Merge pull request #11469 from Mab879/rhel_8_cis_section_3

Review CIS RHEL8 v3.0.0 Section 3
ComplianceAsCode · Jan 26, 2024 · 8f3f429 · 8f3f429
2 parents 1016ad3 + 908eb8a
commit 8f3f429
Show file tree

Hide file tree

Showing 45 changed files with 383 additions and 582 deletions.
diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
@@ -28,6 +28,7 @@ identifiers:
 references:
     cis-csc: 1,12,15,16
     cis@alinux2: 5.2.19
+    cis@rhel8: 5.2.15
     cis@sle12: 5.2.18
     cis@sle15: 5.2.18
     cjis: 5.5.6

diff --git a/.../accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/.../accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
@@ -12,12 +12,12 @@ description: |-
     {{% if product in ["rhel7"] %}}
     Ensure that pam_faillock.so module entries in
     <tt>/etc/pam.d/password-auth</tt> and <tt>/etc/pam.d/system-auth</tt> are
-    followed by the assignment <tt>deny=&lt;count&gt;</tt> where count should be less than or equal to 
+    followed by the assignment <tt>deny=&lt;count&gt;</tt> where count should be less than or equal to
     {{{xccdf_value("var_accounts_passwords_pam_faillock_deny") }}} and greater than 0.
     {{% else %}}
     Ensure that the file <tt>/etc/security/faillock.conf</tt> contains the following entry:
     <tt>deny = &lt;count&gt;</tt>
-    Where count should be less than or equal to 
+    Where count should be less than or equal to
     {{{ xccdf_value("var_accounts_passwords_pam_faillock_deny") }}} and greater than 0.
     {{% endif %}}
     {{% if 'ubuntu' not in product %}}

diff --git a/...ystem/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/...ystem/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
@@ -30,7 +30,7 @@ identifiers:
 references:
     cis@alinux3: 3.4.1.1
     cis@rhel7: 3.4.2.1
-    cis@rhel8: 3.4.1.1
+    cis@rhel8: 3.4.1.2
     cis@rhel9: 3.4.1.2
     cis@sle15: 3.5.1.1
     disa: CCI-002314

diff --git a/.../system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/.../system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
@@ -29,7 +29,7 @@ references:
     cis-csc: 11,3,9
     cis@alinux3: 3.4.2.1
     cis@rhel7: 3.4.2.2
-    cis@rhel8: 3.4.1.4
+    cis@rhel8: 3.4.1.2
     cis@rhel9: 3.4.1.2
     cis@sle15: 3.5.1.3
     cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05

diff --git a/...rk/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml b/...rk/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_restricted/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel9
+prodtype: rhel8,rhel9
 
 title: 'Configure Firewalld to Restrict Loopback Traffic'
 
@@ -30,10 +30,12 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel8: CCE-87272-1
     cce@rhel9: CCE-86137-7
 
 references:
     ccn@rhel9: A.8.SEC-RHEL3
+    cis@rhel8: 3.4.2.2
     cis@rhel9: 3.4.2.4
     pcidss4: "1.4.1"
 

diff --git a/...twork/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml b/...twork/network-firewalld/ruleset_modifications/firewalld_loopback_traffic_trusted/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel9
+prodtype: rhel8,rhel9
 
 title: 'Configure Firewalld to Trust Loopback Traffic'
 
@@ -22,10 +22,12 @@ rationale: |-
 severity: medium
 
 identifiers:
+    cce@rhel8: CCE-87278-8
     cce@rhel9: CCE-86116-1
 
 references:
     ccn@rhel9: A.8.SEC-RHEL3
+    cis@rhel8: 3.4.2.2
     cis@rhel9: 3.4.2.4
     pcidss4: "1.4.1"
 

diff --git a/...ystem/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/...ystem/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
@@ -31,7 +31,6 @@ identifiers:
 references:
     ccn@rhel9: A.8.SEC-RHEL3
     cis-csc: 11,14,3,9
-    cis@rhel8: 3.4.1.5
     cis@rhel9: 3.4.2.1
     cis@sle15: 3.5.1.4
     cjis: 5.10.1

diff --git a/.../system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/.../system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
@@ -24,7 +24,7 @@ references:
     cis@alinux2: 3.2.9
     cis@alinux3: 3.3.9
     cis@rhel7: 3.3.11
-    cis@rhel8: 3.3.9
+    cis@rhel8: 3.3.11
     cis@rhel9: 3.3.9
     cis@sle12: 3.3.9
     cis@sle15: 3.3.9

diff --git a/.../network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/.../network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
@@ -25,7 +25,7 @@ references:
     cis@alinux2: 3.2.2
     cis@alinux3: 3.3.2
     cis@rhel7: 3.3.5
-    cis@rhel8: 3.3.2
+    cis@rhel8: 3.3.5
     cis@rhel9: 3.3.2
     cis@sle12: 3.3.2
     cis@sle15: 3.3.2

diff --git a/...twork/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/...twork/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
@@ -33,7 +33,7 @@ references:
     cis@alinux2: 3.2.1
     cis@alinux3: 3.3.1
     cis@rhel7: 3.3.8
-    cis@rhel8: 3.3.1
+    cis@rhel8: 3.3.8
     cis@rhel9: 3.3.1
     cis@sle12: 3.3.1
     cis@sle15: 3.3.1

diff --git a/...system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/...system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
@@ -25,7 +25,7 @@ references:
     cis@alinux2: 3.1.1
     cis@alinux3: 3.2.1
     cis@rhel7: 3.3.1
-    cis@rhel8: 3.2.1
+    cis@rhel8: 3.3.1
     cis@rhel9: 3.2.1
     cis@sle12: 3.2.1
     cis@sle15: 3.2.1

diff --git a/...tem/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/...tem/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
@@ -24,7 +24,7 @@ references:
     cis@alinux2: 3.2.9
     cis@alinux3: 3.3.9
     cis@rhel7: 3.3.11
-    cis@rhel8: 3.3.9
+    cis@rhel8: 3.3.11
     cis@rhel9: 3.3.9
     cis@sle12: 3.3.9
     cis@sle15: 3.3.9

diff --git a/...work/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/...work/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
@@ -25,7 +25,7 @@ references:
     cis@alinux2: 3.2.2
     cis@alinux3: 3.3.2
     cis@rhel7: 3.3.5
-    cis@rhel8: 3.3.2
+    cis@rhel8: 3.3.5
     cis@rhel9: 3.3.2
     cis@sle12: 3.3.2
     cis@sle15: 3.3.2

diff --git a/...k/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/...k/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
@@ -33,7 +33,7 @@ references:
     cis@alinux2: 3.2.1
     cis@alinux3: 3.3.1
     cis@rhel7: 3.3.8
-    cis@rhel8: 3.3.1
+    cis@rhel8: 3.3.8
     cis@rhel9: 3.3.1
     cis@sle12: 3.3.1
     cis@sle15: 3.3.1

diff --git a/...nel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/...nel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
@@ -32,7 +32,7 @@ references:
     cis@alinux2: 3.2.2
     cis@alinux3: 3.3.2
     cis@rhel7: 3.3.5
-    cis@rhel8: 3.3.2
+    cis@rhel8: 3.3.5
     cis@rhel9: 3.3.2
     cis@sle12: 3.3.2
     cis@sle15: 3.3.2

diff --git a/.../network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/.../network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
@@ -33,7 +33,7 @@ references:
     cis@alinux2: 3.2.1
     cis@alinux3: 3.3.1
     cis@rhel7: 3.3.8
-    cis@rhel8: 3.3.1
+    cis@rhel8: 3.3.8
     cis@rhel9: 3.3.1
     cis@sle12: 3.3.1
     cis@sle15: 3.3.1

diff --git a/...-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/...-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
@@ -28,7 +28,7 @@ references:
     cis@alinux2: 3.2.4
     cis@alinux3: 3.3.4
     cis@rhel7: 3.3.9
-    cis@rhel8: 3.3.4
+    cis@rhel8: 3.3.9
     cis@rhel9: 3.3.4
     cis@sle12: 3.3.4
     cis@sle15: 3.3.4

diff --git a/...nel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/...nel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
@@ -28,7 +28,7 @@ references:
     cis@alinux2: 3.2.3
     cis@alinux3: 3.3.3
     cis@rhel7: 3.3.6
-    cis@rhel8: 3.3.3
+    cis@rhel8: 3.3.6
     cis@rhel9: 3.3.3
     cis@sle12: 3.3.3
     cis@sle15: 3.3.3

diff --git a/...network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/...network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
@@ -31,7 +31,7 @@ references:
     cis@alinux2: 3.2.2
     cis@alinux3: 3.3.2
     cis@rhel7: 3.3.5
-    cis@rhel8: 3.3.2
+    cis@rhel8: 3.3.5
     cis@rhel9: 3.3.2
     cis@sle12: 3.3.3
     cis@sle15: 3.3.3

diff --git a/...work_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/...work_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
@@ -33,7 +33,7 @@ references:
     cis@alinux2: 3.2.1
     cis@alinux3: 3.3.1
     cis@rhel7: 3.3.8
-    cis@rhel8: 3.3.1
+    cis@rhel8: 3.3.8
     cis@rhel9: 3.3.1
     cis@sle12: 3.3.1
     cis@sle15: 3.3.1

diff --git a/...nel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/...nel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
@@ -28,7 +28,7 @@ references:
     cis@alinux2: 3.2.4
     cis@alinux3: 3.3.4
     cis@rhel7: 3.3.9
-    cis@rhel8: 3.3.4
+    cis@rhel8: 3.3.9
     cis@rhel9: 3.3.4
     cis@sle12: 3.3.4
     cis@sle15: 3.3.4

diff --git a/...network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/...network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
@@ -28,7 +28,7 @@ references:
     cis@alinux2: 3.2.3
     cis@alinux3: 3.3.3
     cis@rhel7: 3.3.6
-    cis@rhel8: 3.3.3
+    cis@rhel8: 3.3.6
     cis@rhel9: 3.3.3
     cis@sle12: 3.3.2
     cis@sle15: 3.3.2

diff --git a/...l/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/...l/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
@@ -29,7 +29,7 @@ references:
     cis@alinux2: 3.2.5
     cis@alinux3: 3.3.5
     cis@rhel7: 3.3.4
-    cis@rhel8: 3.3.5
+    cis@rhel8: 3.3.4
     cis@rhel9: 3.3.5
     cis@sle12: 3.3.5
     cis@sle15: 3.3.5

diff --git a/...ork_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/...ork_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
@@ -27,7 +27,7 @@ references:
     cis@alinux2: 3.2.6
     cis@alinux3: 3.3.6
     cis@rhel7: 3.3.3
-    cis@rhel8: 3.3.6
+    cis@rhel8: 3.3.3
     cis@rhel9: 3.3.6
     cis@sle12: 3.3.6
     cis@sle15: 3.3.6

diff --git a/...network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/...network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
@@ -31,7 +31,7 @@ references:
     cis@alinux2: 3.2.8
     cis@alinux3: 3.3.8
     cis@rhel7: 3.3.10
-    cis@rhel8: 3.3.8
+    cis@rhel8: 3.3.10
     cis@rhel9: 3.3.8
     cis@sle12: 3.3.8
     cis@sle15: 3.3.8

diff --git a/...k/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/...k/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
@@ -30,7 +30,7 @@ references:
     cis@alinux2: 3.1.2
     cis@alinux3: 3.2.2
     cis@rhel7: 3.3.2
-    cis@rhel8: 3.2.2
+    cis@rhel8: 3.3.2
     cis@rhel9: 3.2.2
     cis@sle12: 3.2.2
     cis@sle15: 3.2.2

diff --git a/...twork-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/...twork-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
@@ -30,7 +30,7 @@ references:
     cis@alinux2: 3.1.2
     cis@alinux3: 3.2.2
     cis@rhel7: 3.3.2
-    cis@rhel8: 3.2.2
+    cis@rhel8: 3.3.2
     cis@rhel9: 3.2.2
     cis@sle12: 3.2.2
     cis@sle15: 3.2.2

diff --git a/...system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/...system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
@@ -28,7 +28,7 @@ references:
     cis@alinux2: 3.1.1
     cis@alinux3: 3.2.1
     cis@rhel7: 3.3.1
-    cis@rhel8: 3.2.1
+    cis@rhel8: 3.3.1
     cis@rhel9: 3.2.1
     cis@sle12: 3.2.1
     cis@sle15: 3.2.1

diff --git a/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml b/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml
@@ -10,7 +10,7 @@ description: |-
    the firewall will accept any packet that is not configured to be denied and the packet will
    continue traversing the network stack.
 
-rationale: |-
+rationale: |
    It is easier to allow acceptable usage than to block unacceptable usage.
 
 severity: medium
@@ -23,6 +23,7 @@ identifiers:
 
 references:
     cis@rhel7: 3.4.3.7
+    cis@rhel8: 3.4.2.5
     cis@sle15: 3.5.2.8
     cis@ubuntu2004: 3.5.2.8
     cis@ubuntu2204: 3.5.2.8

diff --git a/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml b/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml
@@ -26,7 +26,7 @@ identifiers:
 
 references:
     cis@rhel7: 3.4.3.1
-    cis@rhel8: 3.4.2.1
+    cis@rhel8: 3.4.1.1
     cis@rhel9: 3.4.1.1
     cis@sle15: 3.5.2.1
     cis@ubuntu2004: 3.5.2.1

diff --git a/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml b/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml
@@ -25,7 +25,7 @@ identifiers:
 references:
     ccn@rhel9: A.8.SEC-RHEL3
     cis@alinux3: 3.4.2.3
-    cis@rhel8: 3.4.1.3
+    cis@rhel8: 3.4.1.2
     cis@rhel9: 3.4.1.2
     cis@sle15: 3.5.1.2
     cis@ubuntu2004: 3.5.3.1.2

diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_base_chain/rule.yml b/linux_os/guide/system/network/network-nftables/set_nftables_base_chain/rule.yml
@@ -25,6 +25,7 @@ identifiers:
 
 references:
     cis@rhel7: 3.4.3.4
+    cis@rhel8: 3.4.2.1
     cis@sle15: 3.5.2.5
     cis@ubuntu2004: 3.5.2.5
     cis@ubuntu2204: 3.5.2.5

diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml b/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml
@@ -17,6 +17,7 @@ identifiers:
     cce@sle15: CCE-92564-4
 
 references:
+    cis@rhel8: 3.4.2.4
     cis@sle15: 3.5.2.7
 
 ocil_clause: 'All nftables rules for established incoming, and for new and outbound connections do not match site policy'

diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
@@ -28,7 +28,7 @@ references:
     cis@alinux2: 3.4.1
     cis@alinux3: 3.1.3
     cis@rhel7: 3.2.1
-    cis@rhel8: 3.1.3
+    cis@rhel8: 3.2.1
     cis@sle12: 3.4.1
     cis@sle15: 3.4.1
     cis@ubuntu2004: 3.4.1

diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_rds_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_rds_disabled/rule.yml
@@ -23,6 +23,7 @@ references:
     cis-csc: 11,14,3,9
     cis@alinux2: 3.4.3
     cis@rhel7: 3.2.3
+    cis@rhel8: 3.2.3
     cis@ubuntu2004: 3.4.3
     cis@ubuntu2204: 3.4.3
     cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06

diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
@@ -30,7 +30,7 @@ references:
     cis@alinux2: 3.4.2
     cis@alinux3: 3.1.2
     cis@rhel7: 3.2.4
-    cis@rhel8: 3.1.2
+    cis@rhel8: 3.2.4
     cis@sle12: 3.4.2
     cis@sle15: 3.4.2
     cis@ubuntu2004: 3.4.2

diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
@@ -31,6 +31,7 @@ references:
     cis-csc: 11,14,3,9
     cis@alinux2: 3.4.4
     cis@rhel7: 3.2.2
+    cis@rhel8: 3.2.2
     cis@rhel9: 3.1.3
     cis@ubuntu2004: 3.4.4
     cis@ubuntu2204: 3.4.4

diff --git a/...ide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml b/...ide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
@@ -18,10 +18,12 @@ severity: medium
 
 identifiers:
     cce@rhel7: CCE-27328-4
+    cce@rhel8: CCE-87231-7
 
 references:
     cis-csc: 11,12,14,15,3,8,9
     cis@rhel7: 3.1.3
+    cis@rhel8: 3.1.3
     cobit5: APO13.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.04,DSS05.02,DSS05.03,DSS05.05,DSS06.06
     cui: 3.1.16
     disa: CCI-000085,CCI-001551

diff --git a/...de/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/...de/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
@@ -43,7 +43,7 @@ references:
     cis-csc: 11,12,14,15,3,8,9
     cis@alinux3: 3.1.4
     cis@rhel7: 3.1.2
-    cis@rhel8: 3.1.4
+    cis@rhel8: 3.1.2
     cis@rhel9: 3.1.2
     cis@sle12: 3.1.2
     cis@sle15: 3.1.2

diff --git a/...s/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml b/...s/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
@@ -35,7 +35,7 @@ references:
     ccn@rhel9: A.11.SEC-RHEL12
     cis-csc: 12,16
     cis@rhel7: 1.7.6
-    cis@rhel8: 1.8.6,1.8.7
+    cis@rhel8: 1.8.6
     cis@rhel9: 1.8.6,1.8.7
     cis@ubuntu2204: 1.8.6
     cobit5: APO13.01,DSS01.04,DSS05.03,DSS05.04,DSS05.05,DSS05.07,DSS06.03