Merge pull request #9705 from anivan-suse/pci-dss-e

Add pcidss Req-ids
ComplianceAsCode · Oct 20, 2022 · 78012f3 · 78012f3
2 parents c849cf3 + dd10530
commit 78012f3
Show file tree

Hide file tree

Showing 36 changed files with 36 additions and 0 deletions.
diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml
@@ -34,6 +34,7 @@ references:
     iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2
     nist: CM-7(a),CM-7(b),CM-6(a),IA-5(1)(c),IA-5(1).1(v),CM-7,CM-7.1(ii)
     nist-csf: PR.IP-1,PR.PT-3
+    pcidss: Req-2.2.4
     srg: SRG-OS-000074-GPOS-00042,SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
     stigid@ol7: OL07-00-040690
     stigid@ol8: OL08-00-040360

diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
@@ -31,6 +31,7 @@ references:
     cis@sle15: 2.3.5
     cis@ubuntu2004: 2.3.5
     cis@ubuntu2204: 2.3.5
+    pcidss: Req-2.2.4
 
 ocil_clause: 'the package is installed'
 

diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml
@@ -39,6 +39,7 @@ references:
     iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4,A.9.1.2
     nist: CM-7(a),CM-7(b),CM-6(a)
     nist-csf: PR.IP-1,PR.PT-3
+    pcidss: Req-2.2.4
 
 ocil_clause: 'it does not'
 

diff --git a/linux_os/guide/services/ntp/package_chrony_installed/rule.yml b/linux_os/guide/services/ntp/package_chrony_installed/rule.yml
@@ -34,6 +34,7 @@ references:
     cis@ubuntu2204: 2.2.1.1
     ism: 0988,1405
     ospp: FMT_SMF_EXT.1
+    pcidss: Req-10.6.1
     srg: SRG-OS-000355-GPOS-00143
     stigid@ubuntu2004: UBTU-20-010435
 

diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml
@@ -39,6 +39,7 @@ references:
     iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2
     nist: CM-7(a),CM-7(b),CM-6(a),IA-5(1)(c)
     nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
+    pcidss: Req-2.2.4
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol7: OL07-00-020010
     stigid@rhel7: RHEL-07-020010

diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml
@@ -46,6 +46,7 @@ references:
     iso27001-2013: A.11.2.6,A.12.1.2,A.12.5.1,A.12.6.2,A.13.1.1,A.13.2.1,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4,A.6.2.1,A.6.2.2,A.9.1.2
     nist: CM-7(a),CM-7(b),CM-6(a)
     nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
+    pcidss: Req-2.2.4
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol7: OL07-00-021710
     stigid@ol8: OL08-00-040000

diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml
@@ -51,6 +51,7 @@ references:
     nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
     nist: AC-17(a),CM-6(a),AC-6(1)
     nist-csf: PR.AC-4,PR.DS-5
+    pcidss: Req-2.2.6
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol7: OL07-00-040420
     stigid@ol8: OL08-00-010490

diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml
@@ -36,6 +36,7 @@ references:
     nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
     nist: AC-17(a),CM-6(a),AC-6(1)
     nist-csf: PR.AC-4,PR.DS-5
+    pcidss: Req-2.2.6
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol7: OL07-00-040410
     stigid@ol8: OL08-00-010480

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml
@@ -52,6 +52,7 @@ references:
     nist-csf: PR.AC-4,PR.AC-6,PR.DS-5,PR.IP-1,PR.PT-3
     nist@sle15: CM-6(b),CM-6.1(iv)
     ospp: FIA_UAU.1
+    pcidss: Req-2.2.6
     srg: SRG-OS-000106-GPOS-00053,SRG-OS-000480-GPOS-00229,SRG-OS-000480-GPOS-00227
     stigid@ol7: OL07-00-010300
     stigid@ol8: OL08-00-020330

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml
@@ -48,6 +48,7 @@ references:
     nist: AC-6(2),AC-17(a),IA-2,IA-2(5),CM-7(a),CM-7(b),CM-6(a)
     nist-csf: PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.DS-5,PR.PT-3
     ospp: FAU_GEN.1
+    pcidss: Req-2.2.6
     srg: SRG-OS-000109-GPOS-00056,SRG-OS-000480-GPOS-00227
     stigid@ol7: OL07-00-040370
     stigid@ol8: OL08-00-010550

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml
@@ -46,6 +46,7 @@ references:
     nist: AC-17(a),CM-7(a),CM-7(b),CM-6(a)
     nist-csf: PR.IP-1
     nist@sle15: CM-6(b),CM-6.1(iv)
+    pcidss: Req-2.2.6
     srg: SRG-OS-000480-GPOS-00229
     stigid@ol7: OL07-00-010460
     stigid@ol8: OL08-00-010830

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml
@@ -43,6 +43,7 @@ references:
     nist: AC-8(a),AC-8(c),AC-17(a),CM-6(a)
     nist-csf: PR.AC-7
     ospp: FTA_TAB.1
+    pcidss: Req-2.2.6
     srg: SRG-OS-000023-GPOS-00006,SRG-OS-000228-GPOS-00088
     stigid@ol7: OL07-00-040170
     stigid@ol8: OL08-00-010040

diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/rule.yml
@@ -37,6 +37,7 @@ references:
     disa: CCI-000067
     nerc-cip: CIP-007-3 R7.1
     nist: AC-17(a),AC-17(1),CM-6(a)
+    pcidss: Req-2.2.6
     srg: SRG-OS-000032-GPOS-00013
     stigid@sle12: SLES-12-030110
     stigid@sle15: SLES-15-010150

diff --git a/...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml b/...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_dcredit/rule.yml
@@ -27,6 +27,7 @@ references:
     cis@sle15: 5.3.1
     disa: CCI-000194
     nist@sle12: IA-5(a),IA-5(v)
+    pcidss: Req-8.3.1
     srg: SRG-OS-000071-GPOS-00039
     stigid@sle12: SLES-12-010170
     stigid@sle15: SLES-15-020150

diff --git a/...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml b/...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_lcredit/rule.yml
@@ -29,6 +29,7 @@ references:
     disa: CCI-000193
     nist@sle12: IA-5(a),IA-5(v)
     nist@sle15: IA-5(1)(a),IA-5(1).1(v)
+    pcidss: Req-8.3.1
     srg: SRG-OS-000070-GPOS-00038
     stigid@sle12: SLES-12-010160
     stigid@sle15: SLES-15-020140

diff --git a/...sword_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml b/...sword_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_minlen/rule.yml
@@ -26,6 +26,7 @@ references:
     cis@sle15: 5.3.1
     disa: CCI-000205
     nist@sle12: IA-5(1)(a)
+    pcidss: Req-8.3.1
     srg: SRG-OS-000078-GPOS-00046
     stigid@sle12: SLES-12-010250
     stigid@sle15: SLES-15-020260

diff --git a/...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ocredit/rule.yml b/...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ocredit/rule.yml
@@ -28,6 +28,7 @@ references:
     cis@sle15: 5.3.1
     disa: CCI-001619
     nist: IA-5(a),IA-5(v)
+    pcidss: Req-8.3.1
     srg: SRG-OS-000266-GPOS-00101
     stigid@sle12: SLES-12-010180
     stigid@sle15: SLES-15-020270

diff --git a/...ssword_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml b/...ssword_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_retry/rule.yml
@@ -24,6 +24,7 @@ references:
     cis@sle15: 5.3.1
     disa: CCI-000366
     nist@sle12: CM-6(b),CM-6.1
+    pcidss: Req-8.3.1
     srg: SRG-OS-000480-GPOS-00225
     stigid@sle12: SLES-12-010320
     stigid@sle15: SLES-15-020290

diff --git a/...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml b/...word_quality/password_quality_pamcracklib/cracklib_accounts_password_pam_ucredit/rule.yml
@@ -29,6 +29,7 @@ references:
     disa: CCI-000192
     nist@sle12: IA-5(a),IA-5(v)
     nist@sle15: IA-5(1)(a),IA-5(1).1(v)
+    pcidss: Req-8.3.1
     srg: SRG-OS-000069-GPOS-00037
     stigid@sle12: SLES-12-010150
     stigid@sle15: SLES-15-020130

diff --git a/...counts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/...counts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
@@ -51,6 +51,7 @@ references:
     nist: IA-5(f),IA-5(1)(d),CM-6(a)
     nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
     nist@sle15: IA-5(1)(d),IA-5(1).1(v)
+    pcidss: Req-8.3.9
     srg: SRG-OS-000075-GPOS-00043
     stigid@ol7: OL07-00-010230
     stigid@ol8: OL08-00-020190

diff --git a/.../accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml b/.../accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/rule.yml
@@ -42,6 +42,7 @@ references:
     iso27001-2013: A.12.4.1,A.12.4.3,A.18.1.4,A.6.1.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5
     nist: IA-5(f),IA-5(1)(d),CM-6(a)
     nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7
+    pcidss: Req-8.3.9
 
 ocil_clause: 'it is not set to the required value'
 

diff --git a/...de/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/...de/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
@@ -50,6 +50,7 @@ references:
     nist-csf: PR.AC-1,PR.AC-4,PR.AC-6,PR.AC-7,PR.DS-5
     nist@sle12: CM-6(b),CM-6.1(iv)
     nist@sle15: CM-6(b),CM-6.1(iv)
+    pcidss: Req-8.2.1
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol7: OL07-00-020310
     stigid@ol8: OL08-00-040200

diff --git a/...os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml b/...os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/rule.yml
@@ -49,6 +49,7 @@ references:
     nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.2.3,CIP-004-6 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.2,CIP-007-3 R5.2,CIP-007-3 R5.3.1,CIP-007-3 R5.3.2,CIP-007-3 R5.3.3
     nist: IA-2,CM-6(a)
     nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
+    pcidss: Req-8.6.1
 
 ocil_clause: 'the /etc/securetty file is not empty'
 

diff --git a/...stem/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/...stem/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
@@ -50,6 +50,7 @@ references:
     iso27001-2013: A.12.4.1,A.12.4.3,A.6.1.2,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5
     nist: AC-6,CM-6(a),CM-6(b),CM-6.1(iv)
     nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6
+    pcidss: Req-8.6.1
     srg: SRG-OS-000480-GPOS-00227
     stigid@sle12: SLES-12-010631
     stigid@sle15: SLES-15-020091

diff --git a/...tem/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml b/...tem/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/rule.yml
@@ -36,6 +36,7 @@ references:
     nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
     nist: AC-6,CM-6(a)
     nist-csf: PR.AC-4,PR.DS-5
+    pcidss: Req-8.6.1
     srg: SRG-OS-000324-GPOS-00125
 
 ocil_clause: 'root login over virtual console devices is permitted'

diff --git a/..._os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/..._os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
@@ -32,6 +32,7 @@ references:
     cis@ubuntu2004: "5.6"
     cis@ubuntu2204: "5.6"
     ospp: FMT_SMF_EXT.1.1
+    pcidss: Req-8.6.1
     srg: 'SRG-OS-000373-GPOS-00156,SRG-OS-000312-GPOS-00123'
 
 ocil_clause: 'the line is not in the file or it is commented'

diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
@@ -57,6 +57,7 @@ references:
     nist-csf: PR.AC-7
     nist@sle12: AC-11(a)
     ospp: FMT_MOF_EXT.1
+    pcidss: Req-8.6.1
     srg: SRG-OS-000163-GPOS-00072,SRG-OS-000029-GPOS-00010
     stigid@ol7: OL07-00-040160
     stigid@rhel7: RHEL-07-040160

diff --git a/...x_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/...x_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
@@ -49,6 +49,7 @@ references:
     nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
     nist: AC-6(1),CM-6(a)
     nist-csf: PR.IP-2
+    pcidss: Req-8.6.1
     srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-020353
     stigid@rhel8: RHEL-08-020353

diff --git a/.../guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/.../guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
@@ -40,6 +40,7 @@ references:
     nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
     nist: AC-6(1),CM-6(a)
     nist-csf: PR.IP-1,PR.IP-2
+    pcidss: Req-8.6.1
     srg: SRG-OS-000480-GPOS-00228
     stigid@ol7: OL07-00-020240
     stigid@ol8: OL08-00-020351

diff --git a/..._os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml b/..._os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
@@ -40,6 +40,7 @@ references:
     nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
     nist: AC-6(1),CM-6(a)
     nist-csf: PR.IP-2
+    pcidss: Req-8.6.1
     srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-020353
     stigid@rhel8: RHEL-08-020353

diff --git a/linux_os/guide/system/auditing/package_audit_installed/rule.yml b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
@@ -30,6 +30,7 @@ references:
     nist: AC-7(a),AU-7(1),AU-7(2),AU-14,AU-12(2),AU-2(a),CM-6(a)
     nist@sle12: AU-7(a),AU-7(b),AU-8(b),AU-12.1(iv),AU-12(3),AU-12(c),CM-5(1)
     ospp: FAU_GEN.1
+    pcidss: Req-10.2.1
     srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220
     stigid@ol8: OL08-00-030180
     stigid@rhel8: RHEL-08-030180

diff --git a/...ide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/...ide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
@@ -37,6 +37,7 @@ references:
     iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4
     nist: SC-39,CM-6(a)
     nist-csf: PR.IP-1
+    pcidss: Req-2.2.1
     srg: SRG-OS-000433-GPOS-00192
     stigid@ol8: OL08-00-010420
     stigid@rhel8: RHEL-08-010420

diff --git a/..._os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml b/..._os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
@@ -41,6 +41,7 @@ references:
     iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4
     nist: CM-6(a)
     nist-csf: PR.IP-1
+    pcidss: Req-2.2.1
 
 warnings:
     - hardware: |-

diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
@@ -34,6 +34,7 @@ references:
     ism: 1382,1384,1386
     nist: CM-6(a)
     ospp: FMT_MOF_EXT.1
+    pcidss: Req-10.2.1.5
     srg: SRG-OS-000324-GPOS-00125
 
 ocil_clause: 'the package is not installed'

diff --git a/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_use_pty/rule.yml
@@ -30,6 +30,7 @@ references:
     cis@sle15: 1.3.2
     cis@ubuntu2004: 1.3.2
     cis@ubuntu2204: 1.3.2
+    pcidss: Req-10.2.1.5
 
 ocil_clause: 'use_pty is not enabled in sudo'
 

diff --git a/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml b/linux_os/guide/system/software/sudo/sudo_custom_logfile/rule.yml
@@ -27,6 +27,7 @@ references:
     cis@sle15: 1.3.3
     cis@ubuntu2004: 1.3.3
     cis@ubuntu2204: 1.3.3
+    pcidss: Req-10.2.1.5
 
 ocil_clause: 'logfile is not enabled in sudo'