The remedation playbook provided with scap-security-guide does not evaluate all partitions when attempting to audit for the privileged_commands rule.  

(usr/share/scap-security-guide/ansible/rhel8-playbook-cis_workstation_l2.yml)

Currently, only the last partition is evaluated with the existing playbook.  Customer has resolved the issue by modifying as shown below and is asking if this can be modified in the playbook provided. 

From Customer:

(Notice I replaced the [-1], meaning last item of the list, to | flatten, so the list of lists is merged into a single list)

$ diff /usr/share/scap-security-guide/ansible/rhel8-playbook-cis_workstation_l2.yml /usr/share/scap-security-guide/ansible/rhel8-playbook-cis_workstation_l2.yml.new

< privileged_commands: '{{( result_privileged_commands_search.results | map(attribute=''stdout_lines'') < | select() | list )[-1] }}'

privileged_commands: '{{ result_privileged_commands_search.results | map(attribute=''stdout_lines'') > | select() | list | flatten }}'