCE-93673-2
 CCE-93674-0
 CCE-93675-7
 CCE-93676-5
-CCE-93681-5
 CCE-93682-3
 CCE-93683-1
 CCE-93684-9

From 01fa5a5d1a5aa04cb6df91fb238871acec325d42 Mon Sep 17 00:00:00 2001
From: svet-se 
Date: Mon, 12 Aug 2024 16:46:17 +0300
Subject: [PATCH 06/12] Add rule install_smartcard_packages to sle micro 5 stig
 profile

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../install_smartcard_packages/oval/shared.xml               | 2 +-
 .../smart_card_login/install_smartcard_packages/rule.yml     | 5 +++--
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index c9faf4d9a26..97743cb5e34 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1156,8 +1156,9 @@ controls:
       title:
           SLEM 5 must have the packages required for multifactor authentication to
           be installed.
-      rules: []
-      status: pending
+      rules:
+          - install_smartcard_packages
+      status: automated
     
     - id: SLEM-05-612015
       levels:
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml
index 3d29e22e5c1..56e457984a5 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml
@@ -1,4 +1,4 @@
-{{% if product in ["sle12"] %}}
+{{% if product in ["sle12", "slmicro5"] %}}
 {{% set smartcard_packages = ['pam_pkcs11', 'mozilla-nss', 'mozilla-nss-tools', 'pcsc-ccid', 'pcsc-lite', 'pcsc-tools', 'opensc', 'coolkey'] %}}
 {{% elif product in ["sle15"] %}}
 {{% set smartcard_packages = ['pam_pkcs11', 'mozilla-nss', 'mozilla-nss-tools', 'pcsc-ccid', 'pcsc-lite', 'pcsc-tools', 'opensc'] %}}
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
index 7d96e885d5e..44f776912b0 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
@@ -1,4 +1,4 @@
-{{% if product in ["sle12"] %}}
+{{% if product in ["sle12", "slmicro5"] %}}
 {{% set smartcard_packages = ['pam_pkcs11', 'mozilla-nss', 'mozilla-nss-tools', 'pcsc-ccid', 'pcsc-lite', 'pcsc-tools', 'opensc', 'coolkey'] %}}
 {{% elif product in ["sle15"] %}}
 {{% set smartcard_packages = ['pam_pkcs11', 'mozilla-nss', 'mozilla-nss-tools', 'pcsc-ccid', 'pcsc-lite', 'pcsc-tools', 'opensc'] %}}
@@ -44,6 +44,7 @@ identifiers:
     cce@rhel10: CCE-86642-6
     cce@sle12: CCE-83177-6
     cce@sle15: CCE-83292-3
+    cce@slmicro5: CCE-93761-5
 
 references:
     disa: CCI-000765,CCI-001948,CCI-001953,CCI-001954
@@ -66,7 +67,7 @@ ocil: |-
     {{{ ocil_package(package=pkg) }}}
     {{% endfor %}}
 
-{{% if product not in ["sle12", "sle15"] %}}
+{{% if product not in ["sle12", "sle15", "slmicro5"] %}}
 template:
     name: package_installed
     vars:
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 881fed7e2f7..b44bde79040 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -91,7 +91,6 @@ CCE-93757-3
 CCE-93758-1
 CCE-93759-9
 CCE-93760-7
-CCE-93761-5
 CCE-93762-3
 CCE-93763-1
 CCE-93764-9

From fc186b15896ffeee7fefb4f80e60d46ec52b0d44 Mon Sep 17 00:00:00 2001
From: svet-se 
Date: Mon, 12 Aug 2024 16:56:01 +0300
Subject: [PATCH 07/12] Fix rule install_smartcard_packages

---
 .../ansible/slmicro5.yml                      | 22 +++++++++++++++++++
 .../bash/slmicro5.sh                          | 12 ++++++++++
 .../oval/shared.xml                           |  2 +-
 3 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/ansible/slmicro5.yml
 create mode 100644 linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/bash/slmicro5.sh

diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/ansible/slmicro5.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/ansible/slmicro5.yml
new file mode 100644
index 00000000000..f3d1d377f9e
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/ansible/slmicro5.yml
@@ -0,0 +1,22 @@
+# platform = multi_platform_slmicro
+# reboot = false
+# strategy = enable
+# complexity = low
+# disruption = low
+
+- name: Set smartcard packages fact
+  set_fact:
+    smartcard_packages:
+      - pam_pkcs11
+      - mozilla-nss
+      - mozilla-nss-tools
+      - pcsc-ccid
+      - pcsc-lite
+      - pcsc-tools
+      - opensc
+      - coolkey
+
+- name: Ensure {{ smartcard_packages }} are installed
+  package:
+    name: "{{ smartcard_packages }}"
+    state: present
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/bash/slmicro5.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/bash/slmicro5.sh
new file mode 100644
index 00000000000..fb3c6b880c0
--- /dev/null
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/bash/slmicro5.sh
@@ -0,0 +1,12 @@
+# platform = multi_platform_slmicro
+# reboot = false
+# strategy = enable
+# complexity = low
+# disruption = low
+
+SMARTCARD_PACKAGES=( "pam_pkcs11"  "mozilla-nss"  "mozilla-nss-tools"  "pcsc-ccid"  "pcsc-lite"  "pcsc-tools"  "opensc" "coolkey")
+
+for PKGNAME in "${SMARTCARD_PACKAGES[@]}"
+do
+    {{{ bash_package_install(package="$PKGNAME") }}}
+done
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml
index 56e457984a5..a969d57af98 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/oval/shared.xml
@@ -13,7 +13,7 @@
 
   
-    {{{ oval_metadata("The " + pkg_system|upper + " packages " + smartcard_packages|join(',') + " should be installed.", affected_platforms=["multi_platform_sle"]) }}}
+    {{{ oval_metadata("The " + pkg_system|upper + " packages " + smartcard_packages|join(',') + " should be installed.", affected_platforms=["multi_platform_sle", "multi_platform_slmicro"]) }}}
     
 {{% for pkg in smartcard_packages %}}
       
Date: Mon, 12 Aug 2024 17:03:59 +0300
Subject: [PATCH 08/12] Add rule set_password_hashing_min_rounds_logindefs to
 sle micro 5 stig profile

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../set_password_hashing_min_rounds_logindefs/rule.yml       | 1 +
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index 97743cb5e34..ae179bf530e 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1120,8 +1120,9 @@ controls:
       title:
           SLEM 5 shadow password suite must be configured to use a sufficient number
           of hashing rounds.
-      rules: []
-      status: pending
+      rules:
+          - set_password_hashing_min_rounds_logindefs
+      status: automated
     
     - id: SLEM-05-611090
       levels:
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
index 7923dd7a771..be9d8a912b1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
@@ -29,6 +29,7 @@ identifiers:
     cce@rhel10: CCE-90508-3
     cce@sle12: CCE-83171-9
     cce@sle15: CCE-85567-6
+    cce@slmicro5: CCE-93682-3
 
 references:
     disa: CCI-000196,CCI-000803
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index b44bde79040..5efd737250d 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -18,7 +18,6 @@ CCE-93673-2
 CCE-93674-0
 CCE-93675-7
 CCE-93676-5
-CCE-93682-3
 CCE-93683-1
 CCE-93684-9
 CCE-93685-6

From 9a7d40bf659810bb59f7cc1a65a5a0ab221a7caa Mon Sep 17 00:00:00 2001
From: svet-se 
Date: Mon, 12 Aug 2024 17:14:20 +0300
Subject: [PATCH 09/12] Add rule accounts_minimum_age_login_defs to sle micro 5
 stig profile

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../accounts_minimum_age_login_defs/ansible/shared.yml       | 2 +-
 .../accounts_minimum_age_login_defs/rule.yml                 | 1 +
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index ae179bf530e..8235b2f34f0 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1139,8 +1139,9 @@ controls:
       title:
           SLEM 5 must be configured to create or update passwords with a minimum lifetime
           of 24 hours (one day).
-      rules: []
-      status: pending
+      rules:
+          - accounts_minimum_age_login_defs
+      status: automated
     
     - id: SLEM-05-611100
       levels:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
index 0c81c0ee5bb..6e22e90d7a5 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
index d556150e6e8..bc5fdfe7cb8 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
@@ -29,6 +29,7 @@ identifiers:
     cce@rhel10: CCE-89307-3
     cce@sle12: CCE-83042-2
     cce@sle15: CCE-85720-1
+    cce@slmicro5: CCE-93683-1
 
 references:
     cis-csc: 1,12,15,16,5
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 5efd737250d..e33d8db237f 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -18,7 +18,6 @@ CCE-93673-2
 CCE-93674-0
 CCE-93675-7
 CCE-93676-5
-CCE-93683-1
 CCE-93684-9
 CCE-93685-6
 CCE-93686-4

From 45c3182d9152c9c2a6214e8c5e41c608271fe40c Mon Sep 17 00:00:00 2001
From: svet-se 
Date: Mon, 12 Aug 2024 17:17:48 +0300
Subject: [PATCH 10/12] Add rule accounts_password_set_min_life_existing to sle
 micro 5 stig profile

---
 controls/stig_slmicro5.yml                                  | 6 ++++--
 .../accounts_password_set_min_life_existing/rule.yml        | 1 +
 shared/references/cce-slmicro5-avail.txt                    | 1 -
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index 8235b2f34f0..9f8a8e3d176 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1088,8 +1088,10 @@ controls:
       title:
           SLEM 5 must employ user passwords with a minimum lifetime of 24 hours (one
           day).
-      rules: []
-      status: pending
+      rules:
+          - accounts_password_set_min_life_existing
+          - var_accounts_minimum_age_login_defs=1
+      status: automated
     
     - id: SLEM-05-611070
       levels:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
index b48710adf00..9020b257f08 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
@@ -23,6 +23,7 @@ identifiers:
     cce@rhel10: CCE-87953-6
     cce@sle12: CCE-83049-7
     cce@sle15: CCE-85710-2
+    cce@slmicro5: CCE-93684-9
 
 references:
     cis@sle12: 5.4.1.3
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index e33d8db237f..62fc4990472 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -18,7 +18,6 @@ CCE-93673-2
 CCE-93674-0
 CCE-93675-7
 CCE-93676-5
-CCE-93684-9
 CCE-93685-6
 CCE-93686-4
 CCE-93687-2

From 5a606cce95c18a617dba15f86d46c11a900f0808 Mon Sep 17 00:00:00 2001
From: svet-se 
Date: Mon, 12 Aug 2024 17:21:36 +0300
Subject: [PATCH 11/12] Add rule accounts_maximum_age_login_defs to sle micro 5
 stig profile

---
 controls/stig_slmicro5.yml                                   | 5 +++--
 .../accounts_maximum_age_login_defs/ansible/shared.yml       | 2 +-
 .../accounts_maximum_age_login_defs/rule.yml                 | 1 +
 shared/references/cce-slmicro5-avail.txt                     | 1 -
 4 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index 9f8a8e3d176..cbed24daf71 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1151,8 +1151,9 @@ controls:
       title:
           SLEM 5 must be configured to create or update passwords with a maximum lifetime
           of 60 days.
-      rules: []
-      status: pending
+      rules:
+          - accounts_maximum_age_login_defs
+      status: automated
     
     - id: SLEM-05-612010
       levels:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
index 1e571bcbf7a..c4c2f7ba01f 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
index 1ce9ffa5e64..e3f3c9bc8ad 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
@@ -30,6 +30,7 @@ identifiers:
     cce@rhel10: CCE-87961-9
     cce@sle12: CCE-83050-5
     cce@sle15: CCE-85570-0
+    cce@slmicro5: CCE-93685-6
 
 references:
     cis-csc: 1,12,15,16,5
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 62fc4990472..e00907b5a27 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -18,7 +18,6 @@ CCE-93673-2
 CCE-93674-0
 CCE-93675-7
 CCE-93676-5
-CCE-93685-6
 CCE-93686-4
 CCE-93687-2
 CCE-93688-0

From e7786223c98880c0a3f9948e096728afd6af213a Mon Sep 17 00:00:00 2001
From: svet-se 
Date: Mon, 12 Aug 2024 17:24:23 +0300
Subject: [PATCH 12/12] Add rule accounts_password_set_max_life_existing to sle
 micro 5 stig profile

---
 controls/stig_slmicro5.yml                                  | 6 ++++--
 .../ansible/shared.yml                                      | 2 +-
 .../accounts_password_set_max_life_existing/bash/shared.sh  | 2 +-
 .../accounts_password_set_max_life_existing/rule.yml        | 1 +
 shared/references/cce-slmicro5-avail.txt                    | 1 -
 5 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index cbed24daf71..732a0a927b7 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1097,8 +1097,10 @@ controls:
       levels:
           - medium
       title: SLEM 5 must employ user passwords with a maximum lifetime of 60 days.
-      rules: []
-      status: pending
+      rules:
+          - accounts_password_set_max_life_existing
+          - var_accounts_maximum_age_login_defs=60
+      status: automated
     
     - id: SLEM-05-611075
       levels:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
index 4fabdb857c5..18974ea6cdc 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ol
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
index 8ff7cba199c..7d6bc11f9d9 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
index 5295dd631a5..49552e4bc3b 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
@@ -23,6 +23,7 @@ identifiers:
     cce@rhel10: CCE-87137-6
     cce@sle12: CCE-83041-4
     cce@sle15: CCE-85571-8
+    cce@slmicro5: CCE-93686-4
 
 references:
     cis@sle12: 5.4.1.2
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index e00907b5a27..b7976d8d817 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -18,7 +18,6 @@ CCE-93673-2
 CCE-93674-0
 CCE-93675-7
 CCE-93676-5
-CCE-93686-4
 CCE-93687-2
 CCE-93688-0
 CCE-93689-8