{"system-security-plan":{"control-implementation":{"description":"Control implementation for FedRAMP High baseline using Ubuntu Linux 24.04 LTS","implemented-requirements":[{"control-id":"ac-3","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_root_gid_zero"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_bashrc"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_profile"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_pam_wheel_group_empty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_root_access_controlled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_groupowner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_owner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_private_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_pub_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"groups_no_zero_gid_except_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_invalid_shell_accounts_unlocked"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_shelllogin_for_systemaccounts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_limit_user_access"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"use_pam_wheel_group_for_su"}],"uuid":"321f3327-680e-413a-81a4-7b2e2c6be909"},{"control-id":"ac-5","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_root_gid_zero"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_bashrc"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_profile"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_pam_wheel_group_empty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_root_access_controlled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_groupowner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_owner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_private_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_pub_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"groups_no_zero_gid_except_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_invalid_shell_accounts_unlocked"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_shelllogin_for_systemaccounts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_limit_user_access"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"use_pam_wheel_group_for_su"}],"uuid":"72f0598c-240a-422e-aa44-a53b435c1205"},{"control-id":"ac-6","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_root_gid_zero"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_bashrc"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_profile"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_pam_wheel_group_empty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_root_access_controlled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_groupowner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_owner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_private_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_pub_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"groups_no_zero_gid_except_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_invalid_shell_accounts_unlocked"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_shelllogin_for_systemaccounts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_limit_user_access"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"use_pam_wheel_group_for_su"}],"uuid":"1974be76-5545-42d0-b257-8a3171fb7bda"},{"control-id":"mp-2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_root_gid_zero"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_bashrc"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_profile"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_pam_wheel_group_empty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_root_access_controlled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_groupowner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_owner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_private_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_pub_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"groups_no_zero_gid_except_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_invalid_shell_accounts_unlocked"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_shelllogin_for_systemaccounts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_limit_user_access"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"use_pam_wheel_group_for_su"}],"uuid":"6ba45c94-b117-4c08-b1e6-add561ed0cd2"},{"control-id":"ac-17.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_ciphers"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_kex"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_macs"}],"uuid":"53d305b4-1f8d-4b33-a205-9ed9299c583c"},{"control-id":"ia-5","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_ciphers"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_kex"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_macs"}],"uuid":"5ea6bf90-94d4-44bf-a327-6683f3370a46"},{"control-id":"ia-5.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_ciphers"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_kex"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_macs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwhistory_use_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"set_password_hashing_algorithm_logindefs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"set_password_hashing_algorithm_systemauth"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"account_disable_post_pw_expiration"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_maximum_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_minimum_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_last_change_is_in_past"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_dcredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_dictcheck"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_difok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_enforce_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_enforcing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_lcredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_maxrepeat"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_maxsequence"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_minclass"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_minlen"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_ocredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwhistory_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwhistory_enforce_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwhistory_remember"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwquality_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_ucredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_no_remember"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_set_max_life_existing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_set_min_life_existing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_empty_passwords_unix"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_empty_passwords"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_gssapi_auth"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_rhosts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_enable_pam"}],"uuid":"bc9d5998-7dd3-4ce6-b524-9f0c28698d0b"},{"control-id":"sc-8","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_ciphers"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_kex"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_macs"}],"uuid":"fa53d115-aaa9-4c7a-9b8b-a2e41092a5f4"},{"control-id":"sc-8.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_ciphers"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_kex"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_macs"}],"uuid":"ec85b7b9-4723-43ea-975f-6ba72b24c893"},{"control-id":"sc-28","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwhistory_use_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"set_password_hashing_algorithm_logindefs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"set_password_hashing_algorithm_systemauth"}],"uuid":"450fdfd6-5a64-418b-ac17-5d38e73efc4e"},{"control-id":"sc-28.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwhistory_use_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"set_password_hashing_algorithm_logindefs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"set_password_hashing_algorithm_systemauth"}],"uuid":"dda62194-5514-41b1-aec1-a4aa89765a10"},{"control-id":"cm-1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"648cf144-518c-4965-92b6-4cfd2986f7f4"},{"control-id":"cm-2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"0502572b-2a6c-464a-8873-2eff90814951"},{"control-id":"cm-6","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_forwarding"}],"uuid":"2dfb544d-54af-46f2-a395-7ccd2f90599d"},{"control-id":"cm-7","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_forwarding"}],"uuid":"9df23443-6305-4ed8-9240-de105f85025c"},{"control-id":"cm-7.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"b6ab1163-f0df-428b-b5d3-6c716336a2aa"},{"control-id":"cm-9","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"4ee6b310-0fda-4aa6-9e35-c2fa68b3c9c7"},{"control-id":"sa-3","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"08d44634-7c1a-4652-a911-2e3c75c29270"},{"control-id":"sa-8","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"c290c341-14f2-4094-a6d5-3886fcc9d8f4"},{"control-id":"sa-10","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"a050d01d-41ad-4d9f-bb99-74267e11e350"},{"control-id":"ac-2.5","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_tmout"}],"uuid":"8a49b4cd-5fad-441c-aed5-3858adc7743c"},{"control-id":"ac-11","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_tmout"}],"uuid":"10e5e9cb-0e22-409d-8cc3-c6f64cc4a4c6"},{"control-id":"ac-11.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_tmout"}],"uuid":"e37ae967-9441-4a4f-b4b8-588de27b269f"},{"control-id":"ac-12","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_tmout"}],"uuid":"535a753c-d003-48c4-99ed-e24cb400138f"},{"control-id":"ac-6.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"package_sudo_installed"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_root_login"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_add_use_pty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_remove_no_authenticate"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_require_authentication"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_require_reauthentication"}],"uuid":"3644d49b-32ae-4e80-ba7a-8a372a8158b8"},{"control-id":"ac-6.5","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"package_sudo_installed"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_root_login"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_add_use_pty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_remove_no_authenticate"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_require_authentication"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_require_reauthentication"}],"uuid":"e58dc146-3839-4c1c-9de3-82aeed355815"},{"control-id":"ac-1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_deny"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_root_unlock_time"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_unlock_time"}],"uuid":"dcc02edb-7829-40fe-9096-f128c34320b3"},{"control-id":"ac-2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_deny"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_root_unlock_time"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_unlock_time"}],"uuid":"b8eeb47c-43e9-4f81-8e8d-4e994f48516b"},{"control-id":"ac-2.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_deny"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_root_unlock_time"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_unlock_time"}],"uuid":"037fb0b5-3e75-4297-9d39-0575cd0d45b5"},{"control-id":"au-2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_loglevel_info"}],"uuid":"94896ec6-2eb6-4a6c-8a44-9c55740894a3"},{"control-id":"au-7","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_loglevel_info"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_max_auth_tries"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_custom_logfile"}],"uuid":"5b3a0a5a-0acc-4ee8-adf9-345f2d8f0792"},{"control-id":"au-12","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_loglevel_info"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_max_auth_tries"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_custom_logfile"}],"uuid":"a0134bcf-cad4-49af-9b93-4c55e902063c"},{"control-id":"au-3","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_max_auth_tries"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_custom_logfile"}],"uuid":"75c1b170-af3b-45ae-b80e-fe58209ae2d3"},{"control-id":"au-3.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_max_auth_tries"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_custom_logfile"}],"uuid":"f7ff2a9b-c5ed-4f09-8b5a-0bf9d87cb4c3"},{"control-id":"ac-10","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"concurrent_session_limit_configured"}],"uuid":"86b37e17-eb85-40ee-9990-0c38960c9f33"},{"control-id":"ac-17.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_logging_enabled"}],"uuid":"8e770f35-5b6f-489b-b93b-c1e9616e57e7"},{"control-id":"ac-2.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"account_temporary_expiration_configured"}],"uuid":"c34b5f0d-3ac4-4b58-abd1-8c8c8286ecf6"},{"control-id":"ac-2.3","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"account_disable_inactive_accounts"}],"uuid":"9dd5d902-8981-4786-9db8-72c04e9666c3"},{"control-id":"ac-4.4","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"encrypted_traffic_inspection_configured"}],"uuid":"1bced969-558c-4421-8b41-52aef985f4fc"},{"control-id":"ac-6.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_security_function_authorization"}],"uuid":"52916e2a-c744-4fd8-b6f1-68146dbe160c"},{"control-id":"ac-6.3","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"privileged_command_network_restriction"}],"uuid":"7456f8a5-7d03-4734-8d9b-01c1000275be"},{"control-id":"au-10","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"critical_action_signing_enabled"}],"uuid":"c3de1264-c943-41b6-807d-45e96e069c2d"},{"control-id":"au-12.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"time_synchronization_configured"}],"uuid":"db7aad4b-2e28-4e48-bc65-75bc21cbb183"},{"control-id":"au-5.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"auditd_storage_threshold_alert"}],"uuid":"d6a4c303-a3cd-4519-b80a-bd497954d72c"},{"control-id":"au-5.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"auditd_realtime_alerts_enabled"}],"uuid":"e83d115f-9541-4a1d-a0bb-5a9291afb399"},{"control-id":"au-6.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"log_analysis_tool_configured"}],"uuid":"960970c9-aaa9-454c-830d-267c48e9126e"},{"control-id":"au-6.4","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"centralized_logging_configured"}],"uuid":"cfd5bc29-b08c-471e-a52f-31f92fd46bd0"},{"control-id":"au-9.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"audit_logs_remote_storage"}],"uuid":"2f65df07-9fda-4234-a8b0-83c153877357"},{"control-id":"au-9.3","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"audit_logs_encrypted"}],"uuid":"b75a8a81-b6c8-4986-a5ca-686621fa92d8"},{"control-id":"cm-3.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"change_control_documentation_required"}],"uuid":"6df51a2a-e4e4-4c0e-9634-46a9b0b70d2e"},{"control-id":"si-2.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"package_update_automation_configured"}],"uuid":"f4621f73-92ea-44f8-b905-47c1907a3dfd"},{"control-id":"si-4.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"intrusion_detection_tool_installed"}],"uuid":"9544ebb1-7e30-48fa-99ee-c1cd064a2184"}]},"import-profile":{"href":"trestle://profiles/FedRAMP-Rev5-High/profile.json"},"metadata":{"last-modified":"2026-05-09T08:08:27.187326","oscal-version":"1.2.1","title":"Ubuntu System Security Plan - FedRAMP High","version":"1.0"},"system-characteristics":{"authorization-boundary":{"description":"Ubuntu Linux 24.04 LTS 6-server fleet operating within a single authorization boundary, implementing FedRAMP High security controls"},"description":"System Security Plan for Ubuntu Linux 24.04 LTS 6-server fleet with OSCAP compliance validation - FedRAMP High baseline","security-sensitivity-level":"moderate","status":{"state":"operational"},"system-ids":[{"id":"ubuntu-system-001"}],"system-information":{"information-types":[{"description":"Information related to system configuration, security settings, compliance validation, and network infrastructure","title":"System and Network Configuration"}]},"system-name":"Ubuntu 24.04 LTS Fleet"},"system-implementation":{"components":[{"description":"Ubuntu Linux 24.04 LTS","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_00","value":"accounts_password_pam_unix_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_00","value":"accounts_password_pam_unix_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_01","value":"accounts_root_gid_zero"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_01","value":"accounts_root_gid_zero"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_02","value":"accounts_umask_etc_bashrc"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_02","value":"accounts_umask_etc_bashrc"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_03","value":"accounts_umask_etc_login_defs"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_03","value":"accounts_umask_etc_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_04","value":"accounts_umask_etc_profile"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_04","value":"accounts_umask_etc_profile"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_05","value":"accounts_umask_root"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_05","value":"accounts_umask_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_06","value":"ensure_pam_wheel_group_empty"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_06","value":"ensure_pam_wheel_group_empty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_07","value":"ensure_root_access_controlled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_07","value":"ensure_root_access_controlled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_08","value":"file_groupowner_sshd_config"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_08","value":"file_groupowner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_09","value":"file_owner_sshd_config"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_09","value":"file_owner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_10","value":"file_permissions_sshd_config"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_10","value":"file_permissions_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_11","value":"file_permissions_sshd_private_key"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_11","value":"file_permissions_sshd_private_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_12","value":"file_permissions_sshd_pub_key"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_12","value":"file_permissions_sshd_pub_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_13","value":"groups_no_zero_gid_except_root"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_13","value":"groups_no_zero_gid_except_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_14","value":"no_invalid_shell_accounts_unlocked"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_14","value":"no_invalid_shell_accounts_unlocked"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_15","value":"no_shelllogin_for_systemaccounts"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_15","value":"no_shelllogin_for_systemaccounts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_16","value":"sshd_limit_user_access"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_16","value":"sshd_limit_user_access"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_17","value":"use_pam_wheel_group_for_su"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_17","value":"use_pam_wheel_group_for_su"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_18","value":"sshd_use_strong_ciphers"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_18","value":"sshd_use_strong_ciphers"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_19","value":"sshd_use_strong_kex"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_19","value":"sshd_use_strong_kex"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_20","value":"sshd_use_strong_macs"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_20","value":"sshd_use_strong_macs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_21","value":"accounts_password_pam_pwhistory_use_authtok"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_21","value":"accounts_password_pam_pwhistory_use_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_22","value":"accounts_password_pam_unix_authtok"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_22","value":"accounts_password_pam_unix_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_23","value":"set_password_hashing_algorithm_logindefs"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_23","value":"set_password_hashing_algorithm_logindefs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_24","value":"set_password_hashing_algorithm_systemauth"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_24","value":"set_password_hashing_algorithm_systemauth"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_25","value":"account_disable_post_pw_expiration"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_25","value":"account_disable_post_pw_expiration"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_26","value":"accounts_maximum_age_login_defs"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_26","value":"accounts_maximum_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_27","value":"accounts_minimum_age_login_defs"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_27","value":"accounts_minimum_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_28","value":"accounts_password_last_change_is_in_past"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_28","value":"accounts_password_last_change_is_in_past"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_29","value":"accounts_password_pam_dcredit"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_29","value":"accounts_password_pam_dcredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_30","value":"accounts_password_pam_dictcheck"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_30","value":"accounts_password_pam_dictcheck"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_31","value":"accounts_password_pam_difok"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_31","value":"accounts_password_pam_difok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_32","value":"accounts_password_pam_enforce_root"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_32","value":"accounts_password_pam_enforce_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_33","value":"accounts_password_pam_enforcing"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_33","value":"accounts_password_pam_enforcing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_34","value":"accounts_password_pam_lcredit"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_34","value":"accounts_password_pam_lcredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_35","value":"accounts_password_pam_maxrepeat"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_35","value":"accounts_password_pam_maxrepeat"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_36","value":"accounts_password_pam_maxsequence"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_36","value":"accounts_password_pam_maxsequence"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_37","value":"accounts_password_pam_minclass"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_37","value":"accounts_password_pam_minclass"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_38","value":"accounts_password_pam_minlen"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_38","value":"accounts_password_pam_minlen"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_39","value":"accounts_password_pam_ocredit"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_39","value":"accounts_password_pam_ocredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_40","value":"accounts_password_pam_pwhistory_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_40","value":"accounts_password_pam_pwhistory_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_41","value":"accounts_password_pam_pwhistory_enforce_root"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_41","value":"accounts_password_pam_pwhistory_enforce_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_42","value":"accounts_password_pam_pwhistory_remember"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_42","value":"accounts_password_pam_pwhistory_remember"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_43","value":"accounts_password_pam_pwquality_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_43","value":"accounts_password_pam_pwquality_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_44","value":"accounts_password_pam_ucredit"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_44","value":"accounts_password_pam_ucredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_45","value":"accounts_password_pam_unix_no_remember"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_45","value":"accounts_password_pam_unix_no_remember"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_46","value":"accounts_password_set_max_life_existing"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_46","value":"accounts_password_set_max_life_existing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_47","value":"accounts_password_set_min_life_existing"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_47","value":"accounts_password_set_min_life_existing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_48","value":"no_empty_passwords_unix"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_48","value":"no_empty_passwords_unix"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_49","value":"sshd_disable_empty_passwords"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_49","value":"sshd_disable_empty_passwords"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_50","value":"sshd_disable_gssapi_auth"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_50","value":"sshd_disable_gssapi_auth"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_51","value":"sshd_disable_rhosts"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_51","value":"sshd_disable_rhosts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_52","value":"sshd_enable_pam"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_52","value":"sshd_enable_pam"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_53","value":"accounts_password_warn_age_login_defs"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_53","value":"accounts_password_warn_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_54","value":"sshd_disable_forwarding"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_54","value":"sshd_disable_forwarding"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_55","value":"accounts_tmout"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_55","value":"accounts_tmout"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_56","value":"package_sudo_installed"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_56","value":"package_sudo_installed"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_57","value":"sshd_disable_root_login"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_57","value":"sshd_disable_root_login"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_58","value":"sudo_add_use_pty"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_58","value":"sudo_add_use_pty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_59","value":"sudo_remove_no_authenticate"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_59","value":"sudo_remove_no_authenticate"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_60","value":"sudo_require_authentication"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_60","value":"sudo_require_authentication"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_61","value":"sudo_require_reauthentication"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_61","value":"sudo_require_reauthentication"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_62","value":"accounts_passwords_pam_faillock_deny"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_62","value":"accounts_passwords_pam_faillock_deny"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_63","value":"accounts_passwords_pam_faillock_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_63","value":"accounts_passwords_pam_faillock_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_64","value":"accounts_passwords_pam_faillock_root_unlock_time"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_64","value":"accounts_passwords_pam_faillock_root_unlock_time"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_65","value":"accounts_passwords_pam_faillock_unlock_time"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_65","value":"accounts_passwords_pam_faillock_unlock_time"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_66","value":"sshd_set_loglevel_info"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_66","value":"sshd_set_loglevel_info"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_67","value":"sshd_set_max_auth_tries"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_67","value":"sshd_set_max_auth_tries"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_68","value":"sudo_custom_logfile"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_68","value":"sudo_custom_logfile"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_69","value":"account_automated_provisioning_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_69","value":"Verify automated account management is configured"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_70","value":"account_temporary_expiration_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_70","value":"Verify temporary account expiration is automated"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_71","value":"account_disable_inactive_accounts"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_71","value":"Verify inactive account disabling mechanism"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_72","value":"sudo_security_function_authorization"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_72","value":"Verify sudo configuration restricts security functions"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_73","value":"service_nonprivileged_user_execution"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_73","value":"Verify services run as non-root users"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_74","value":"screen_lock_timeout_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_74","value":"Verify screen lock timeout is configured"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_75","value":"screen_lock_pattern_hiding_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_75","value":"Verify screen blanking on lock"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_76","value":"sshd_logging_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_76","value":"Verify SSH logging is enabled and comprehensive"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_77","value":"auditd_extended_information_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_77","value":"Verify extended audit information is captured"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_78","value":"log_analysis_tool_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_78","value":"Verify automated log analysis tool is configured"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_79","value":"change_control_documentation_required"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_79","value":"Verify change control process documentation"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_80","value":"service_periodic_review_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_80","value":"Verify periodic service review process"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_81","value":"package_update_automation_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_81","value":"Verify automated patch management"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_82","value":"intrusion_detection_tool_installed"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_82","value":"Verify IDS/IPS tool is installed and running"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_83","value":"encrypted_traffic_inspection_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_83","value":"Verify encrypted traffic inspection capability"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_84","value":"privileged_command_network_restriction"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_84","value":"Verify network-based restrictions on privileged commands"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_85","value":"concurrent_session_limit_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_85","value":"Verify concurrent session limits"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_86","value":"auditd_storage_threshold_alert"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_86","value":"Verify audit storage threshold alerting"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_87","value":"auditd_realtime_alerts_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_87","value":"Verify real-time audit failure alerts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_88","value":"centralized_logging_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_88","value":"Verify centralized logging is configured"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_89","value":"audit_logs_remote_storage"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_89","value":"Verify audit logs are sent to remote system"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_90","value":"audit_logs_encrypted"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_90","value":"Verify audit log encryption/signing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_91","value":"critical_action_signing_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_91","value":"Verify digital signatures for critical actions"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_92","value":"time_synchronization_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_92","value":"Verify NTP/chrony is configured and running"}],"status":{"state":"operational"},"title":"Ubuntu_Linux_24.04_LTS","type":"software","uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"inventory-items":[{"description":"Application server running Ubuntu 24.04 LTS","implemented-components":[{"component-uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"props":[{"name":"asset-id","value":"ubuntu-app-01.example.com"},{"name":"asset-type","value":"server"},{"name":"ipv4-address","value":"192.168.1.104"},{"name":"role","value":"application-server"},{"name":"operating-system","value":"Ubuntu 24.04 LTS"}],"uuid":"0db6ffe6-cdc9-4fb5-bc66-81c2ca7334a9"},{"description":"Database server running Ubuntu 24.04 LTS","implemented-components":[{"component-uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"props":[{"name":"asset-id","value":"ubuntu-db-01.example.com"},{"name":"asset-type","value":"server"},{"name":"ipv4-address","value":"192.168.1.103"},{"name":"role","value":"database-server"},{"name":"operating-system","value":"Ubuntu 24.04 LTS"}],"uuid":"eff26a82-e8bf-4a07-8a64-994f5a64ffb6"},{"description":"Management and monitoring server running Ubuntu 24.04 LTS","implemented-components":[{"component-uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"props":[{"name":"asset-id","value":"ubuntu-mgmt-01.example.com"},{"name":"asset-type","value":"server"},{"name":"ipv4-address","value":"192.168.1.105"},{"name":"role","value":"management-server"},{"name":"operating-system","value":"Ubuntu 24.04 LTS"}],"uuid":"105ed03c-427c-4056-94a8-5eb533b28f8c"},{"description":"Primary web server running Ubuntu 24.04 LTS","implemented-components":[{"component-uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"props":[{"name":"asset-id","value":"ubuntu-web-01.example.com"},{"name":"asset-type","value":"server"},{"name":"ipv4-address","value":"192.168.1.101"},{"name":"role","value":"web-server"},{"name":"operating-system","value":"Ubuntu 24.04 LTS"}],"uuid":"b2a728ab-2302-4723-bc06-5fd50f623170"},{"description":"Secondary web server running Ubuntu 24.04 LTS","implemented-components":[{"component-uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"props":[{"name":"asset-id","value":"ubuntu-web-02.example.com"},{"name":"asset-type","value":"server"},{"name":"ipv4-address","value":"192.168.1.102"},{"name":"role","value":"web-server"},{"name":"operating-system","value":"Ubuntu 24.04 LTS"}],"uuid":"a835ca56-9e63-4bf2-bcf1-566ba62e1a94"},{"description":"Tertiary web server running Ubuntu 24.04 LTS","implemented-components":[{"component-uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"props":[{"name":"asset-id","value":"ubuntu-web-03.example.com"},{"name":"asset-type","value":"server"},{"name":"ipv4-address","value":"192.168.1.106"},{"name":"role","value":"web-server"},{"name":"operating-system","value":"Ubuntu 24.04 LTS"}],"uuid":"492f8bb1-7ace-458f-8225-122941125b0c"}],"users":[{"role-ids":["admin"],"title":"System Administrator","uuid":"14294159-c55a-4415-be68-00108770f82e"}]},"uuid":"55d1162d-495b-42eb-af34-a46bf35e90f3"}}