Remove quotes around titles in SRG GPOS

Where there are ":" and other YAML control charters in the title move to a block for the title.
ComplianceAsCode · Sep 3, 2024 · 277f6c7 · 277f6c7
1 parent 7046bc6
commit 277f6c7
Show file tree

Hide file tree

Showing 29 changed files with 75 additions and 72 deletions.
diff --git a/controls/srg_gpos/SRG-OS-000024-GPOS-00007.yml b/controls/srg_gpos/SRG-OS-000024-GPOS-00007.yml
@@ -1,8 +1,8 @@
 controls:
     -   id: SRG-OS-000024-GPOS-00007
-        title: '{{{ full_name }}} must display the Standard Mandatory DoD Notice and Consent
-            Banner until users acknowledge the usage conditions and take explicit actions
-            to log on for further access.'
+        title: {{{ full_name }}} must display the Standard Mandatory DoD Notice and Consent
+                Banner until users acknowledge the usage conditions and take explicit actions
+                to log on for further access.
         levels:
             - medium
         status: does not meet

diff --git a/controls/srg_gpos/SRG-OS-000069-GPOS-00037.yml b/controls/srg_gpos/SRG-OS-000069-GPOS-00037.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000069-GPOS-00037
-        title: '{{{ full_name }}} must enforce password complexity by requiring that at
-    least one uppercase character be used.'
+        title: {{{ full_name }}} must enforce password complexity by requiring that at
+                least one uppercase character be used.
         levels:
             - medium
         rules:

diff --git a/controls/srg_gpos/SRG-OS-000070-GPOS-00038.yml b/controls/srg_gpos/SRG-OS-000070-GPOS-00038.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000070-GPOS-00038
-        title: '{{{ full_name }}} must enforce password complexity by requiring that at
-    least one lowercase character be used.'
+        title: {{{ full_name }}} must enforce password complexity by requiring that at
+               least one lowercase character be used.
         levels:
             - medium
         rules:

diff --git a/controls/srg_gpos/SRG-OS-000072-GPOS-00040.yml b/controls/srg_gpos/SRG-OS-000072-GPOS-00040.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000072-GPOS-00040
-        title: '{{{ full_name }}} must require the change of at least 50 percent of the
-    total number of characters when passwords are changed.'
+        title: {{{ full_name }}} must require the change of at least 50 percent of the
+               total number of characters when passwords are changed.
         levels:
             - medium
         rules:

diff --git a/controls/srg_gpos/SRG-OS-000108-GPOS-00055.yml b/controls/srg_gpos/SRG-OS-000108-GPOS-00055.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000108-GPOS-00055
-        title: '{{{ full_name }}} must use multifactor authentication for local access to
-        nonprivileged accounts.'
+        title: {{{ full_name }}} must use multifactor authentication for local access to
+               nonprivileged accounts.
         levels:
             - medium
         rules:

diff --git a/controls/srg_gpos/SRG-OS-000113-GPOS-00058.yml b/controls/srg_gpos/SRG-OS-000113-GPOS-00058.yml
@@ -2,8 +2,8 @@ controls:
     -   id: SRG-OS-000113-GPOS-00058
         levels:
             - medium
-        title: '{{{ full_name }}} must implement replay-resistant authentication mechanisms
-        for network access to nonprivileged accounts.'
+        title: {{{ full_name }}} must implement replay-resistant authentication mechanisms
+                for network access to nonprivileged accounts.
         status: inherently met
         check: |-
             {{{ full_name }}} supports this requirement and cannot be configured to be out of compliance.

diff --git a/controls/srg_gpos/SRG-OS-000163-GPOS-00072.yml b/controls/srg_gpos/SRG-OS-000163-GPOS-00072.yml
@@ -2,12 +2,13 @@ controls:
     -   id: SRG-OS-000163-GPOS-00072
         levels:
             - medium
-        title: '{{{ full_name }}} must terminate all network connections associated with
-            a communications session at the end of the session, or as follows: for in-band
-            management sessions (privileged sessions), the session must be terminated after
-            10 minutes of inactivity; and for user sessions (non-privileged session), the
-            session must be terminated after 15 minutes of inactivity, except to fulfill
-            documented and validated mission requirements.'
+        title: |-
+               {{{ full_name }}} must terminate all network connections associated with
+               a communications session at the end of the session, or as follows: for in-band
+               management sessions (privileged sessions), the session must be terminated after
+               10 minutes of inactivity; and for user sessions (non-privileged session), the
+               session must be terminated after 15 minutes of inactivity, except to fulfill
+               documented and validated mission requirements.
         rules:
             - sshd_set_idle_timeout
             - sshd_set_keepalive

diff --git a/controls/srg_gpos/SRG-OS-000276-GPOS-00106.yml b/controls/srg_gpos/SRG-OS-000276-GPOS-00106.yml
@@ -1,6 +1,6 @@
 controls:
     -   id: SRG-OS-000276-GPOS-00106
-        title: '{{{ full_name }}} must notify system administrators and ISSOs when accounts are disabled.'
+        title: {{{ full_name }}} must notify system administrators and ISSOs when accounts are disabled.
         levels:
             - medium
         mitigation: |-

diff --git a/controls/srg_gpos/SRG-OS-000304-GPOS-00121.yml b/controls/srg_gpos/SRG-OS-000304-GPOS-00121.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000304-GPOS-00121
-        title: '{{{ full_name }}} must notify system administrators (SAs) and information
-        system security officers (ISSOs) of account enabling actions.'
+        title: {{{ full_name }}} must notify system administrators (SAs) and information
+               system security officers (ISSOs) of account enabling actions.
         levels:
             - medium
         rules:

diff --git a/controls/srg_gpos/SRG-OS-000324-GPOS-00125.yml b/controls/srg_gpos/SRG-OS-000324-GPOS-00125.yml
@@ -1,8 +1,8 @@
 controls:
     -   id: SRG-OS-000324-GPOS-00125
-        title: '{{{ full_name }}} must prevent nonprivileged users from executing privileged
-        functions to include disabling, circumventing, or altering implemented security
-        safeguards/countermeasures.'
+        title: {{{ full_name }}} must prevent nonprivileged users from executing privileged
+               functions to include disabling, circumventing, or altering implemented security
+               safeguards/countermeasures.
         levels:
             - high
         rules:

diff --git a/controls/srg_gpos/SRG-OS-000341-GPOS-00132.yml b/controls/srg_gpos/SRG-OS-000341-GPOS-00132.yml
@@ -1,8 +1,8 @@
 controls:
     -   id: SRG-OS-000341-GPOS-00132
-        title: '{{{ full_name }}} must allocate audit record storage capacity to store at
-    least one week''s worth of audit records, when audit records are not immediately
-    sent to a central audit record storage facility.'
+        title: {{{ full_name }}} must allocate audit record storage capacity to store at
+               least one week''s worth of audit records, when audit records are not immediately
+               sent to a central audit record storage facility.
         levels:
             - low
         rules:

diff --git a/controls/srg_gpos/SRG-OS-000355-GPOS-00143.yml b/controls/srg_gpos/SRG-OS-000355-GPOS-00143.yml
@@ -1,10 +1,10 @@
 controls:
     -   id: SRG-OS-000355-GPOS-00143
-        title: '{{{ full_name }}} must, for networked systems, compare internal information
-    system clocks at least every 24 hours with a server which is synchronized to one
-    of the redundant United States Naval Observatory (USNO) time servers, or a time
-    server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the
-    Global Positioning System (GPS).'
+        title: {{{ full_name }}} must, for networked systems, compare internal information
+               system clocks at least every 24 hours with a server which is synchronized to one
+               of the redundant United States Naval Observatory (USNO) time servers, or a time
+               server designated for the appropriate DOD network (NIPRNet/SIPRNet), and/or the
+               Global Positioning System (GPS).
 
         levels:
             - medium

diff --git a/controls/srg_gpos/SRG-OS-000395-GPOS-00175.yml b/controls/srg_gpos/SRG-OS-000395-GPOS-00175.yml
@@ -2,9 +2,9 @@ controls:
     -   id: SRG-OS-000395-GPOS-00175
         levels:
             - medium
-        title: '{{{ full_name }}} must verify remote disconnection at the termination of
-    nonlocal maintenance and diagnostic sessions, when used for nonlocal maintenance
-    sessions.'
+        title: {{{ full_name }}} must verify remote disconnection at the termination of
+               nonlocal maintenance and diagnostic sessions, when used for nonlocal maintenance
+               sessions.
         check:
           {{{ full_name }}} supports this requirement and cannot be configured to be out of compliance.
           {{{ full_name }}} inherently meets this requirement.

diff --git a/controls/srg_gpos/SRG-OS-000403-GPOS-00182.yml b/controls/srg_gpos/SRG-OS-000403-GPOS-00182.yml
@@ -2,9 +2,9 @@ controls:
     -   id: SRG-OS-000403-GPOS-00182
         levels:
             - medium
-        title: '{{{ full_name }}} must only allow the use of DoD PKI-established certificate
-        authorities for authentication in the establishment of protected sessions to the
-        operating system.'
+        title: {{{ full_name }}} must only allow the use of DoD PKI-established certificate
+               authorities for authentication in the establishment of protected sessions to the
+               operating system.
         status: does not meet
         description:
             {{{ full_name }}} must only allow the use of DoD PKI-established certificate authorities for authentication in the establishment of protected sessions to the operating system.

diff --git a/controls/srg_gpos/SRG-OS-000446-GPOS-00200.yml b/controls/srg_gpos/SRG-OS-000446-GPOS-00200.yml
@@ -2,9 +2,10 @@ controls:
     -   id: SRG-OS-000446-GPOS-00200
         levels:
             - medium
-        title: '{{{ full_name }}} must perform verification of the correct operation
-    of security functions: upon system start-up and/or restart; upon command by a
-    user with privileged access; and/or every 30 days.'
+        title: |-
+               {{{ full_name }}} must perform verification of the correct operation
+               of security functions: upon system start-up and/or restart; upon command by a
+               user with privileged access; and/or every 30 days.
         rules:
             - aide_periodic_cron_checking
         status: automated
diff --git a/controls/srg_gpos/SRG-OS-000478-GPOS-00223.yml b/controls/srg_gpos/SRG-OS-000478-GPOS-00223.yml
@@ -2,11 +2,12 @@ controls:
     -   id: SRG-OS-000478-GPOS-00223
         levels:
             - high
-        title: '{{{ full_name }}} must implement NIST FIPS-validated cryptography for
-    the following: to provision digital signatures, to generate cryptographic hashes,
-    and to protect unclassified information requiring confidentiality and cryptographic
-    protection in accordance with applicable federal laws, Executive Orders, directives,
-    policies, regulations, and standards.'
+        title: |-
+             {{{ full_name }}} must implement NIST FIPS-validated cryptography for
+              the following: to provision digital signatures, to generate cryptographic hashes,
+              and to protect unclassified information requiring confidentiality and cryptographic
+              protection in accordance with applicable federal laws, Executive Orders, directives,
+              policies, regulations, and standards.
         rules:
             - enable_dracut_fips_module
             - enable_fips_mode

diff --git a/controls/srg_gpos/SRG-OS-000590-GPOS-00110.yml b/controls/srg_gpos/SRG-OS-000590-GPOS-00110.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000590-GPOS-00110
-        title: '{{{ full_name }}} must disable accounts when the accounts are no longer
-                associated to a user.'
+        title: {{{ full_name }}} must disable accounts when the accounts are no longer
+                associated to a user.
         levels:
             - medium
         status: pending
diff --git a/controls/srg_gpos/SRG-OS-000690-GPOS-00140.yml b/controls/srg_gpos/SRG-OS-000690-GPOS-00140.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000690-GPOS-00140
-        title: '{{{ full_name }}} must prohibit the use or connection of unauthorized hardware
-                components.'
+        title: {{{ full_name }}} must prohibit the use or connection of unauthorized hardware
+                components.
         levels:
             - medium
         status: pending
diff --git a/controls/srg_gpos/SRG-OS-000705-GPOS-00150.yml b/controls/srg_gpos/SRG-OS-000705-GPOS-00150.yml
@@ -1,8 +1,8 @@
 controls:
     -   id: SRG-OS-000705-GPOS-00150
-        title: '{{{ full_name }}} must implement multifactor authentication for local, network,
+        title: {{{ full_name }}} must implement multifactor authentication for local, network,
                 and/or remote access to privileged accounts and/or nonprivileged accounts such
-                that the device meets organization-defined strength of mechanism requirements.'
+                that the device meets organization-defined strength of mechanism requirements.
         levels:
             - medium
         status: pending
diff --git a/controls/srg_gpos/SRG-OS-000710-GPOS-00160.yml b/controls/srg_gpos/SRG-OS-000710-GPOS-00160.yml
@@ -1,8 +1,8 @@
 controls:
     -   id: SRG-OS-000710-GPOS-00160
-        title: '{{{ full_name }}} must, for password-based authentication, verify when users
+        title: {{{ full_name }}} must, for password-based authentication, verify when users
                 create or update passwords the passwords are not found on the list of commonly-used,
-                expected, or compromised passwords in IA-5 (1) (a).'
+                expected, or compromised passwords in IA-5 (1) (a).
         levels:
             - medium
         status: pending
diff --git a/controls/srg_gpos/SRG-OS-000720-GPOS-00170.yml b/controls/srg_gpos/SRG-OS-000720-GPOS-00170.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000720-GPOS-00170
-        title: '{{{ full_name }}} must for password-based authentication, require immediate
-                selection of a new password upon account recovery.'
+        title: {{{ full_name }}} must for password-based authentication, require immediate
+                selection of a new password upon account recovery.
         levels:
             - medium
         status: pending
diff --git a/controls/srg_gpos/SRG-OS-000725-GPOS-00180.yml b/controls/srg_gpos/SRG-OS-000725-GPOS-00180.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000725-GPOS-00180
-        title: '{{{ full_name }}} must for password-based authentication, allow user selection
-                of long passwords and passphrases, including spaces and all printable characters.'
+        title: {{{ full_name }}} must for password-based authentication, allow user selection
+                of long passwords and passphrases, including spaces and all printable characters.
         levels:
             - medium
         status: pending
diff --git a/controls/srg_gpos/SRG-OS-000730-GPOS-00190.yml b/controls/srg_gpos/SRG-OS-000730-GPOS-00190.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000730-GPOS-00190
-        title: '{{{ full_name }}} must, for password-based authentication, employ automated
-                tools to assist the user in selecting strong password authenticators.'
+        title: {{{ full_name }}} must, for password-based authentication, employ automated
+                tools to assist the user in selecting strong password authenticators.
         levels:
             - medium
         status: automated

diff --git a/controls/srg_gpos/SRG-OS-000745-GPOS-00210.yml b/controls/srg_gpos/SRG-OS-000745-GPOS-00210.yml
@@ -1,6 +1,6 @@
 controls:
     -   id: SRG-OS-000745-GPOS-00210
-        title: '{{{ full_name }}} must accept only external credentials that are NIST-compliant.'
+        title: {{{ full_name }}} must accept only external credentials that are NIST-compliant.
         levels:
             - medium
         status: pending
diff --git a/controls/srg_gpos/SRG-OS-000755-GPOS-00220.yml b/controls/srg_gpos/SRG-OS-000755-GPOS-00220.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000755-GPOS-00220
-        title: '{{{ full_name }}} must monitor the use of maintenance tools that execute
-                with increased privilege.'
+        title: {{{ full_name }}} must monitor the use of maintenance tools that execute
+                with increased privilege.
         levels:
             - medium
         status: automated

diff --git a/controls/srg_gpos/SRG-OS-000775-GPOS-00230.yml b/controls/srg_gpos/SRG-OS-000775-GPOS-00230.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000775-GPOS-00230
-        title: '{{{ full_name }}} must include only approved trust anchors in trust stores
-                or certificate stores managed by the organization.'
+        title: {{{ full_name }}} must include only approved trust anchors in trust stores
+                or certificate stores managed by the organization.
         levels:
             - medium
         status: pending
diff --git a/controls/srg_gpos/SRG-OS-000780-GPOS-00240.yml b/controls/srg_gpos/SRG-OS-000780-GPOS-00240.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000780-GPOS-00240
-        title: '{{{ full_name }}} must provide protected storage for cryptographic keys
-                with organization-defined safeguards and/or hardware protected key store.'
+        title: {{{ full_name }}} must provide protected storage for cryptographic keys
+                with organization-defined safeguards and/or hardware protected key store.
         levels:
             - medium
         status: pending
diff --git a/controls/srg_gpos/SRG-OS-000785-GPOS-00250.yml b/controls/srg_gpos/SRG-OS-000785-GPOS-00250.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000785-GPOS-00250
-        title: '{{{ full_name }}} must synchronize system clocks within and between systems
-                or system components.'
+        title: {{{ full_name }}} must synchronize system clocks within and between systems
+                or system components.
         levels:
             - medium
         status: pending
diff --git a/controls/srg_gpos/SRG-OS-000805-GPOS-00260.yml b/controls/srg_gpos/SRG-OS-000805-GPOS-00260.yml
@@ -1,7 +1,7 @@
 controls:
     -   id: SRG-OS-000805-GPOS-00260
-        title: '{{{ full_name }}} must employ automated patch management tools to facilitate
-                flaw remediation to the organization-defined system components.'
+        title: {{{ full_name }}} must employ automated patch management tools to facilitate
+                flaw remediation to the organization-defined system components.
         levels:
             - medium
         status: automated