diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/oval/shared.xml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/oval/shared.xml
deleted file mode 100644
index 1ac70e5aeb..0000000000
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/oval/shared.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-
-
- {{{ oval_metadata("Install the McAfee Host Intrusion Prevention System (HIPS) Module if it is absolutely necessary. If SELinux is enabled, do not install or enable this module.",
- affected_platforms=["multi_platform_all"]) }}}
-
-
-
-
-
-
-
-
-
- MFEhiplsm
-
-
-
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml
similarity index 88%
rename from linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/rule.yml
rename to linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml
index 459a656d40..00e5f12873 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_hips/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8
+prodtype: fedora,rhel6,rhel7,rhel8,rhv4
title: 'Install the Host Intrusion Prevention System (HIPS) Module'
@@ -24,12 +24,13 @@ references:
nist: CM-6(a)
nist-csf: DE.AE-1,DE.AE-2,DE.AE-3,DE.AE-4,DE.CM-1,DE.CM-5,DE.CM-6,DE.CM-7,DE.DP-2,DE.DP-3,DE.DP-4,DE.DP-5,ID.RA-1,PR.AC-5,PR.DS-5,PR.IP-8,PR.PT-4,RS.AN-1,RS.CO-3
pcidss: Req-11.4
- srg: STG-OS-000480-GPOS-00227
+ srg: SRG-OS-000480-GPOS-00227,SRG-OS-000196
isa-62443-2013: 'SR 2.10,SR 2.11,SR 2.12,SR 2.4,SR 2.8,SR 2.9,SR 3.1,SR 3.3,SR 3.5,SR 3.8,SR 3.9,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
isa-62443-2009: 4.2.3,4.2.3.12,4.2.3.7,4.2.3.9,4.3.3.4,4.3.4.5.2,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.3.4.5.9,4.4.3.2,4.4.3.3,4.4.3.4
cobit5: APO01.06,APO07.06,APO08.04,APO10.05,APO11.06,APO12.01,APO12.02,APO12.03,APO12.04,APO12.06,APO13.01,APO13.02,BAI08.02,BAI08.04,DSS01.03,DSS01.05,DSS02.04,DSS02.05,DSS02.07,DSS03.01,DSS03.04,DSS03.05,DSS04.05,DSS05.01,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.01,DSS06.02,MEA03.03,MEA03.04
iso27001-2013: 'A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.12.1.1,A.12.1.2,A.12.4.1,A.12.4.3,A.12.5.1,A.12.6.1,A.12.6.2,A.13.1.1,A.13.1.2,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.14.2.7,A.14.2.8,A.15.2.1,A.16.1.1,A.16.1.2,A.16.1.3,A.16.1.4,A.16.1.5,A.16.1.6,A.16.1.7,A.18.1.4,A.18.2.2,A.18.2.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5,Clause 16.1.2,Clause 7.4'
cis-csc: 1,11,12,13,14,15,16,18,19,2,3,4,5,6,7,8,9
+ stigid@rhel7: RHEL-07-020019
ocil_clause: 'the HBSS HIPS module is not installed'
@@ -37,6 +38,9 @@ ocil: |-
To verify that McAfee HIPS is installed, run the following command(s):
$ rpm -q MFEhiplsm
+conflicts:
+ - selinux_state
+
warnings:
- functionality: |-
Installing and enabling this module conflicts with SELinux.
@@ -44,3 +48,14 @@ warnings:
- general: |-
Due to McAfee HIPS being 3rd party software, automated
remediation is not available for this configuration check.
+
+template:
+ name: package_installed
+ vars:
+ pkgname: MFEhiplsm
+ backends:
+ anaconda: "off"
+ ansible: "off"
+ bash: "off"
+ puppet: "off"
+
diff --git a/rhel7/profiles/stig.profile b/rhel7/profiles/stig.profile
index 9033e433d8..f9f3e94e2a 100644
--- a/rhel7/profiles/stig.profile
+++ b/rhel7/profiles/stig.profile
@@ -308,3 +308,4 @@ selections:
- mount_option_dev_shm_noexec
- mount_option_dev_shm_nosuid
- audit_rules_privileged_commands_mount
+ - package_MFEhiplsm_installed
diff --git a/shared/checks/oval/install_mcafee_hbss.xml b/shared/checks/oval/install_mcafee_hbss.xml
index 8ae73ecffc..e0fc31d760 100644
--- a/shared/checks/oval/install_mcafee_hbss.xml
+++ b/shared/checks/oval/install_mcafee_hbss.xml
@@ -12,7 +12,7 @@
-
+