diff --git a/components/filesystem.yml b/components/filesystem.yml
index 35ff26a0907..dfa22e9730b 100644
--- a/components/filesystem.yml
+++ b/components/filesystem.yml
@@ -36,6 +36,7 @@ rules:
 - file_groupowner_etc_passwd
 - file_groupowner_etc_shadow
 - file_groupowner_etc_shells
+- file_groupowner_systemmap
 - file_groupowner_var_log
 - file_groupowner_var_log_messages
 - file_groupowner_var_log_syslog
@@ -51,6 +52,7 @@ rules:
 - file_owner_etc_passwd
 - file_owner_etc_shells
 - file_owner_etc_shadow
+- file_owner_systemmap
 - file_owner_var_log
 - file_owner_var_log_messages
 - file_owner_var_log_syslog
diff --git a/controls/anssi.yml b/controls/anssi.yml
index d67535c001c..f945b20c95c 100644
--- a/controls/anssi.yml
+++ b/controls/anssi.yml
@@ -710,8 +710,10 @@ controls:
       - file_owner_user_cfg
       - file_permissions_efi_user_cfg
       - file_permissions_user_cfg
+      - file_groupowner_systemmap
+      - file_owner_systemmap
+      - file_permissions_systemmap
     related_rules:
-      - file_permissions_systemmap # missing remediation
       - mount_option_boot_noauto
 
   - id: R30
diff --git a/linux_os/guide/system/permissions/files/file_groupowner_systemmap/rule.yml b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/rule.yml
new file mode 100644
index 00000000000..81fe104ffe0
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/rule.yml
@@ -0,0 +1,35 @@
+documentation_complete: true
+
+title: 'Verify Group Who Owns System.map Files'
+
+description: |-
+    The System.map files are symbol map files generated during the compilation of the Linux
+    kernel. They contain the mapping between kernel symbols and their corresponding memory
+    addresses. These files must be group-owned by root.
+
+    {{{ describe_file_group_owner(file="/boot/System.map*", group="root") }}}
+
+rationale: |-
+    The purpose of <tt>System.map</tt> files is primarily for debugging and profiling the kernel.
+    Unrestricted access to these files might disclose information useful to attackers and
+    malicious software leading to more sophisticated exploitation.
+
+severity: low
+
+identifiers:
+    cce@rhel7: CCE-86582-4
+    cce@rhel8: CCE-86583-2
+    cce@rhel9: CCE-86584-0
+
+ocil_clause: '{{{ ocil_clause_file_group_owner(file="/boot/System.map*", group="root") }}}'
+
+ocil: |-
+    {{{ ocil_file_group_owner(file="/boot/System.map*", group="root") }}}
+
+template:
+    name: file_groupowner
+    vars:
+        filepath: /boot/
+        file_regex: ^.*System\.map.*$
+        gid_or_name: root
+        missing_file_pass: 'true'
diff --git a/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/correct_groupowner.pass.sh b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/correct_groupowner.pass.sh
new file mode 100644
index 00000000000..e20f401551a
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/correct_groupowner.pass.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+mktemp -p /boot System.map-5.99.0-XXX
+chgrp root /boot/System.map*
diff --git a/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/correct_groupowner_multiple_files.pass.sh b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/correct_groupowner_multiple_files.pass.sh
new file mode 100644
index 00000000000..ef513651449
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/correct_groupowner_multiple_files.pass.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+mktemp -p /boot System.map-5.99.0-XXX
+mktemp -p /boot System.map-5.99.0-XXX
+chgrp root /boot/System.map*
diff --git a/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/incorrect_groupowner.fail.sh b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/incorrect_groupowner.fail.sh
new file mode 100644
index 00000000000..ce5f055e3f0
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/incorrect_groupowner.fail.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+FAKE_FILE=$(mktemp -p /boot System.map-5.99.0-XXX)
+chgrp 5 $FAKE_FILE
diff --git a/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/incorrect_groupowner_multiple_files.fail.sh b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/incorrect_groupowner_multiple_files.fail.sh
new file mode 100644
index 00000000000..437c5ec0687
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/incorrect_groupowner_multiple_files.fail.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+FAKE_FILE1=$(mktemp -p /boot System.map-5.99.0-XXX)
+chgrp root $FAKE_FILE1
+
+FAKE_FILE2=$(mktemp -p /boot System.map-5.99.0-XXX)
+chgrp 5 $FAKE_FILE2
diff --git a/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/missing_file_test.pass.sh b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/missing_file_test.pass.sh
new file mode 100644
index 00000000000..2e51f833751
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_groupowner_systemmap/tests/missing_file_test.pass.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+rm -f /boot/System.map*
diff --git a/linux_os/guide/system/permissions/files/file_owner_systemmap/rule.yml b/linux_os/guide/system/permissions/files/file_owner_systemmap/rule.yml
new file mode 100644
index 00000000000..8463baee299
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_owner_systemmap/rule.yml
@@ -0,0 +1,35 @@
+documentation_complete: true
+
+title: 'Verify User Who Owns System.map Files'
+
+description: |-
+    The System.map files are symbol map files generated during the compilation of the Linux
+    kernel. They contain the mapping between kernel symbols and their corresponding memory
+    addresses. These files must be owned by root.
+
+    {{{ describe_file_owner(file="/boot/System.map*", owner="root") }}}
+
+rationale: |-
+    The purpose of <tt>System.map</tt> files is primarily for debugging and profiling the kernel.
+    Unrestricted access to these files might disclose information useful to attackers and
+    malicious software leading to more sophisticated exploitation.
+
+severity: low
+
+identifiers:
+    cce@rhel7: CCE-86585-7
+    cce@rhel8: CCE-86586-5
+    cce@rhel9: CCE-86587-3
+
+ocil_clause: '{{{ ocil_clause_file_owner(file="/boot/System.map*", owner="root") }}}'
+
+ocil: |-
+    {{{ ocil_file_owner(file="/boot/System.map*", owner="root") }}}
+
+template:
+    name: file_owner
+    vars:
+        filepath: /boot/
+        file_regex: ^.*System\.map.*$
+        fileuid: '0'
+        missing_file_pass: 'true'
diff --git a/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/correct_owner.pass.sh
new file mode 100644
index 00000000000..a103dfcee39
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/correct_owner.pass.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+mktemp -p /boot System.map-5.99.0-XXX
+chown root /boot/System.map*
diff --git a/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/correct_owner_multiple_files.pass.sh b/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/correct_owner_multiple_files.pass.sh
new file mode 100644
index 00000000000..c9ee6abd04c
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/correct_owner_multiple_files.pass.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+mktemp -p /boot System.map-5.99.0-XXX
+mktemp -p /boot System.map-5.99.0-XXX
+chown root /boot/System.map*
diff --git a/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/incorrect_owner.fail.sh
new file mode 100644
index 00000000000..e6af0371eb6
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/incorrect_owner.fail.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+FAKE_FILE=$(mktemp -p /boot System.map-5.99.0-XXX)
+chown 5 $FAKE_FILE
diff --git a/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/incorrect_owner_multiple_files.fail.sh b/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/incorrect_owner_multiple_files.fail.sh
new file mode 100644
index 00000000000..402929da102
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/incorrect_owner_multiple_files.fail.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+FAKE_FILE1=$(mktemp -p /boot System.map-5.99.0-XXX)
+chown root $FAKE_FILE1
+
+FAKE_FILE2=$(mktemp -p /boot System.map-5.99.0-XXX)
+chown 5 $FAKE_FILE2
diff --git a/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/missing_file_test.pass.sh b/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/missing_file_test.pass.sh
new file mode 100644
index 00000000000..2e51f833751
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_owner_systemmap/tests/missing_file_test.pass.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+rm -f /boot/System.map*
diff --git a/linux_os/guide/system/permissions/files/file_permissions_systemmap/oval/shared.xml b/linux_os/guide/system/permissions/files/file_permissions_systemmap/oval/shared.xml
deleted file mode 100644
index d6140d865da..00000000000
--- a/linux_os/guide/system/permissions/files/file_permissions_systemmap/oval/shared.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<def-group>
-  <definition class="compliance" id="file_permissions_systemmap" version="1">
-    {{{ oval_metadata("
-        Checks that /boot/System.map-* are only readable by root.
-      ") }}}
-    <criteria operator="AND">
-      <criterion test_ref="test_permissions_systemmap_files" />
-    </criteria>
-  </definition>
-
-  <unix:file_test  check="all" check_existence="all_exist" comment="system.map files readable only by root" id="test_permissions_systemmap_files" version="1">
-    <unix:object object_ref="object_file_permissions_systemmap_files" />
-    <unix:state state_ref="state_owner_systemmap" />
-    <unix:state state_ref="state_file_permissions_systemmap" />
-  </unix:file_test>
-
-  <unix:file_object comment="system.mapfiles" id="object_file_permissions_systemmap_files" version="1">
-    <!-- Check that /boot/System.map-* files is readable only by root -->
-    <unix:path>/boot</unix:path>
-    <unix:filename operation="pattern match">^System\.map.*$</unix:filename>
-  </unix:file_object>
-
-  <unix:file_state id="state_owner_systemmap" version="1">
-    <unix:user_id datatype="int" operation="equals">0</unix:user_id>
-  </unix:file_state>
-
-  <unix:file_state id="state_file_permissions_systemmap" version="1">
-    <unix:suid datatype="boolean">false</unix:suid>
-    <unix:sgid datatype="boolean">false</unix:sgid>
-    <unix:sticky datatype="boolean">false</unix:sticky>
-    <unix:uexec datatype="boolean">false</unix:uexec>
-    <unix:gread datatype="boolean">false</unix:gread>
-    <unix:gwrite datatype="boolean">false</unix:gwrite>
-    <unix:gexec datatype="boolean">false</unix:gexec>
-    <unix:oread datatype="boolean">false</unix:oread>
-    <unix:owrite datatype="boolean">false</unix:owrite>
-    <unix:oexec datatype="boolean">false</unix:oexec>
-  </unix:file_state>
-
-</def-group>
diff --git a/linux_os/guide/system/permissions/files/file_permissions_systemmap/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_systemmap/rule.yml
index 3f83fcd33dd..2c6b0ab7525 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_systemmap/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_systemmap/rule.yml
@@ -1,22 +1,36 @@
 documentation_complete: true
 
-title: 'Verify that local System.map file (if exists) is readable only by root'
+title: 'Verify Permissions on System.map Files'
 
 description: |-
-    Files containing sensitive informations should be protected by restrictive
-      permissions. Most of the time, there is no need that these files need to be read by any non-root user
-    {{{ describe_file_permissions(file="/boot/System.map-*", perms="0600") }}}
+    The System.map files are symbol map files generated during the compilation of the Linux
+    kernel. They contain the mapping between kernel symbols and their corresponding memory
+    addresses. In general, there is no need for non-root users to read these files.
+
+    {{{ describe_file_permissions(file="/boot/System.map*", perms="0600") }}}
 
 rationale: |-
-    The <tt>System.map</tt> file contains information about kernel symbols and
-      can give some hints to generate local exploitation.
+    The purpose of <tt>System.map</tt> files is primarily for debugging and profiling the kernel.
+    Unrestricted access to these files might disclose information useful to attackers and
+    malicious software leading to more sophisticated exploitation.
 
-severity: unknown
+severity: low
 
 identifiers:
     cce@rhel7: CCE-82350-0
     cce@rhel8: CCE-82892-1
+    cce@rhel9: CCE-86581-6
 
+ocil_clause: '{{{ ocil_clause_file_permissions(file="/boot/System.map*", perms="-rw-------") }}}'
 
 ocil: |-
-    {{{ ocil_file_permissions(file="/boot/Sysem.map-*", perms="-rw-------") }}}
+    {{{ ocil_file_permissions(file="/boot/System.map*", perms="-rw-------") }}}
+
+template:
+    name: file_permissions
+    vars:
+        filepath: /boot/
+        file_regex: ^.*System\.map.*$
+        filemode: '0600'
+        allow_stricter_permissions: 'true'
+        missing_file_pass: 'true'
diff --git a/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/correct_multiple_files.pass.sh b/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/correct_multiple_files.pass.sh
new file mode 100644
index 00000000000..a0c893d84b6
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/correct_multiple_files.pass.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+mktemp -p /boot System.map-5.99.0-XXX
+mktemp -p /boot System.map-5.99.0-XXX
+chmod 0600 /boot/System.map*
diff --git a/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/correct_permissions.pass.sh b/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/correct_permissions.pass.sh
new file mode 100644
index 00000000000..0cf9cc51f35
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/correct_permissions.pass.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+mktemp -p /boot System.map-5.99.0-XXX
+chmod 0600 /boot/System.map*
diff --git a/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/lenient_multiple_files.fail.sh b/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/lenient_multiple_files.fail.sh
new file mode 100644
index 00000000000..214562466c0
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/lenient_multiple_files.fail.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+FAKE_FILE1=$(mktemp -p /boot System.map-5.99.0-XXX)
+chmod 0600 $FAKE_FILE1
+
+FAKE_FILE2=$(mktemp -p /boot System.map-5.99.0-XXX)
+chmod 0644 $FAKE_FILE2
diff --git a/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/lenient_permissions.fail.sh b/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/lenient_permissions.fail.sh
new file mode 100644
index 00000000000..d33bf01fcf0
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/lenient_permissions.fail.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+FAKE_FILE=$(mktemp -p /boot System.map-5.99.0-XXX)
+chmod 0644 $FAKE_FILE
diff --git a/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/missing_file_test.pass.sh b/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/missing_file_test.pass.sh
new file mode 100644
index 00000000000..2e51f833751
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/missing_file_test.pass.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+rm -f /boot/System.map*
diff --git a/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/stricter_permisions.pass.sh b/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/stricter_permisions.pass.sh
new file mode 100644
index 00000000000..a0b8c05cecb
--- /dev/null
+++ b/linux_os/guide/system/permissions/files/file_permissions_systemmap/tests/stricter_permisions.pass.sh
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+mktemp -p /boot System.map-5.99.0-XXX
+chmod 0400 /boot/System.map*
diff --git a/products/rhel7/profiles/default.profile b/products/rhel7/profiles/default.profile
index c6be9a58610..6f6f808b109 100644
--- a/products/rhel7/profiles/default.profile
+++ b/products/rhel7/profiles/default.profile
@@ -410,7 +410,6 @@ selections:
     - audit_rules_unsuccessful_file_modification_fchownat
     - sebool_openvpn_enable_homedirs
     - bios_disable_usb_boot
-    - file_permissions_systemmap
     - service_docker_enabled
     - file_owner_etc_hosts_allow
     - audit_rules_unsuccessful_file_modification_open_o_creat
diff --git a/products/rhel8/profiles/default.profile b/products/rhel8/profiles/default.profile
index 127bef3cc12..b89cce7acbc 100644
--- a/products/rhel8/profiles/default.profile
+++ b/products/rhel8/profiles/default.profile
@@ -451,7 +451,6 @@ selections:
     - sebool_openvpn_enable_homedirs
     - zipl_enable_selinux
     - bios_disable_usb_boot
-    - file_permissions_systemmap
     - audit_rules_unsuccessful_file_modification_open_o_creat
     - kernel_config_ipv6
     - service_rpcgssd_disabled
diff --git a/products/rhel9/profiles/default.profile b/products/rhel9/profiles/default.profile
index 3b07da302af..07ac0183a6f 100644
--- a/products/rhel9/profiles/default.profile
+++ b/products/rhel9/profiles/default.profile
@@ -370,7 +370,6 @@ selections:
     - audit_rules_unsuccessful_file_modification_fchownat
     - sebool_openvpn_enable_homedirs
     - zipl_enable_selinux
-    - file_permissions_systemmap
     - audit_rules_unsuccessful_file_modification_open_o_creat
     - kernel_config_ipv6
     - audit_rules_successful_file_modification_chown
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index 8b7712fb422..b30df489035 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -144,13 +144,6 @@ CCE-86576-6
 CCE-86577-4
 CCE-86578-2
 CCE-86579-0
-CCE-86581-6
-CCE-86582-4
-CCE-86583-2
-CCE-86584-0
-CCE-86585-7
-CCE-86586-5
-CCE-86587-3
 CCE-86589-9
 CCE-86590-7
 CCE-86591-5