diff --git a/dist b/dist
index 5aa45c5bf3f5e5b781981aec176b4910ac39baaf..37a6f9cba7a88cbcf8ab13c9187a23e686af9edd 100644
--- a/dist
+++ b/dist
@@ -1 +1 @@
-an8_8
+an8_9
diff --git a/download b/download
index c49e2f616c04320a4122e0cf9ae1b82adef00c01..9f5c9ebc068987423e0c97f05813e7f4fc20cbee 100644
--- a/download
+++ b/download
@@ -1,2 +1,2 @@
 219c992603514558e5f6f3d29adaa534  scap-security-guide-0.1.52-2.el7_9-rhel6.tar.bz2
-ac9d4fcc5a6f44bf63a0b9b065b6b3e9  scap-security-guide-0.1.69.tar.bz2
+28d1e8f00402c11fc0578a047096dee6  scap-security-guide-0.1.72.tar.bz2
diff --git a/disable-not-in-good-shape-profiles.patch b/hide-profiles-not-in-good-shape-for-RHEL.patch
similarity index 31%
rename from disable-not-in-good-shape-profiles.patch
rename to hide-profiles-not-in-good-shape-for-RHEL.patch
index f883e6ab46feea67047ddffceefd17a5c241bbee..40a7a28106794472405ee8f9461d73bb5409b335 100644
--- a/disable-not-in-good-shape-profiles.patch
+++ b/hide-profiles-not-in-good-shape-for-RHEL.patch
@@ -1,61 +1,54 @@
-From 746381a4070fc561651ad65ec0fe9610e8590781 Mon Sep 17 00:00:00 2001
-From: Watson Sato <wsato@redhat.com>
-Date: Mon, 6 Feb 2023 14:44:17 +0100
-Subject: [PATCH] Disable profiles not in good shape
+From e0f62e3828b9deda102f247b3789f68aeb4e518d Mon Sep 17 00:00:00 2001
+From: Marcus Burghardt <maburgha@redhat.com>
+Date: Fri, 16 Feb 2024 12:07:36 +0100
+Subject: [PATCH] Hide profiles not in good shape for RHEL
 
-Patch-name: disable-not-in-good-shape-profiles.patch
-Patch-id: 0
-Patch-status: |
-    Patch prevents cjis, rht-ccp and standard profiles in RHEL8 datastream
+There are some profiles introduced long time ago but no longer
+maintained. For compatibility purposes they are not removed from
+datastream but are now hidden for RHEL8 to prevent people from
+using them.
 ---
- products/rhel8/CMakeLists.txt            | 1 -
- products/rhel8/profiles/cjis.profile     | 2 +-
- products/rhel8/profiles/rht-ccp.profile  | 2 +-
- products/rhel8/profiles/standard.profile | 2 +-
- 4 files changed, 3 insertions(+), 4 deletions(-)
+ products/rhel8/profiles/cjis.profile     | 2 ++
+ products/rhel8/profiles/rht-ccp.profile  | 2 ++
+ products/rhel8/profiles/standard.profile | 2 ++
+ 3 files changed, 6 insertions(+)
 
-diff --git a/products/rhel8/CMakeLists.txt b/products/rhel8/CMakeLists.txt
-index 9c044b68ab..8f6ca03de8 100644
---- a/products/rhel8/CMakeLists.txt
-+++ b/products/rhel8/CMakeLists.txt
-@@ -10,7 +10,6 @@ ssg_build_product(${PRODUCT})
- ssg_build_html_ref_tables("${PRODUCT}" "table-${PRODUCT}-{ref_id}refs" "anssi;cis;cui;nist;pcidss")
- 
- ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-ospp" "${PRODUCT}" "ospp" "nist")
--ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-standard" "${PRODUCT}" "standard" "nist")
- ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-stig" "${PRODUCT}" "stig" "nist")
- 
- ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_minimal" "${PRODUCT}" "anssi_bp28_minimal" "anssi")
 diff --git a/products/rhel8/profiles/cjis.profile b/products/rhel8/profiles/cjis.profile
-index 22ae5aac72..f60b65bc06 100644
+index 30843b692e..c44c63516f 100644
 --- a/products/rhel8/profiles/cjis.profile
 +++ b/products/rhel8/profiles/cjis.profile
-@@ -1,4 +1,4 @@
--documentation_complete: true
-+documentation_complete: false
+@@ -1,5 +1,7 @@
+ documentation_complete: true
  
++hidden: true
++
  metadata:
      version: 5.4
+     SMEs:
 diff --git a/products/rhel8/profiles/rht-ccp.profile b/products/rhel8/profiles/rht-ccp.profile
-index b192461f95..ae1e7d5a15 100644
+index 01133a9bde..3f6cb751c9 100644
 --- a/products/rhel8/profiles/rht-ccp.profile
 +++ b/products/rhel8/profiles/rht-ccp.profile
-@@ -1,4 +1,4 @@
--documentation_complete: true
-+documentation_complete: false
+@@ -1,5 +1,7 @@
+ documentation_complete: true
  
++hidden: true
++
  title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)'
  
+ description: |-
 diff --git a/products/rhel8/profiles/standard.profile b/products/rhel8/profiles/standard.profile
-index a63ae2cf32..da669bb843 100644
+index 11d72da2d9..79b491113a 100644
 --- a/products/rhel8/profiles/standard.profile
 +++ b/products/rhel8/profiles/standard.profile
-@@ -1,4 +1,4 @@
--documentation_complete: true
-+documentation_complete: false
+@@ -1,5 +1,7 @@
+ documentation_complete: true
  
++hidden: true
++
  title: 'Standard System Security Profile for Red Hat Enterprise Linux 8'
  
+ description: |-
 -- 
-2.39.1
+2.43.1
 
diff --git a/scap-security-guide-0.1.70-fix_enable_fips_mode-PR_10961.patch b/scap-security-guide-0.1.70-fix_enable_fips_mode-PR_10961.patch
deleted file mode 100644
index af7d37e6f3b5d661e1da041dd8b3522bbf73a2be..0000000000000000000000000000000000000000
--- a/scap-security-guide-0.1.70-fix_enable_fips_mode-PR_10961.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 75dd0e76be957e5fd92c98f01f7d672b2549fd3d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jan=20=C4=8Cern=C3=BD?= <jcerny@redhat.com>
-Date: Tue, 8 Aug 2023 15:15:21 +0200
-Subject: [PATCH] Remove kernel cmdline check
-
-The OVAL in rule enable_fips_mode contains multiple checks. One
-of these checks tests presence of `fips=1` in `/etc/kernel/cmdline`.
-Although this is useful for latest RHEL versions, this file doesn't
-exist on RHEL 8.6 and 9.0. This causes that the rule fails after
-remediation on these RHEL versions.
-
-We want the same OVAL behavior on all minor RHEL releases, therefore
-we will remove this test from the OVAL completely.
-
-Related to: https://github.com/ComplianceAsCode/content/pull/10897
----
- .../fips/enable_fips_mode/oval/shared.xml         | 15 ---------------
- 1 file changed, 15 deletions(-)
-
-diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-index 88aae7aaab9..3b50e07060e 100644
---- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-@@ -12,8 +12,6 @@
-         comment="system cryptography policy is configured"/>
-       <criterion test_ref="test_system_crypto_policy_value"
-         comment="check if var_system_crypto_policy variable selection is set to FIPS"/>
--      <criterion test_ref="test_fips_1_argument_in_etc_kernel_cmdline"
--        comment="check if kernel option fips=1 is present in /etc/kernel/cmdline"/>
-       {{% if "ol" in product or "rhel" in product %}}
-       <criteria operator="OR">
-         <criteria operator="AND">
-@@ -57,19 +55,6 @@
-     <ind:subexpression datatype="string" operation="pattern match">^(?:.*\s)?fips=1(?:\s.*)?$</ind:subexpression>
-   </ind:textfilecontent54_state>
- 
--  <ind:textfilecontent54_test id="test_fips_1_argument_in_etc_kernel_cmdline" version="1"
--    check="all" check_existence="all_exist"
--    comment="check if kernel option fips=1 is present in /etc/kernel/cmdline">
--    <ind:object object_ref="object_fips_1_argument_in_etc_kernel_cmdline" />
--    <ind:state state_ref="state_fips_1_argument_in_captured_group" />
--  </ind:textfilecontent54_test>
--
--  <ind:textfilecontent54_object id="object_fips_1_argument_in_etc_kernel_cmdline" version="1">
--    <ind:filepath operation="pattern match">^/etc/kernel/cmdline</ind:filepath>
--    <ind:pattern operation="pattern match">^(.*)$</ind:pattern>
--    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
--  </ind:textfilecontent54_object>
--
-   <ind:variable_test id="test_system_crypto_policy_value" version="1"
-     check="at least one" comment="test if var_system_crypto_policy selection is set to FIPS">
-     <ind:object object_ref="obj_system_crypto_policy_value" />
diff --git a/scap-security-guide-0.1.70-improve_readability_enable_fips_mode-PR_10911.patch b/scap-security-guide-0.1.70-improve_readability_enable_fips_mode-PR_10911.patch
deleted file mode 100644
index fbc06d751ee7d42aedf5ebf67a1969786b0e146a..0000000000000000000000000000000000000000
--- a/scap-security-guide-0.1.70-improve_readability_enable_fips_mode-PR_10911.patch
+++ /dev/null
@@ -1,272 +0,0 @@
-From 9d00e0d296ad4a5ce503b2dfe9647de6806b7b60 Mon Sep 17 00:00:00 2001
-From: Marcus Burghardt <maburgha@redhat.com>
-Date: Thu, 27 Jul 2023 10:02:08 +0200
-Subject: [PATCH 1/2] Align the parameters ordering in OVAL objects
-
-This commit only improves readability without any technical impact in
-the OVAL logic.
----
- .../fips/enable_fips_mode/oval/shared.xml     | 81 ++++++++++++-------
- 1 file changed, 50 insertions(+), 31 deletions(-)
-
-diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-index fe3f96f52a5..0ec076a5fb7 100644
---- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-@@ -1,32 +1,38 @@
- <def-group>
--  <definition class="compliance" id="enable_fips_mode" version="1">
-+  <definition class="compliance" id="{{{ rule_id }}}" version="1">
-     {{{ oval_metadata("Check if FIPS mode is enabled on the system") }}}
-     <criteria operator="AND">
--      <extend_definition comment="check /etc/system-fips exists" definition_ref="etc_system_fips_exists" />
--      <extend_definition comment="check sysctl crypto.fips_enabled = 1" definition_ref="sysctl_crypto_fips_enabled" />
--      <extend_definition comment="Dracut FIPS module is enabled" definition_ref="enable_dracut_fips_module" />
--      <extend_definition comment="system cryptography policy is configured" definition_ref="configure_crypto_policy" />
--      <criterion comment="check if system crypto policy selection in var_system_crypto_policy in the profile is set to FIPS" test_ref="test_system_crypto_policy_value" />
--      <criterion comment="Check if argument fips=1 for Linux kernel is present in /etc/kernel/cmdline" test_ref="test_fips_1_argument_in_etc_kernel_cmdline" />
-+      <extend_definition definition_ref="etc_system_fips_exists"
-+        comment="check /etc/system-fips exists"/>
-+      <extend_definition definition_ref="sysctl_crypto_fips_enabled"
-+        comment="check sysctl crypto.fips_enabled = 1"/>
-+      <extend_definition definition_ref="enable_dracut_fips_module"
-+        comment="Dracut FIPS module is enabled"/>
-+      <extend_definition definition_ref="configure_crypto_policy"
-+        comment="system cryptography policy is configured"/>
-+      <criterion test_ref="test_system_crypto_policy_value"
-+        comment="check if system crypto policy selection in var_system_crypto_policy in the profile is set to FIPS"/>
-+      <criterion test_ref="test_fips_1_argument_in_etc_kernel_cmdline"
-+        comment="Check if argument fips=1 for Linux kernel is present in /etc/kernel/cmdline"/>
-       {{% if "ol" in product or "rhel" in product %}}
-       <criteria operator="OR">
-         <criteria operator="AND">
--          <extend_definition comment="Generic test for s390x architecture"
--          definition_ref="system_info_architecture_s390_64" />
--          <criterion comment="Check if argument fips=1 for Linux kernel is present in /boot/loader/entries/.*.conf"
--          test_ref="test_fips_1_argument_in_boot_loader_entries_conf" />
-+          <extend_definition definition_ref="system_info_architecture_s390_64"
-+            comment="Generic test for s390x architecture"/>
-+          <criterion test_ref="test_fips_1_argument_in_boot_loader_entries_conf"
-+            comment="Check if argument fips=1 for Linux kernel is present in /boot/loader/entries/.*.conf"/>
-         </criteria>
-         <criteria operator="AND">
-           <criteria negate="true">
--            <extend_definition comment="Generic test for NOT s390x architecture"
--            definition_ref="system_info_architecture_s390_64" />
-+            <extend_definition definition_ref="system_info_architecture_s390_64"
-+              comment="Generic test for NOT s390x architecture"/>
-           </criteria>
-           {{% if product in ["ol8", "rhel8"] %}}
--          <criterion comment="check if the kernel boot parameter is configured for FIPS mode"
--          test_ref="test_grubenv_fips_mode" />
-+          <criterion test_ref="test_grubenv_fips_mode"
-+            comment="check if the kernel boot parameter is configured for FIPS mode"/>
-           {{% else %}}
--          <criterion comment="Check if argument fips=1 for Linux kernel is present in /boot/loader/entries/.*.conf"
--          test_ref="test_fips_1_argument_in_boot_loader_entries_conf" />
-+          <criterion test_ref="test_fips_1_argument_in_boot_loader_entries_conf"
-+            comment="Check if argument fips=1 for Linux kernel is present in /boot/loader/entries/.*.conf"/>
-           {{% endif %}}
-         </criteria>
-       </criteria>
-@@ -34,58 +40,71 @@
-     </criteria>
-   </definition>
- 
--  <ind:textfilecontent54_test id="test_fips_1_argument_in_boot_loader_entries_conf"
--  comment="Check if argument fips=1 is present in the line starting with 'options ' in /boot/loader/entries/.*.conf"
--  check="all" check_existence="all_exist" version="1">
-+  <ind:textfilecontent54_test id="test_fips_1_argument_in_boot_loader_entries_conf" version="1"
-+    check="all" check_existence="all_exist"
-+    comment="Check if argument fips=1 is present in the line starting with 'options ' in /boot/loader/entries/.*.conf">
-     <ind:object object_ref="object_fips_1_argument_in_boot_loader_entries_conf" />
-     <ind:state state_ref="state_fips_1_argument_in_captured_group" />
-   </ind:textfilecontent54_test>
-+
-   <ind:textfilecontent54_object id="object_fips_1_argument_in_boot_loader_entries_conf" version="1">
-     <ind:filepath operation="pattern match">^/boot/loader/entries/.*.conf</ind:filepath>
-     <ind:pattern operation="pattern match">^options (.*)$</ind:pattern>
-     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
-   </ind:textfilecontent54_object>
-+
-   <ind:textfilecontent54_state id="state_fips_1_argument_in_captured_group" version="1">
-     <ind:subexpression datatype="string" operation="pattern match">^(?:.*\s)?fips=1(?:\s.*)?$</ind:subexpression>
-   </ind:textfilecontent54_state>
--  <ind:textfilecontent54_test id="test_fips_1_argument_in_etc_kernel_cmdline"
--  comment="Check if argument fips=1 is present in /etc/kernel/cmdline"
--  check="all" check_existence="all_exist" version="1">
-+
-+  <ind:textfilecontent54_test id="test_fips_1_argument_in_etc_kernel_cmdline" version="1"
-+    check="all" check_existence="all_exist"
-+    comment="Check if argument fips=1 is present in /etc/kernel/cmdline">
-     <ind:object object_ref="object_fips_1_argument_in_etc_kernel_cmdline" />
-     <ind:state state_ref="state_fips_1_argument_in_captured_group" />
-   </ind:textfilecontent54_test>
-+
-   <ind:textfilecontent54_object id="object_fips_1_argument_in_etc_kernel_cmdline" version="1">
-     <ind:filepath operation="pattern match">^/etc/kernel/cmdline</ind:filepath>
-     <ind:pattern operation="pattern match">^(.*)$</ind:pattern>
-     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
-   </ind:textfilecontent54_object>
- 
--  <ind:variable_test check="at least one" comment="tests if var_system_crypto_policy is set to FIPS" id="test_system_crypto_policy_value" version="1">
-+  <ind:variable_test id="test_system_crypto_policy_value" version="1"
-+    check="at least one" comment="tests if var_system_crypto_policy is set to FIPS">
-     <ind:object object_ref="obj_system_crypto_policy_value" />
-     <ind:state state_ref="ste_system_crypto_policy_value" />
-   </ind:variable_test>
-+
-   <ind:variable_object id="obj_system_crypto_policy_value" version="1">
-     <ind:var_ref>var_system_crypto_policy</ind:var_ref>
-   </ind:variable_object>
--  <ind:variable_state comment="variable value is set to 'FIPS' or 'FIPS:modifier', where the modifier corresponds to a crypto policy module that further restricts the modified crypto policy." id="ste_system_crypto_policy_value" version="2">
-+
-+  <ind:variable_state id="ste_system_crypto_policy_value" version="2"
-+    comment="variable value is set to 'FIPS' or 'FIPS:modifier', where the modifier corresponds to a crypto policy module that further restricts the modified crypto policy.">
-   {{% if product in ["ol9","rhel9"] -%}}
-     <ind:value operation="pattern match" datatype="string">^FIPS(:OSPP)?$</ind:value>
-   {{%- else %}}
--  {{# Legacy and more relaxed list of crypto policies that were historically considered FIPS-compatible. More recent products should use the more restricted list of options #}}
-+  {{# Legacy and more relaxed list of crypto policies that were historically considered
-+      FIPS-compatible. More recent products should use the more restricted list of options #}}
-     <ind:value operation="pattern match" datatype="string">^FIPS(:(OSPP|NO-SHA1|NO-CAMELLIA))?$</ind:value>
-   {{%- endif %}}
-   </ind:variable_state>
-+
-   {{% if product in ["ol8","rhel8"] %}}
--  <ind:textfilecontent54_test check="all" check_existence="all_exist" id="test_grubenv_fips_mode"
--  comment="Fips mode selected in running kernel opts" version="1">
-+  <ind:textfilecontent54_test id="test_grubenv_fips_mode" version="1"
-+    check="all" check_existence="all_exist"
-+    comment="Fips mode selected in running kernel opts">
-     <ind:object object_ref="obj_grubenv_fips_mode" />
-   </ind:textfilecontent54_test>
--  <ind:textfilecontent54_object id="obj_grubenv_fips_mode"
--  version="1">
-+
-+  <ind:textfilecontent54_object id="obj_grubenv_fips_mode" version="1">
-     <ind:filepath>/boot/grub2/grubenv</ind:filepath>
-     <ind:pattern operation="pattern match">fips=1</ind:pattern>
-     <ind:instance datatype="int">1</ind:instance>
-   </ind:textfilecontent54_object>
-   {{% endif %}}
--  <external_variable comment="defined crypto policy" datatype="string" id="var_system_crypto_policy" version="1" />
-+
-+  <external_variable id="var_system_crypto_policy" version="1"
-+    datatype="string" comment="defined crypto policy"/>
- </def-group>
-
-From 6a62a2f1b61e51326c7cadd2a0494200d98cc02e Mon Sep 17 00:00:00 2001
-From: Marcus Burghardt <maburgha@redhat.com>
-Date: Thu, 27 Jul 2023 10:20:33 +0200
-Subject: [PATCH 2/2] Improve OVAL comments for better readability
-
-Simplified the comments and aligned the respective lines to the
-project Style Guides.
----
- .../fips/enable_fips_mode/oval/shared.xml     | 31 ++++++++++---------
- 1 file changed, 16 insertions(+), 15 deletions(-)
-
-diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-index 0ec076a5fb7..88aae7aaab9 100644
---- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-@@ -3,36 +3,36 @@
-     {{{ oval_metadata("Check if FIPS mode is enabled on the system") }}}
-     <criteria operator="AND">
-       <extend_definition definition_ref="etc_system_fips_exists"
--        comment="check /etc/system-fips exists"/>
-+        comment="check /etc/system-fips file existence"/>
-       <extend_definition definition_ref="sysctl_crypto_fips_enabled"
--        comment="check sysctl crypto.fips_enabled = 1"/>
-+        comment="check option crypto.fips_enabled = 1 in sysctl"/>
-       <extend_definition definition_ref="enable_dracut_fips_module"
--        comment="Dracut FIPS module is enabled"/>
-+        comment="dracut FIPS module is enabled"/>
-       <extend_definition definition_ref="configure_crypto_policy"
-         comment="system cryptography policy is configured"/>
-       <criterion test_ref="test_system_crypto_policy_value"
--        comment="check if system crypto policy selection in var_system_crypto_policy in the profile is set to FIPS"/>
-+        comment="check if var_system_crypto_policy variable selection is set to FIPS"/>
-       <criterion test_ref="test_fips_1_argument_in_etc_kernel_cmdline"
--        comment="Check if argument fips=1 for Linux kernel is present in /etc/kernel/cmdline"/>
-+        comment="check if kernel option fips=1 is present in /etc/kernel/cmdline"/>
-       {{% if "ol" in product or "rhel" in product %}}
-       <criteria operator="OR">
-         <criteria operator="AND">
-           <extend_definition definition_ref="system_info_architecture_s390_64"
--            comment="Generic test for s390x architecture"/>
-+            comment="generic test for s390x architecture"/>
-           <criterion test_ref="test_fips_1_argument_in_boot_loader_entries_conf"
--            comment="Check if argument fips=1 for Linux kernel is present in /boot/loader/entries/.*.conf"/>
-+            comment="check if kernel option fips=1 is present in /boot/loader/entries/.*.conf"/>
-         </criteria>
-         <criteria operator="AND">
-           <criteria negate="true">
-             <extend_definition definition_ref="system_info_architecture_s390_64"
--              comment="Generic test for NOT s390x architecture"/>
-+              comment="generic test for non-s390x architecture"/>
-           </criteria>
-           {{% if product in ["ol8", "rhel8"] %}}
-           <criterion test_ref="test_grubenv_fips_mode"
-             comment="check if the kernel boot parameter is configured for FIPS mode"/>
-           {{% else %}}
-           <criterion test_ref="test_fips_1_argument_in_boot_loader_entries_conf"
--            comment="Check if argument fips=1 for Linux kernel is present in /boot/loader/entries/.*.conf"/>
-+            comment="check if kernel option fips=1 is present in /boot/loader/entries/.*.conf"/>
-           {{% endif %}}
-         </criteria>
-       </criteria>
-@@ -42,7 +42,7 @@
- 
-   <ind:textfilecontent54_test id="test_fips_1_argument_in_boot_loader_entries_conf" version="1"
-     check="all" check_existence="all_exist"
--    comment="Check if argument fips=1 is present in the line starting with 'options ' in /boot/loader/entries/.*.conf">
-+    comment="check if kernel option fips=1 is present in options in /boot/loader/entries/.*.conf">
-     <ind:object object_ref="object_fips_1_argument_in_boot_loader_entries_conf" />
-     <ind:state state_ref="state_fips_1_argument_in_captured_group" />
-   </ind:textfilecontent54_test>
-@@ -59,7 +59,7 @@
- 
-   <ind:textfilecontent54_test id="test_fips_1_argument_in_etc_kernel_cmdline" version="1"
-     check="all" check_existence="all_exist"
--    comment="Check if argument fips=1 is present in /etc/kernel/cmdline">
-+    comment="check if kernel option fips=1 is present in /etc/kernel/cmdline">
-     <ind:object object_ref="object_fips_1_argument_in_etc_kernel_cmdline" />
-     <ind:state state_ref="state_fips_1_argument_in_captured_group" />
-   </ind:textfilecontent54_test>
-@@ -71,7 +71,7 @@
-   </ind:textfilecontent54_object>
- 
-   <ind:variable_test id="test_system_crypto_policy_value" version="1"
--    check="at least one" comment="tests if var_system_crypto_policy is set to FIPS">
-+    check="at least one" comment="test if var_system_crypto_policy selection is set to FIPS">
-     <ind:object object_ref="obj_system_crypto_policy_value" />
-     <ind:state state_ref="ste_system_crypto_policy_value" />
-   </ind:variable_test>
-@@ -81,7 +81,8 @@
-   </ind:variable_object>
- 
-   <ind:variable_state id="ste_system_crypto_policy_value" version="2"
--    comment="variable value is set to 'FIPS' or 'FIPS:modifier', where the modifier corresponds to a crypto policy module that further restricts the modified crypto policy.">
-+    comment="variable value is set to 'FIPS' or 'FIPS:modifier', where the modifier corresponds
-+to a crypto policy module that further restricts the modified crypto policy.">
-   {{% if product in ["ol9","rhel9"] -%}}
-     <ind:value operation="pattern match" datatype="string">^FIPS(:OSPP)?$</ind:value>
-   {{%- else %}}
-@@ -94,7 +95,7 @@
-   {{% if product in ["ol8","rhel8"] %}}
-   <ind:textfilecontent54_test id="test_grubenv_fips_mode" version="1"
-     check="all" check_existence="all_exist"
--    comment="Fips mode selected in running kernel opts">
-+    comment="FIPS mode is selected in running kernel options">
-     <ind:object object_ref="obj_grubenv_fips_mode" />
-   </ind:textfilecontent54_test>
- 
-@@ -106,5 +107,5 @@
-   {{% endif %}}
- 
-   <external_variable id="var_system_crypto_policy" version="1"
--    datatype="string" comment="defined crypto policy"/>
-+    datatype="string" comment="variable which selects the crypto policy"/>
- </def-group>
diff --git a/scap-security-guide-0.1.70-remove_sebool_secure_insmod_from_anssi-PR_11001.patch b/scap-security-guide-0.1.70-remove_sebool_secure_insmod_from_anssi-PR_11001.patch
deleted file mode 100644
index bf45744015c181dfdd92ae5a8def0a192d4f483f..0000000000000000000000000000000000000000
--- a/scap-security-guide-0.1.70-remove_sebool_secure_insmod_from_anssi-PR_11001.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 08b9f875630e119d90a5a1fc3694f6168ad19cb9 Mon Sep 17 00:00:00 2001
-From: Vojtech Polasek <vpolasek@redhat.com>
-Date: Thu, 17 Aug 2023 10:50:09 +0200
-Subject: [PATCH] remove sebool_secure_mode_insmod from RHEL ANSSI high
-
----
- products/rhel8/profiles/anssi_bp28_high.profile | 2 ++
- products/rhel9/profiles/anssi_bp28_high.profile | 2 ++
- 2 files changed, 4 insertions(+)
-
-diff --git a/products/rhel8/profiles/anssi_bp28_high.profile b/products/rhel8/profiles/anssi_bp28_high.profile
-index e2eeabbb78d..204e141b1f5 100644
---- a/products/rhel8/profiles/anssi_bp28_high.profile
-+++ b/products/rhel8/profiles/anssi_bp28_high.profile
-@@ -17,3 +17,5 @@ description: |-
- 
- selections:
-     - anssi:all:high
-+    # the following rule renders UEFI systems unbootable
-+    - '!sebool_secure_mode_insmod'
-diff --git a/products/rhel9/profiles/anssi_bp28_high.profile b/products/rhel9/profiles/anssi_bp28_high.profile
-index e2eeabbb78d..204e141b1f5 100644
---- a/products/rhel9/profiles/anssi_bp28_high.profile
-+++ b/products/rhel9/profiles/anssi_bp28_high.profile
-@@ -17,3 +17,5 @@ description: |-
- 
- selections:
-     - anssi:all:high
-+    # the following rule renders UEFI systems unbootable
-+    - '!sebool_secure_mode_insmod'
diff --git a/scap-security-guide.spec b/scap-security-guide.spec
index 2f2a3ac54853a20d5b1b9e44284bb76f27501762..138ce60bbc2b0081d50dd30064cfa4f5ba671561 100644
--- a/scap-security-guide.spec
+++ b/scap-security-guide.spec
@@ -1,4 +1,3 @@
-%define anolis_release .0.2
 # Base name of static rhel6 content tarball
 %global _static_rhel6_content %{name}-0.1.52-2.el7_9-rhel6
 # https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds
@@ -6,8 +5,8 @@
 # global _default_patch_fuzz 2  # Normally shouldn't be needed as patches should apply cleanly
 
 Name:		scap-security-guide
-Version:	0.1.69
-Release:	2%{anolis_release}%{?dist}
+Version:	0.1.72
+Release:	2%{?dist}
 Summary:	Security guidance and baselines in SCAP formats
 License:	BSD-3-Clause
 Group:		Applications/System
@@ -15,14 +14,8 @@ URL:		https://github.com/ComplianceAsCode/content/
 Source0:	https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
 # Include tarball with last released rhel6 content
 Source1:	%{_static_rhel6_content}.tar.bz2
-# Disable profiles not in good shape
-#     rhel8 - cjis rht-ccp standard
-Patch0:	 disable-not-in-good-shape-profiles.patch
-# Fix rule enable_fips_mode
-Patch1: scap-security-guide-0.1.70-improve_readability_enable_fips_mode-PR_10911.patch
-Patch2: scap-security-guide-0.1.70-fix_enable_fips_mode-PR_10961.patch
-# remove rule sebool_secure_mode_insmod from ANSSI high profile because it prevents UEFI-based systems from booting
-Patch3: scap-security-guide-0.1.70-remove_sebool_secure_insmod_from_anssi-PR_11001.patch
+# Patch hides cjis, rht-ccp and standard profiles for RHEL8
+Patch0: hide-profiles-not-in-good-shape-for-RHEL.patch
 
 BuildArch:	noarch
 
@@ -61,15 +54,6 @@ The %{name}-doc package contains HTML formatted documents containing
 hardening guidances that have been generated from XCCDF benchmarks
 present in %{name} package.
 
-%package        extra
-Summary:        Extra files package
-Group:          System Environment/Base
-Requires:       %{name} = %{version}-%{release}
-
-%description    extra
-The %{name}-extra package contains various situation guidebooks
-
-
 %if ( %{defined rhel} && (! %{defined centos}) )
 %package	rule-playbooks
 Summary:	Ansible playbooks per each rule.
@@ -80,8 +64,6 @@ Requires:	%{name} = %{version}-%{release}
 The %{name}-rule-playbooks package contains individual ansible playbooks per rule.
 %endif
 
-
-
 %prep
 %autosetup -p1 -b1
 
@@ -94,7 +76,6 @@ cd build
 -DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE \
 -DSSG_PRODUCT_FIREFOX:BOOLEAN=TRUE \
 -DSSG_PRODUCT_JRE:BOOLEAN=TRUE \
--DSSG_PRODUCT_ANOLIS8:BOOLEAN=TRUE \
 %if %{defined centos}
 -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \
 %else
@@ -117,11 +98,6 @@ cp -r %{_builddir}/%{_static_rhel6_content}/tables %{buildroot}%{_docdir}/%{name
 cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name}
 
 %files
-%exclude %{_datadir}/%{name}/ansible/rhel*
-%exclude %{_datadir}/%{name}/bash/rhel*
-%exclude %{_datadir}/%{name}/kickstart/ssg-rhel*
-%exclude %{_datadir}/%{name}/tailoring/rhel*
-%exclude %{_datadir}/xml/scap/ssg/content/ssg-rhel*
 %{_datadir}/xml/scap/ssg/content
 %{_datadir}/%{name}/kickstart
 %{_datadir}/%{name}/ansible
@@ -139,13 +115,6 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name
 %doc %{_docdir}/%{name}/guides/*.html
 %doc %{_docdir}/%{name}/tables/*.html
 
-%files extra
-%{_datadir}/%{name}/ansible/rhel*
-%{_datadir}/%{name}/bash/rhel*
-%{_datadir}/%{name}/kickstart/ssg-rhel*
-%{_datadir}/%{name}/tailoring/rhel*
-%{_datadir}/xml/scap/ssg/content/ssg-rhel*
-
 %if ( %{defined rhel} && (! %{defined centos}) )
 %files rule-playbooks
 %defattr(-,root,root,-)
@@ -153,30 +122,47 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name
 %endif
 
 %changelog
-* Mon Sep 25 2023 Yuqing <yyq01323329@alibaba-inc.com> - 0.1.69-2.0.2
-- Add product for Anolis8 (#9770)
-
-* Mon Sep 25 2023 Chang Gao <gc-taifu@linux.alibaba.com> - 0.1.69-2.0.1
-- Add extra package
+* Fri Feb 16 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-2
+- Unlist profiles no longer maintained in RHEL8.
+
+* Wed Feb 14 2024 Marcus Burghardt <maburgha@redhat.com> - 0.1.72-1
+- Rebase to a new upstream release 0.1.72 (RHEL-25250)
+- Increase CIS standards coverage regarding SSH and cron (RHEL-1314)
+- Increase compatibility of accounts_tmout rule for ksh (RHEL-16896 and RHEL-1811)
+- Align Ansible and Bash remediation in sssd_certificate_verification rule (RHEL-1313)
+- Add a warning to rule service_rngd_enabled about rule applicability (RHEL-1819)
+- Add rule to terminate idle user sessions after defined time (RHEL-1801)
+- Allow spaces around equal sign in /etc/sudoers (RHEL-1904)
+- Add remediation for rule fapolicy_default_deny (RHEL-1817)
+- Fix invalid syntax in file /usr/share/scap-security-guide/ansible/rhel8-playbook-ospp.yml (RHEL-19127)
+- Refactor ensure_pam_wheel_group_empty (RHEL-1905)
+- Prevent remediation of display_login_attempts rule from creating redundant configuration entries (RHEL-1809)
+- Update PCI-DSS to v4 (RHEL-1808)
+- Fix regex in Ansible remediation of configure_ssh_crypto_policy (RHEL-1820)
 
 * Thu Aug 17 2023 Vojtech Polasek <vpolasek@redhat.com> - 0.1.69-2
-- remove problematic rule from ANSSI High profile (RHBZ#2228444)
+- remove problematic rule from ANSSI High profile (RHBZ#2221695)
 
 * Thu Aug 10 2023 Jan Černý <jcerny@redhat.com> - 0.1.69-1
-- Rebase to a new upstream release 0.1.69 (RHBZ#2228444)
-- Add rule audit_rules_login_events_faillock to STIG profile (RHBZ#2228455)
-- Add appropriate STIGID to accounts_passwords_pam_faillock_interval rule (RHBZ#2228465)
-- Make rule checking for Postfix unrestricted relay accept more variants of valid configuration syntax (RHBZ#2228471)
-- Correct URL used to download CVE checks (RHBZ#2228452)
-- Evaluation and remediation of rules related to mount points have been enhanced for Image builder (RHBZ#2228448)
-- Mention exact required configuration value in description of some PAM related rules (RHBZ#2228441)
-- Fixed rules related to AIDE configuration (RHBZ#2228458)
-- Update ANSSI BP-028 profiles to be aligned with version 2.0 (RHBZ#2228429)
-- Improved and unified OVAL checks checking for interactive users (RHBZ#2228433)
-- Unify OVAL checks to correctly identify interactive users (RHBZ#2228460)
-- Fixed excess quotes in journald configuration files (RHBZ#2228437)
-- Allow default permissions for files stored on EFI FAT partitions (RHBZ#2228443)
-- Make mount point related rules not applicable when no such mount points exist (RHBZ#2228473)
+- Rebase to a new upstream release 0.1.69 (RHBZ#2221695)
+- Fixed CCE link URL (RHBZ#2178516)
+- align remediations with rule description for rule configuring OpenSSL cryptopolicy (RHBZ#2192893)
+- Add rule audit_rules_login_events_faillock to STIG profile (RHBZ#2167999)
+- Fixed rules related to AIDE configuration (RHBZ#2175684)
+- Allow default permissions for files stored on EFI FAT partitions (RHBZ#2184487)
+- Add appropriate STIGID to accounts_passwords_pam_faillock_interval rule (RHBZ#2209073)
+- improved and unified OVAL checks checking for interactive users (RHBZ#2157877)
+- update ANSSI BP-028 profiles to be aligned with version 2.0 (RHBZ#2155789)
+- unify OVAL checks to correctly identify interactive users (RHBZ#2178740)
+- make rule checking for Postfix unrestricted relay accept more variants of valid configuration syntax (RHBZ#2170530)
+- Fixed excess quotes in journald configuration files (RHBZ#2169857)
+- rules related to polyinstantiated directories are not applied when building images for Image Builder (RHBZ#2130182)
+- evaluation and remediation of rules related to mount points have been enhanced for Image Builder (RHBZ#2130185)
+- do not enable FIPS mode when creating hardened images for Image Builder (RHBZ#2130181)
+- Correct URL used to download CVE checks (RHBZ#2222583)
+- mention exact required configuration value in description of some PAM related rules (RHBZ#2175882)
+- make mount point related rules not applicable when no such mount points exist (RHBZ#2176008)
+- improve checks determining if FIPS mode is enabled (RHBZ#2129100)
 
 * Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-2
 - Unselect rule logind_session_timeout (RHBZ#2158404)