{"system-security-plan":{"control-implementation":{"description":"Control implementation for FedRAMP Moderate baseline using Ubuntu Linux 24.04 LTS","implemented-requirements":[{"control-id":"ac-3","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_root_gid_zero"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_bashrc"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_profile"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_pam_wheel_group_empty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_root_access_controlled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_groupowner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_owner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_private_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_pub_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"groups_no_zero_gid_except_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_invalid_shell_accounts_unlocked"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_shelllogin_for_systemaccounts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_limit_user_access"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"use_pam_wheel_group_for_su"}],"uuid":"bb3f3fe8-6c32-4133-ba03-4d92376f97ac"},{"control-id":"ac-5","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_root_gid_zero"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_bashrc"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_profile"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_pam_wheel_group_empty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_root_access_controlled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_groupowner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_owner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_private_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_pub_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"groups_no_zero_gid_except_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_invalid_shell_accounts_unlocked"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_shelllogin_for_systemaccounts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_limit_user_access"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"use_pam_wheel_group_for_su"}],"uuid":"861afd68-54e9-4056-88cf-ee575d788f2b"},{"control-id":"ac-6","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_root_gid_zero"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_bashrc"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_profile"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_pam_wheel_group_empty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_root_access_controlled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_groupowner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_owner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_private_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_pub_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"groups_no_zero_gid_except_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_invalid_shell_accounts_unlocked"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_shelllogin_for_systemaccounts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_limit_user_access"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"use_pam_wheel_group_for_su"}],"uuid":"80a5896f-4aa4-4da3-8820-5c4a7743db9b"},{"control-id":"mp-2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_root_gid_zero"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_bashrc"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_etc_profile"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_umask_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_pam_wheel_group_empty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"ensure_root_access_controlled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_groupowner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_owner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_private_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"file_permissions_sshd_pub_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"groups_no_zero_gid_except_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_invalid_shell_accounts_unlocked"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_shelllogin_for_systemaccounts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_limit_user_access"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"use_pam_wheel_group_for_su"}],"uuid":"d2045d6d-3857-4df5-a9c1-18cc3e43df34"},{"control-id":"ac-17.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_ciphers"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_kex"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_macs"}],"uuid":"b17d415c-2e83-40f4-ab05-5c01f49c70d8"},{"control-id":"ia-5","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_ciphers"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_kex"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_macs"}],"uuid":"9717e55f-2fcd-4080-b7f5-70d8b32f73e2"},{"control-id":"ia-5.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_ciphers"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_kex"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_macs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwhistory_use_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"set_password_hashing_algorithm_logindefs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"set_password_hashing_algorithm_systemauth"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"account_disable_post_pw_expiration"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_maximum_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_minimum_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_last_change_is_in_past"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_dcredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_dictcheck"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_difok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_enforce_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_enforcing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_lcredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_maxrepeat"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_maxsequence"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_minclass"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_minlen"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_ocredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwhistory_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwhistory_enforce_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwhistory_remember"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwquality_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_ucredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_no_remember"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_set_max_life_existing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_set_min_life_existing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"no_empty_passwords_unix"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_empty_passwords"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_gssapi_auth"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_rhosts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_enable_pam"}],"uuid":"2b950717-14b7-401f-a56d-fc798fa7a5f5"},{"control-id":"sc-8","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_ciphers"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_kex"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_macs"}],"uuid":"23fe80a4-7ce0-4068-8b58-f7da054eb609"},{"control-id":"sc-8.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_ciphers"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_kex"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_use_strong_macs"}],"uuid":"f45e130d-591e-4ec3-82bd-0ec90007133b"},{"control-id":"sc-28","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwhistory_use_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"set_password_hashing_algorithm_logindefs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"set_password_hashing_algorithm_systemauth"}],"uuid":"6f8cbf69-8760-4245-9121-62f8b83a8956"},{"control-id":"sc-28.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_pwhistory_use_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_pam_unix_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"set_password_hashing_algorithm_logindefs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"set_password_hashing_algorithm_systemauth"}],"uuid":"ebb0cd73-7789-4443-b766-b5997d5a0a3c"},{"control-id":"cm-1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"7d53eabb-40a6-4d39-94e5-9858a911cad3"},{"control-id":"cm-2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"a9944549-c106-4339-bb54-893399249a4f"},{"control-id":"cm-6","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_forwarding"}],"uuid":"828efe45-32c6-4f29-8bfa-5d03e889dad4"},{"control-id":"cm-7","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_forwarding"}],"uuid":"5c4b8ec8-35be-4373-913b-a40e4d61fdba"},{"control-id":"cm-7.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"b162d74c-7b8a-4819-a9ce-b67cd1fc148e"},{"control-id":"cm-9","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"9f083100-867b-485f-ab66-a8cdac354d35"},{"control-id":"sa-3","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"6d366a9e-6ba6-4e9a-b40d-169a453ca71e"},{"control-id":"sa-8","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"4377414d-59cd-4117-880f-199a02eabe07"},{"control-id":"sa-10","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_password_warn_age_login_defs"}],"uuid":"3bb8dbc8-663b-42ea-9f14-1545b7b63ebc"},{"control-id":"ac-2.5","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_tmout"}],"uuid":"73e67dd9-15bb-44ce-8dc8-bbf8da557e73"},{"control-id":"ac-11","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_tmout"}],"uuid":"8dd21b36-af62-43b2-bab7-cc91d543143f"},{"control-id":"ac-11.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_tmout"}],"uuid":"399c4808-ea70-4cfb-81d0-61ff90a146b7"},{"control-id":"ac-12","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_tmout"}],"uuid":"ae3a5b63-5270-4c5e-a19c-53596decb3d1"},{"control-id":"ac-6.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"package_sudo_installed"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_root_login"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_add_use_pty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_remove_no_authenticate"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_require_authentication"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_require_reauthentication"}],"uuid":"7d99092d-3bdf-4ea9-a99c-4cebf38211ee"},{"control-id":"ac-6.5","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"package_sudo_installed"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_disable_root_login"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_add_use_pty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_remove_no_authenticate"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_require_authentication"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_require_reauthentication"}],"uuid":"f633103c-45f8-4156-82b2-0d495ad2ee3f"},{"control-id":"ac-1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_deny"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_root_unlock_time"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_unlock_time"}],"uuid":"c8796b87-2c38-48c1-8348-e591aa734d59"},{"control-id":"ac-2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_deny"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_root_unlock_time"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_unlock_time"}],"uuid":"e7c6d502-3cb0-49f1-a46b-30731b7ade83"},{"control-id":"ac-2.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_deny"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_root_unlock_time"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"accounts_passwords_pam_faillock_unlock_time"}],"uuid":"fd5309c5-4924-468f-a965-fcf9e797a4b9"},{"control-id":"au-2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_loglevel_info"}],"uuid":"fb8ef404-6ddb-4d90-8e7d-d4225a561b03"},{"control-id":"au-7","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_loglevel_info"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_max_auth_tries"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_custom_logfile"}],"uuid":"da5584c8-2b6b-4691-b028-773748fd3dae"},{"control-id":"au-12","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_loglevel_info"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_max_auth_tries"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_custom_logfile"}],"uuid":"04795c6e-a30b-4411-8b0d-1a8bdbc57f95"},{"control-id":"au-3","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_max_auth_tries"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_custom_logfile"}],"uuid":"a7a5676a-9086-4f14-a42d-b314fbd72f42"},{"control-id":"au-3.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_set_max_auth_tries"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_custom_logfile"}],"uuid":"807f34c4-9473-4fe7-b10c-1a1ed5ac8486"},{"control-id":"ac-17.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sshd_logging_enabled"}],"uuid":"078da15e-48a8-4e77-8340-825bf88607e5"},{"control-id":"ac-2.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"account_temporary_expiration_configured"}],"uuid":"e389f9a3-dfa9-4737-804d-95cac6b12575"},{"control-id":"ac-2.3","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"account_disable_inactive_accounts"}],"uuid":"35d23d19-e733-44b3-8985-8b805bbc87d8"},{"control-id":"ac-6.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"sudo_security_function_authorization"}],"uuid":"8db8276b-5114-4dfe-9ad9-94d643a79924"},{"control-id":"au-6.1","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"log_analysis_tool_configured"}],"uuid":"23b824a2-05c1-4e08-81f9-c3d797bf6c28"},{"control-id":"cm-3.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"change_control_documentation_required"}],"uuid":"47c6e0cf-c85f-4bf8-bb49-e54465265e3e"},{"control-id":"si-2.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"package_update_automation_configured"}],"uuid":"b88c2844-b2ea-4f24-855d-bfb3a7f5100f"},{"control-id":"si-4.2","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","value":"intrusion_detection_tool_installed"}],"uuid":"2a1d1c1c-1c0a-4dd1-9da5-d2df08689ce7"}]},"import-profile":{"href":"trestle://profiles/FedRAMP-Rev5-Moderate/profile.json"},"metadata":{"last-modified":"2026-05-09T08:08:27.158822","oscal-version":"1.2.1","title":"Ubuntu System Security Plan - FedRAMP Moderate","version":"1.0"},"system-characteristics":{"authorization-boundary":{"description":"Ubuntu Linux 24.04 LTS 6-server fleet operating within a single authorization boundary, implementing FedRAMP Moderate security controls"},"description":"System Security Plan for Ubuntu Linux 24.04 LTS 6-server fleet with OSCAP compliance validation - FedRAMP Moderate baseline","security-sensitivity-level":"moderate","status":{"state":"operational"},"system-ids":[{"id":"ubuntu-system-001"}],"system-information":{"information-types":[{"description":"Information related to system configuration, security settings, compliance validation, and network infrastructure","title":"System and Network Configuration"}]},"system-name":"Ubuntu 24.04 LTS Fleet"},"system-implementation":{"components":[{"description":"Ubuntu Linux 24.04 LTS","props":[{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_00","value":"accounts_password_pam_unix_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_00","value":"accounts_password_pam_unix_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_01","value":"accounts_root_gid_zero"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_01","value":"accounts_root_gid_zero"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_02","value":"accounts_umask_etc_bashrc"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_02","value":"accounts_umask_etc_bashrc"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_03","value":"accounts_umask_etc_login_defs"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_03","value":"accounts_umask_etc_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_04","value":"accounts_umask_etc_profile"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_04","value":"accounts_umask_etc_profile"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_05","value":"accounts_umask_root"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_05","value":"accounts_umask_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_06","value":"ensure_pam_wheel_group_empty"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_06","value":"ensure_pam_wheel_group_empty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_07","value":"ensure_root_access_controlled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_07","value":"ensure_root_access_controlled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_08","value":"file_groupowner_sshd_config"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_08","value":"file_groupowner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_09","value":"file_owner_sshd_config"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_09","value":"file_owner_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_10","value":"file_permissions_sshd_config"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_10","value":"file_permissions_sshd_config"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_11","value":"file_permissions_sshd_private_key"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_11","value":"file_permissions_sshd_private_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_12","value":"file_permissions_sshd_pub_key"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_12","value":"file_permissions_sshd_pub_key"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_13","value":"groups_no_zero_gid_except_root"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_13","value":"groups_no_zero_gid_except_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_14","value":"no_invalid_shell_accounts_unlocked"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_14","value":"no_invalid_shell_accounts_unlocked"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_15","value":"no_shelllogin_for_systemaccounts"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_15","value":"no_shelllogin_for_systemaccounts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_16","value":"sshd_limit_user_access"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_16","value":"sshd_limit_user_access"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_17","value":"use_pam_wheel_group_for_su"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_17","value":"use_pam_wheel_group_for_su"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_18","value":"sshd_use_strong_ciphers"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_18","value":"sshd_use_strong_ciphers"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_19","value":"sshd_use_strong_kex"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_19","value":"sshd_use_strong_kex"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_20","value":"sshd_use_strong_macs"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_20","value":"sshd_use_strong_macs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_21","value":"accounts_password_pam_pwhistory_use_authtok"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_21","value":"accounts_password_pam_pwhistory_use_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_22","value":"accounts_password_pam_unix_authtok"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_22","value":"accounts_password_pam_unix_authtok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_23","value":"set_password_hashing_algorithm_logindefs"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_23","value":"set_password_hashing_algorithm_logindefs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_24","value":"set_password_hashing_algorithm_systemauth"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_24","value":"set_password_hashing_algorithm_systemauth"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_25","value":"account_disable_post_pw_expiration"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_25","value":"account_disable_post_pw_expiration"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_26","value":"accounts_maximum_age_login_defs"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_26","value":"accounts_maximum_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_27","value":"accounts_minimum_age_login_defs"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_27","value":"accounts_minimum_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_28","value":"accounts_password_last_change_is_in_past"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_28","value":"accounts_password_last_change_is_in_past"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_29","value":"accounts_password_pam_dcredit"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_29","value":"accounts_password_pam_dcredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_30","value":"accounts_password_pam_dictcheck"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_30","value":"accounts_password_pam_dictcheck"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_31","value":"accounts_password_pam_difok"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_31","value":"accounts_password_pam_difok"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_32","value":"accounts_password_pam_enforce_root"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_32","value":"accounts_password_pam_enforce_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_33","value":"accounts_password_pam_enforcing"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_33","value":"accounts_password_pam_enforcing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_34","value":"accounts_password_pam_lcredit"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_34","value":"accounts_password_pam_lcredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_35","value":"accounts_password_pam_maxrepeat"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_35","value":"accounts_password_pam_maxrepeat"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_36","value":"accounts_password_pam_maxsequence"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_36","value":"accounts_password_pam_maxsequence"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_37","value":"accounts_password_pam_minclass"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_37","value":"accounts_password_pam_minclass"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_38","value":"accounts_password_pam_minlen"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_38","value":"accounts_password_pam_minlen"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_39","value":"accounts_password_pam_ocredit"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_39","value":"accounts_password_pam_ocredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_40","value":"accounts_password_pam_pwhistory_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_40","value":"accounts_password_pam_pwhistory_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_41","value":"accounts_password_pam_pwhistory_enforce_root"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_41","value":"accounts_password_pam_pwhistory_enforce_root"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_42","value":"accounts_password_pam_pwhistory_remember"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_42","value":"accounts_password_pam_pwhistory_remember"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_43","value":"accounts_password_pam_pwquality_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_43","value":"accounts_password_pam_pwquality_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_44","value":"accounts_password_pam_ucredit"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_44","value":"accounts_password_pam_ucredit"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_45","value":"accounts_password_pam_unix_no_remember"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_45","value":"accounts_password_pam_unix_no_remember"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_46","value":"accounts_password_set_max_life_existing"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_46","value":"accounts_password_set_max_life_existing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_47","value":"accounts_password_set_min_life_existing"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_47","value":"accounts_password_set_min_life_existing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_48","value":"no_empty_passwords_unix"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_48","value":"no_empty_passwords_unix"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_49","value":"sshd_disable_empty_passwords"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_49","value":"sshd_disable_empty_passwords"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_50","value":"sshd_disable_gssapi_auth"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_50","value":"sshd_disable_gssapi_auth"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_51","value":"sshd_disable_rhosts"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_51","value":"sshd_disable_rhosts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_52","value":"sshd_enable_pam"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_52","value":"sshd_enable_pam"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_53","value":"accounts_password_warn_age_login_defs"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_53","value":"accounts_password_warn_age_login_defs"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_54","value":"sshd_disable_forwarding"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_54","value":"sshd_disable_forwarding"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_55","value":"accounts_tmout"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_55","value":"accounts_tmout"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_56","value":"package_sudo_installed"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_56","value":"package_sudo_installed"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_57","value":"sshd_disable_root_login"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_57","value":"sshd_disable_root_login"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_58","value":"sudo_add_use_pty"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_58","value":"sudo_add_use_pty"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_59","value":"sudo_remove_no_authenticate"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_59","value":"sudo_remove_no_authenticate"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_60","value":"sudo_require_authentication"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_60","value":"sudo_require_authentication"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_61","value":"sudo_require_reauthentication"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_61","value":"sudo_require_reauthentication"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_62","value":"accounts_passwords_pam_faillock_deny"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_62","value":"accounts_passwords_pam_faillock_deny"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_63","value":"accounts_passwords_pam_faillock_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_63","value":"accounts_passwords_pam_faillock_enabled"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_64","value":"accounts_passwords_pam_faillock_root_unlock_time"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_64","value":"accounts_passwords_pam_faillock_root_unlock_time"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_65","value":"accounts_passwords_pam_faillock_unlock_time"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_65","value":"accounts_passwords_pam_faillock_unlock_time"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_66","value":"sshd_set_loglevel_info"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_66","value":"sshd_set_loglevel_info"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_67","value":"sshd_set_max_auth_tries"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_67","value":"sshd_set_max_auth_tries"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_68","value":"sudo_custom_logfile"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_68","value":"sudo_custom_logfile"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_69","value":"account_automated_provisioning_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_69","value":"Verify automated account management is configured"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_70","value":"account_temporary_expiration_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_70","value":"Verify temporary account expiration is automated"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_71","value":"account_disable_inactive_accounts"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_71","value":"Verify inactive account disabling mechanism"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_72","value":"sudo_security_function_authorization"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_72","value":"Verify sudo configuration restricts security functions"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_73","value":"service_nonprivileged_user_execution"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_73","value":"Verify services run as non-root users"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_74","value":"screen_lock_timeout_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_74","value":"Verify screen lock timeout is configured"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_75","value":"screen_lock_pattern_hiding_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_75","value":"Verify screen blanking on lock"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_76","value":"sshd_logging_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_76","value":"Verify SSH logging is enabled and comprehensive"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_77","value":"auditd_extended_information_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_77","value":"Verify extended audit information is captured"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_78","value":"log_analysis_tool_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_78","value":"Verify automated log analysis tool is configured"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_79","value":"change_control_documentation_required"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_79","value":"Verify change control process documentation"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_80","value":"service_periodic_review_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_80","value":"Verify periodic service review process"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_81","value":"package_update_automation_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_81","value":"Verify automated patch management"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_82","value":"intrusion_detection_tool_installed"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_82","value":"Verify IDS/IPS tool is installed and running"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_83","value":"encrypted_traffic_inspection_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_83","value":"Verify encrypted traffic inspection capability"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_84","value":"privileged_command_network_restriction"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_84","value":"Verify network-based restrictions on privileged commands"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_85","value":"concurrent_session_limit_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_85","value":"Verify concurrent session limits"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_86","value":"auditd_storage_threshold_alert"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_86","value":"Verify audit storage threshold alerting"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_87","value":"auditd_realtime_alerts_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_87","value":"Verify real-time audit failure alerts"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_88","value":"centralized_logging_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_88","value":"Verify centralized logging is configured"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_89","value":"audit_logs_remote_storage"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_89","value":"Verify audit logs are sent to remote system"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_90","value":"audit_logs_encrypted"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_90","value":"Verify audit log encryption/signing"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_91","value":"critical_action_signing_enabled"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_91","value":"Verify digital signatures for critical actions"},{"name":"Rule_Id","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_92","value":"time_synchronization_configured"},{"name":"Rule_Description","ns":"https://oscal-compass/compliance-trestle/schemas/oscal/cd","remarks":"rule_set_92","value":"Verify NTP/chrony is configured and running"}],"status":{"state":"operational"},"title":"Ubuntu_Linux_24.04_LTS","type":"software","uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"inventory-items":[{"description":"Application server running Ubuntu 24.04 LTS","implemented-components":[{"component-uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"props":[{"name":"asset-id","value":"ubuntu-app-01.example.com"},{"name":"asset-type","value":"server"},{"name":"ipv4-address","value":"192.168.1.104"},{"name":"role","value":"application-server"},{"name":"operating-system","value":"Ubuntu 24.04 LTS"}],"uuid":"307454ed-9802-459e-b6a9-37065f93162a"},{"description":"Database server running Ubuntu 24.04 LTS","implemented-components":[{"component-uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"props":[{"name":"asset-id","value":"ubuntu-db-01.example.com"},{"name":"asset-type","value":"server"},{"name":"ipv4-address","value":"192.168.1.103"},{"name":"role","value":"database-server"},{"name":"operating-system","value":"Ubuntu 24.04 LTS"}],"uuid":"9ebe2c37-81a5-4148-9ea5-4c10c74df56f"},{"description":"Management and monitoring server running Ubuntu 24.04 LTS","implemented-components":[{"component-uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"props":[{"name":"asset-id","value":"ubuntu-mgmt-01.example.com"},{"name":"asset-type","value":"server"},{"name":"ipv4-address","value":"192.168.1.105"},{"name":"role","value":"management-server"},{"name":"operating-system","value":"Ubuntu 24.04 LTS"}],"uuid":"f3620e2a-e520-417a-a255-0e90a55ea982"},{"description":"Primary web server running Ubuntu 24.04 LTS","implemented-components":[{"component-uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"props":[{"name":"asset-id","value":"ubuntu-web-01.example.com"},{"name":"asset-type","value":"server"},{"name":"ipv4-address","value":"192.168.1.101"},{"name":"role","value":"web-server"},{"name":"operating-system","value":"Ubuntu 24.04 LTS"}],"uuid":"c889e3da-5c02-41c3-be8a-0ff20e3629c7"},{"description":"Secondary web server running Ubuntu 24.04 LTS","implemented-components":[{"component-uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"props":[{"name":"asset-id","value":"ubuntu-web-02.example.com"},{"name":"asset-type","value":"server"},{"name":"ipv4-address","value":"192.168.1.102"},{"name":"role","value":"web-server"},{"name":"operating-system","value":"Ubuntu 24.04 LTS"}],"uuid":"4b591e47-c939-45a0-8319-d502cd719125"},{"description":"Tertiary web server running Ubuntu 24.04 LTS","implemented-components":[{"component-uuid":"b2e11579-d4d6-48f8-a43c-ec7157543648"}],"props":[{"name":"asset-id","value":"ubuntu-web-03.example.com"},{"name":"asset-type","value":"server"},{"name":"ipv4-address","value":"192.168.1.106"},{"name":"role","value":"web-server"},{"name":"operating-system","value":"Ubuntu 24.04 LTS"}],"uuid":"8efdb9cd-6f3b-4063-8f30-a261ca530edc"}],"users":[{"role-ids":["admin"],"title":"System Administrator","uuid":"de2fefa9-6b51-405a-bd42-bb689cdfeb79"}]},"uuid":"bf074cff-0599-4d63-9156-7aba49c4734f"}}