What were you trying to do that didn't work?

Using OpenSCAP with the CIS Server Level 1 profile (xccdf_org.ssgproject.content_profile_cis_server_l1) to scan RHEL 8  the following CIS rule from the official CIS Red Hat Enterprise Linux 8 Benchmark v3.0.0 appears to be missing from the latest SCAP Security Guide content provided by the scap-security-guide package:

4.4.3.2.5 Ensure password maximum sequential characters is configured

This rule is part of the CIS Level 1 benchmark but does not appear in /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml, and there is no corresponding result in the OSCAP compliance report when scanning with the xccdf_org.ssgproject.content_profile_cis_server_l1  profile.

Please provide the package NVR for which the bug is seen:

latest version of scap-security-guide on RHEL 8.10 

How reproducible is this bug?:

Always

Steps to reproduce

1. Install the latest scap-security-guide on RHEL 8:
2. Verify it's content.
3. Run a scan against CIS Level 1
4. Review the generated report — there is no entry corresponding to CIS rule 4.4.3.2.5

Expected results

 
The SCAP content should include the rule “4.4.3.2.5 Ensure password maximum sequential characters is configured” so that oscap can evaluate it per the CIS v3.0.0 benchmark