diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
index 81f9cb955ce..baa67efcc0c 100644
--- a/controls/cis_rhel8.yml
+++ b/controls/cis_rhel8.yml
@@ -764,16 +764,15 @@ controls:
     rules:
       - package_tftp-server_removed
 
-  # NEEDS RULE
   - id: 2.2.10
     title: Ensure a web server is not installed (Automated)
     levels:
       - l1_server
       - l1_workstation
-    status: partial
+    status: automated
     rules:
       - package_httpd_removed
-      # Needs a rule to remove nginx
+      - package_nginx_removed
 
   # NEEDS RULE
   - id: 2.2.11
diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml
index 11f9995039e..773d7a006c0 100644
--- a/controls/cis_rhel9.yml
+++ b/controls/cis_rhel9.yml
@@ -760,16 +760,15 @@ controls:
     rules:
       - package_tftp-server_removed
 
-  # NEEDS RULE
   - id: 2.2.8
     title: Ensure a web server is not installed (Automated)
     levels:
       - l1_server
       - l1_workstation
-    status: partial
+    status: automated
     rules:
       - package_httpd_removed
-      # Needs a rule to remove nginx
+      - package_nginx_removed
 
   # NEEDS RULE
   - id: 2.2.9
diff --git a/linux_os/guide/services/http/disabling_nginx/group.yml b/linux_os/guide/services/http/disabling_nginx/group.yml
new file mode 100644
index 00000000000..b22aaa8ef8b
--- /dev/null
+++ b/linux_os/guide/services/http/disabling_nginx/group.yml
@@ -0,0 +1,7 @@
+documentation_complete: true
+
+title: 'Disable NGINX if Possible'
+
+description: |-
+    If NGINX was installed and activated, but the system does not need to act as a web server,
+    then it should be removed from the system.
diff --git a/linux_os/guide/services/http/disabling_nginx/package_nginx_removed/rule.yml b/linux_os/guide/services/http/disabling_nginx/package_nginx_removed/rule.yml
new file mode 100644
index 00000000000..05b573f482c
--- /dev/null
+++ b/linux_os/guide/services/http/disabling_nginx/package_nginx_removed/rule.yml
@@ -0,0 +1,35 @@
+documentation_complete: true
+
+prodtype: rhel8,rhel9
+
+title: 'Uninstall nginx Package'
+
+description: |-
+    {{{ describe_package_remove(package="nginx") }}}
+
+rationale: |-
+    If there is no need to make the web server software available,
+    removing it provides a safeguard against its activation.
+
+severity: unknown
+
+identifiers:
+    cce@rhel8: CCE-88034-4
+    cce@rhel9: CCE-88035-1
+
+references:
+    cis@rhel8: 2.2.10
+    cis@rhel9: 2.2.8
+    cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
+    isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
+    isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
+    iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2
+    nist: CM-7(a),CM-7(b),CM-6(a)
+    nist-csf: PR.IP-1,PR.PT-3
+
+{{{ complete_ocil_entry_package(package="nginx") }}}
+
+template:
+    name: package_removed
+    vars:
+        pkgname: nginx
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index 9b3bb608e7a..ea8d82326bc 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -1584,8 +1584,6 @@ CCE-88028-6
 CCE-88029-4
 CCE-88030-2
 CCE-88031-0
-CCE-88034-4
-CCE-88035-1
 CCE-88037-7
 CCE-88038-5
 CCE-88039-3