diff --git a/linux_os/guide/system/software/integrity/kernel_trust_cpu_rng/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/oval/shared.xml
similarity index 100%
rename from linux_os/guide/system/software/integrity/kernel_trust_cpu_rng/oval/shared.xml
rename to linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/oval/shared.xml
diff --git a/linux_os/guide/system/software/integrity/kernel_trust_cpu_rng/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
similarity index 99%
rename from linux_os/guide/system/software/integrity/kernel_trust_cpu_rng/rule.yml
rename to linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
index 89ffe074e0..3df57621a3 100644
--- a/linux_os/guide/system/software/integrity/kernel_trust_cpu_rng/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
@@ -49,7 +49,7 @@ ocil: |-
If the command does not return any output, then the boot parameter is
missing.
-platform: machine
+platform: grub2
template:
name: grub2_bootloader_argument
diff --git a/linux_os/guide/system/software/integrity/kernel_trust_cpu_rng/tests/boot_parameter.pass.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/boot_parameter.pass.sh
similarity index 100%
rename from linux_os/guide/system/software/integrity/kernel_trust_cpu_rng/tests/boot_parameter.pass.sh
rename to linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/boot_parameter.pass.sh
diff --git a/linux_os/guide/system/software/integrity/kernel_trust_cpu_rng/tests/compiled.pass.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/compiled.pass.sh
similarity index 100%
rename from linux_os/guide/system/software/integrity/kernel_trust_cpu_rng/tests/compiled.pass.sh
rename to linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/compiled.pass.sh
diff --git a/linux_os/guide/system/software/integrity/kernel_trust_cpu_rng/tests/compiled_but_overridden.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/compiled_but_overridden.fail.sh
similarity index 100%
rename from linux_os/guide/system/software/integrity/kernel_trust_cpu_rng/tests/compiled_but_overridden.fail.sh
rename to linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/compiled_but_overridden.fail.sh
diff --git a/linux_os/guide/system/software/integrity/kernel_trust_cpu_rng/tests/missing.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/missing.fail.sh
similarity index 100%
rename from linux_os/guide/system/software/integrity/kernel_trust_cpu_rng/tests/missing.fail.sh
rename to linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/missing.fail.sh
diff --git a/rhel8/profiles/ospp.profile b/rhel8/profiles/ospp.profile
index 5944383e39..687b948b34 100644
--- a/rhel8/profiles/ospp.profile
+++ b/rhel8/profiles/ospp.profile
@@ -134,7 +134,7 @@ selections:
- grub2_vsyscall_argument.role=unscored
- grub2_vsyscall_argument.severity=info
- grub2_pti_argument
- - kernel_trust_cpu_rng
+ - grub2_kernel_trust_cpu_rng
## Security Settings
- sysctl_kernel_kptr_restrict
diff --git a/tests/data/profile_stability/rhel8/ospp.profile b/tests/data/profile_stability/rhel8/ospp.profile
index a11664fe28..8bbc01f0d5 100644
--- a/tests/data/profile_stability/rhel8/ospp.profile
+++ b/tests/data/profile_stability/rhel8/ospp.profile
@@ -84,6 +84,7 @@ selections:
- grub2_audit_argument
- grub2_audit_backlog_limit_argument
- grub2_disable_interactive_boot
+- grub2_kernel_trust_cpu_rng
- grub2_page_poison_argument
- grub2_pti_argument
- grub2_slub_debug_argument
@@ -97,7 +98,6 @@ selections:
- kernel_module_firewire-core_disabled
- kernel_module_sctp_disabled
- kernel_module_tipc_disabled
-- kernel_trust_cpu_rng
- mount_option_boot_nodev
- mount_option_boot_nosuid
- mount_option_dev_shm_nodev
diff --git a/tests/data/profile_stability/rhel8/stig.profile b/tests/data/profile_stability/rhel8/stig.profile
index 5add9d462f..e1915d648b 100644
--- a/tests/data/profile_stability/rhel8/stig.profile
+++ b/tests/data/profile_stability/rhel8/stig.profile
@@ -29,6 +29,8 @@ selections:
- accounts_password_minlen_login_defs
- accounts_password_pam_dcredit
- accounts_password_pam_difok
+- accounts_password_pam_enforce_local
+- accounts_password_pam_enforce_root
- accounts_password_pam_lcredit
- accounts_password_pam_maxclassrepeat
- accounts_password_pam_maxrepeat
@@ -39,6 +41,7 @@ selections:
- accounts_password_set_max_life_existing
- accounts_password_set_min_life_existing
- accounts_passwords_pam_faillock_deny
+- accounts_passwords_pam_faillock_enforce_local
- accounts_passwords_pam_faillock_interval
- accounts_passwords_pam_faillock_unlock_time
- accounts_umask_etc_bashrc
@@ -103,6 +106,7 @@ selections:
- grub2_audit_argument
- grub2_audit_backlog_limit_argument
- grub2_disable_interactive_boot
+- grub2_kernel_trust_cpu_rng
- grub2_page_poison_argument
- grub2_pti_argument
- grub2_slub_debug_argument
@@ -116,7 +120,6 @@ selections:
- kernel_module_firewire-core_disabled
- kernel_module_sctp_disabled
- kernel_module_tipc_disabled
-- kernel_trust_cpu_rng
- mount_option_boot_nodev
- mount_option_boot_nosuid
- mount_option_dev_shm_nodev
@@ -195,6 +198,7 @@ selections:
- service_systemd-coredump_disabled
- service_usbguard_enabled
- smartcard_configure_cert_checking
+- ssh_client_rekey_limit
- sshd_disable_empty_passwords
- sshd_disable_gssapi_auth
- sshd_disable_kerb_auth
@@ -272,8 +276,4 @@ selections:
- grub2_vsyscall_argument.severity=info
- sysctl_user_max_user_namespaces.role=unscored
- sysctl_user_max_user_namespaces.severity=info
-- ssh_client_rekey_limit
-- accounts_passwords_pam_faillock_enforce_local
-- accounts_password_pam_enforce_local
-- accounts_password_pam_enforce_root
title: '[DRAFT] DISA STIG for Red Hat Enterprise Linux 8'