diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml
index c971daf1afb2..db8156b2f75b 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml
@@ -22,8 +22,59 @@
   loop: "{{ result_privileged_commands_search.results }}"
   when: item is not skipped
 
+{{% if product in ["fedora", "rhel10"] %}}
+- name: {{{ rule_title }}} - Set architecture for audit {{{ PATH }}}
+  ansible.builtin.set_fact:
+    audit_arch: "b64"
+  when:
+  - ansible_architecture == "aarch64" or
+    ansible_architecture == "ppc64" or
+    ansible_architecture == "ppc64le" or
+    ansible_architecture == "s390x" or
+    ansible_architecture == "x86_64"
+{{% endif %}}
+
 - name: {{{ rule_title }}} - Privileged Commands are Present in the System
   block:
+{{% if product in ["fedora", "rhel10"] %}}
+    - name: {{{ rule_title }}} - Ensure Rules for All Privileged Commands in augenrules Format 32-bit
+      ansible.builtin.lineinfile:
+        path: /etc/audit/rules.d/privileged.rules
+        line: '-a always,exit -F arch=b32 -F path={{ item }} -F perm=x -F auid>={{{ auid }}} -F auid!=unset -F key=privileged'
+        regexp: "^.* -F arch=b32 -F path={{ item | regex_escape() }} .*$"
+        create: yes
+      with_items:
+        - "{{ privileged_commands }}"
+
+    - name: {{{ rule_title }}} - Ensure Rules for All Privileged Commands in auditctl Format 32-bit
+      ansible.builtin.lineinfile:
+        path: /etc/audit/audit.rules
+        line: '-a always,exit -F arch=b32 -F path={{ item }} -F perm=x -F auid>={{{ auid }}} -F auid!=unset -F key=privileged'
+        regexp: "^.* -F arch=b32 -F path={{ item | regex_escape() }} .*$"
+        create: yes
+      with_items:
+        - "{{ privileged_commands }}"
+
+    - name: {{{ rule_title }}} - Ensure Rules for All Privileged Commands in augenrules Format 64-bit
+      ansible.builtin.lineinfile:
+        path: /etc/audit/rules.d/privileged.rules
+        line: '-a always,exit -F arch=b64 -F path={{ item }} -F perm=x -F auid>={{{ auid }}} -F auid!=unset -F key=privileged'
+        regexp: "^.* -F arch=b64 -F path={{ item | regex_escape() }} .*$"
+        create: yes
+      with_items:
+        - "{{ privileged_commands }}"
+      when: audit_arch == "b64"
+
+    - name: {{{ rule_title }}} - Ensure Rules for All Privileged Commands in auditctl Format 64-bit
+      ansible.builtin.lineinfile:
+        path: /etc/audit/audit.rules
+        line: '-a always,exit -F arch=b64 -F path={{ item }} -F perm=x -F auid>={{{ auid }}} -F auid!=unset -F key=privileged'
+        regexp: "^.* -F arch=b64 -F path={{ item | regex_escape() }} .*$"
+        create: yes
+      with_items:
+        - "{{ privileged_commands }}"
+      when: audit_arch == "b64"
+{{% else %}}
     - name: {{{ rule_title }}} - Ensure Rules for All Privileged Commands in augenrules Format
       ansible.builtin.lineinfile:
         path: /etc/audit/rules.d/privileged.rules
@@ -41,12 +92,13 @@
         create: yes
       with_items:
         - "{{ privileged_commands }}"
+{{% endif %}}
 
     - name: {{{ rule_title }}} - Search for Duplicated Rules in Other Files
       ansible.builtin.find:
         paths: "/etc/audit/rules.d"
         recurse: no
-        contains: "^-a always,exit -F path={{ item }} .*$"
+        contains: "^-a always,exit (-F arch=b32 |-F arch=b64 )?-F path={{ item | regex_escape() }} .*$"
         patterns: "*.rules"
       with_items:
         - "{{ privileged_commands }}"
@@ -55,7 +107,7 @@
     - name: {{{ rule_title }}} - Ensure Rules for Privileged Commands are Defined Only in One File
       ansible.builtin.lineinfile:
         path: "{{ item.1.path }}"
-        regexp: "^-a always,exit -F path={{ item.0.item }} .*$"
+        regexp: "^-a always,exit (-F arch=b32 |-F arch=b64 )?-F path={{ item.0.item | regex_escape() }} .*$"
         state: absent
       with_subelements:
         - "{{ result_augenrules_files.results }}"
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh
index d0371afcb3d4..3e3132fa5740 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh
@@ -15,8 +15,19 @@ function add_audit_rule()
     local PRIV_CMD="$1"
     local OTHER_FILTERS="-F path=$PRIV_CMD -F perm=x"
     # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
+{{% if product in ["fedora", "rhel10"] %}}
+    [ "$(getconf LONG_BIT)" = "32" ] && RULE_ARCHS=("b32") || RULE_ARCHS=("b32" "b64")
+    for ARCH in "${RULE_ARCHS[@]}" ; do
+        ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH"
+        {{{ bash_fix_audit_syscall_rule("augenrules", "$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") | indent(4) }}}
+        {{{ bash_fix_audit_syscall_rule("auditctl", "$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") | indent(4) }}}
+    done
+{{% else %}}
+    ACTION_ARCH_FILTERS="-a always,exit"
     {{{ bash_fix_audit_syscall_rule("augenrules", "$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") | indent(4) }}}
     {{{ bash_fix_audit_syscall_rule("auditctl", "$ACTION_ARCH_FILTERS", "$OTHER_FILTERS", "$AUID_FILTERS", "$SYSCALL", "$SYSCALL_GROUPING", "$KEY") | indent(4) }}}
+{{% endif %}}
+
 }
 
 if {{{ bash_bootc_build() }}} ; then
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/oval/shared.xml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/oval/shared.xml
index a6ff74a006c7..01d4e202ab2a 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/oval/shared.xml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/oval/shared.xml
@@ -1,47 +1,50 @@
 {{% if product not in ['ubuntu2404'] %}}
+
+{{% macro arpc_condition(audit_tool, bootc=True) %}}
+          <criteria operator="AND" comment="Audit rules are configured for {{{ 'Image Mode' if bootc else 'Package Mode' }}}">
+            <extend_definition comment="The system is RHEL Image Mode" definition_ref="bootc" negate="{{{ 'false' if bootc else 'true' }}}" />
+{{% if product in ["fedora", "rhel10"] %}}
+            <criterion test_ref="test_{{{ audit_tool }}}_all_priv_cmds_covered{{{ '_bootc' if bootc else '' }}}_32bit"
+              comment="{{{ audit_tool }}} 32bit cover all privileged commands on the system"/>
+            <criterion test_ref="test_{{{ audit_tool }}}_count_matches_system_priv_cmds{{{ '_bootc' if bootc else '' }}}_32bit"
+              comment="count of {{{ audit_tool }}} 32bit for priv cmds matches count of priv cmds in the system"/>
+            <criteria operator="OR" comment="System either isn't 64-bit or 64-bit version of audit rule is present">
+              <!-- System either isn't 64-bit => we just check presence of 32-bit version of audit rule -->
+              <extend_definition comment="64-bit system" definition_ref="system_info_architecture_64bit" negate="true" />
+              <!-- Or system is 64-bit => in that case we also need to verify the presence of 64-bit version of audit rule -->
+              <criteria operator="AND">
+                <criterion test_ref="test_{{{ audit_tool }}}_all_priv_cmds_covered{{{ '_bootc' if bootc else '' }}}_64bit"
+                  comment="{{{ audit_tool }}} 64bit cover all privileged commands on the system"/>
+                <criterion test_ref="test_{{{ audit_tool }}}_count_matches_system_priv_cmds{{{ '_bootc' if bootc else '' }}}_64bit"
+                  comment="count of {{{ audit_tool }}} 64bit for priv cmds matches count of priv cmds in the system"/>
+              </criteria>
+            </criteria>
+{{% else %}}
+            <criterion test_ref="test_{{{ audit_tool }}}_all_priv_cmds_covered{{{ '_bootc' if bootc else '' }}}"
+              comment="{{{ audit_tool }}} cover all privileged commands on the system"/>
+            <criterion test_ref="test_{{{ audit_tool }}}_count_matches_system_priv_cmds{{{ '_bootc' if bootc else '' }}}"
+              comment="count of {{{ audit_tool }}} for priv cmds matches count of priv cmds in the system"/>
+{{% endif %}}
+          </criteria>
+{{% endmacro %}}
+
 <def-group>
   <definition class="compliance" id="{{{ rule_id }}}" version="1">
     {{{ oval_metadata("Audit rules about the information on the use of privileged commands are enabled.", rule_title=rule_title) }}}
     <criteria operator="OR">
       <criteria operator="AND">
-        <extend_definition definition_ref="audit_rules_augenrules"
-          comment="audit augenrules format is used"/>
+        <extend_definition definition_ref="audit_rules_augenrules" comment="audit augenrules format is used"/>
         <criteria operator="OR">
-          <criteria operator="AND">
-            <extend_definition comment="The system is RHEL Image Mode" definition_ref="bootc" />
-            <criterion test_ref="test_augenrules_all_priv_cmds_covered_bootc"
-              comment="augenrules cover all privileged commands on the system"/>
-            <criterion test_ref="test_augenrules_count_matches_system_priv_cmds_bootc"
-              comment="count of augenrules for priv cmds matches count of priv cmds in the system"/>
-          </criteria>
-          <criteria operator="AND">
-            <extend_definition comment="The system isn't RHEL Image Mode" definition_ref="bootc" negate="true" />
-            <criterion test_ref="test_augenrules_all_priv_cmds_covered"
-              comment="augenrules cover all privileged commands on the system"/>
-            <criterion test_ref="test_augenrules_count_matches_system_priv_cmds"
-              comment="count of augenrules for priv cmds matches count of priv cmds in the system"/>
-          </criteria>
+            {{{ arpc_condition("augenrules", bootc=True) }}}
+            {{{ arpc_condition("augenrules", bootc=False) }}}
         </criteria>
       </criteria>
 
       <criteria operator="AND">
-        <extend_definition definition_ref="audit_rules_auditctl"
-          comment="audit auditctl format is used"/>
+        <extend_definition definition_ref="audit_rules_auditctl" comment="audit auditctl format is used"/>
         <criteria operator="OR">
-          <criteria operator="AND">
-            <extend_definition comment="The system is RHEL Image Mode" definition_ref="bootc" />
-            <criterion test_ref="test_auditctl_all_priv_cmds_covered"
-              comment="auditctl covers all privileged commands on the system"/>
-            <criterion test_ref="test_auditctl_count_matches_system_priv_cmds"
-              comment="count of auditctl for priv cmds matches count of priv cmds in the system"/>
-          </criteria>
-          <criteria operator="AND">
-            <extend_definition comment="The system isn't RHEL Image Mode" definition_ref="bootc" negate="true" />
-            <criterion test_ref="test_auditctl_all_priv_cmds_covered"
-              comment="auditctl covers all privileged commands on the system"/>
-            <criterion test_ref="test_auditctl_count_matches_system_priv_cmds"
-              comment="count of auditctl for priv cmds matches count of priv cmds in the system"/>
-          </criteria>
+            {{{ arpc_condition("auditctl", bootc=True) }}}
+            {{{ arpc_condition("auditctl", bootc=False) }}}
         </criteria>
       </criteria>
     </criteria>
@@ -120,195 +123,126 @@
     <filter action="exclude">state_audit_rules_privileged_commands_sysroot</filter>
   </unix:file_object>
 
-  <local_variable id="var_audit_rules_privileged_commands_priv_cmds" version="1"
-    datatype="string" comment="Filepath of all privileged commands found in the system">
-    <object_component item_field="filepath" object_ref="object_audit_rules_privileged_commands"/>
+  <!-- The intention of the first test is to ensure that exists at least one rule for each
+       privileged command found in the system. Therefore, a list of objects will be extracted
+       from auditd rules and compared to privileged commands found in relevant partitions. -->
+{{% if product in ["fedora", "rhel10"] %}}
+  <local_variable id="var_audit_rules_privileged_commands_rule_regex_32bit" version="1"
+    datatype="string" comment="Regex for auditd rule">
+    <literal_component>^[\s]*-a always,exit -F arch=b32 (?:-F path=([\S]+))+(?: -F perm=x)? -F auid>={{{ auid }}} -F auid!=(?:4294967295|unset)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$</literal_component>
   </local_variable>
-  <local_variable id="var_audit_rules_privileged_commands_priv_cmds_bootc" version="1"
-    datatype="string" comment="Filepath of all privileged commands found in the system">
-    <object_component item_field="filepath" object_ref="object_audit_rules_privileged_commands_bootc"/>
+  <local_variable id="var_audit_rules_privileged_commands_rule_regex_64bit" version="1"
+    datatype="string" comment="Regex for auditd rule">
+    <literal_component>^[\s]*-a always,exit -F arch=b64 (?:-F path=([\S]+))+(?: -F perm=x)? -F auid>={{{ auid }}} -F auid!=(?:4294967295|unset)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$</literal_component>
   </local_variable>
+{{% else %}}
+  <local_variable id="var_audit_rules_privileged_commands_rule_regex" version="1"
+    datatype="string" comment="Regex for auditd rule">
+    <literal_component>^[\s]*-a always,exit (?:-F path=([\S]+))+(?: -F perm=x)? -F auid>={{{ auid }}} -F auid!=(?:4294967295|unset)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$</literal_component>
+  </local_variable>
+{{% endif %}}
 
-  <local_variable id="var_audit_rules_privileged_commands_priv_cmds_count" version="1"
-    datatype="int" comment="Count all privileged commands present in the system">
-    <count>
-      <object_component item_field="filepath"
-        object_ref="object_audit_rules_privileged_commands"/>
-    </count>
+{{% macro arpc_variables_and_states(bootc) %}}
+  <local_variable id="var_audit_rules_privileged_commands_priv_cmds{{{ '_bootc' if bootc else '' }}}" version="1"
+    datatype="string" comment="Filepath of all privileged commands found in the system">
+    <object_component item_field="filepath" object_ref="object_audit_rules_privileged_commands{{{ '_bootc' if bootc else '' }}}"/>
   </local_variable>
-  <local_variable id="var_audit_rules_privileged_commands_priv_cmds_count_bootc" version="1"
+
+  <local_variable id="var_audit_rules_privileged_commands_priv_cmds_count{{{ '_bootc' if bootc else '' }}}" version="1"
     datatype="int" comment="Count all privileged commands present in the system">
     <count>
       <object_component item_field="filepath"
-        object_ref="object_audit_rules_privileged_commands_bootc"/>
+        object_ref="object_audit_rules_privileged_commands{{{ '_bootc' if bootc else '' }}}"/>
     </count>
   </local_variable>
 
-  <ind:variable_object id="object_audit_rules_privileged_commands_priv_cmds_count" version="1"
-    comment="Number of all privileged commands in the system, regardless of audit rules.">
-    <ind:var_ref>var_audit_rules_privileged_commands_priv_cmds_count</ind:var_ref>
-  </ind:variable_object>
-  <ind:variable_object id="object_audit_rules_privileged_commands_priv_cmds_count_bootc" version="1"
+  <ind:variable_object id="object_audit_rules_privileged_commands_priv_cmds_count{{{ '_bootc' if bootc else '' }}}" version="1"
     comment="Number of all privileged commands in the system, regardless of audit rules.">
-    <ind:var_ref>var_audit_rules_privileged_commands_priv_cmds_count_bootc</ind:var_ref>
+    <ind:var_ref>var_audit_rules_privileged_commands_priv_cmds_count{{{ '_bootc' if bootc else '' }}}</ind:var_ref>
   </ind:variable_object>
 
-  <!-- The intention of the first test is to ensure that exists at least one rule for each
-       privileged command found in the system. Therefore, a list of objects will be extracted
-       from auditd rules and compared to privileged commands found in relevant partitions. -->
-  <local_variable id="var_audit_rules_privileged_commands_rule_regex" version="1"
-    datatype="string" comment="Regex for auditd rule">
-    <literal_component>^[\s]*-a always,exit (?:-F path=([\S]+))+(?: -F perm=x)? -F auid>={{{ auid }}} -F auid!=(?:4294967295|unset)[\s]+(?:-k[\s]+|-F[\s]+key=)[\S]+[\s]*$</literal_component>
-  </local_variable>
-
   <!-- This state is used to filter out all the auditd rules related to non privileged commands.
        When collectiong the paths in the textfilecontent54_object objects below, this state will
        ensure that the list is composed only by privileged commands present in the system. Other
        paths values will be ignored. -->
-  <ind:textfilecontent54_state id="state_unprivileged_commands" version="1">
-    <ind:subexpression datatype="string" operation="not equal" var_check="all"
-      var_ref="var_audit_rules_privileged_commands_priv_cmds"/>
-  </ind:textfilecontent54_state>
-  <ind:textfilecontent54_state id="state_unprivileged_commands_bootc" version="1">
+  <ind:textfilecontent54_state id="state_unprivileged_commands{{{ '_bootc' if bootc else '' }}}" version="1">
     <ind:subexpression datatype="string" operation="not equal" var_check="all"
-      var_ref="var_audit_rules_privileged_commands_priv_cmds_bootc"/>
+      var_ref="var_audit_rules_privileged_commands_priv_cmds{{{ '_bootc' if bootc else '' }}}"/>
   </ind:textfilecontent54_state>
 
-  <!-- augenrules -->
-  <ind:textfilecontent54_object id="object_priv_cmds_from_augenrules" version="1">
-    <ind:filepath operation="pattern match">^/etc/audit/rules\.d/.*\.rules$</ind:filepath>
-    <ind:pattern operation="pattern match"
-      var_ref="var_audit_rules_privileged_commands_rule_regex"/>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-    <filter action="exclude">state_unprivileged_commands</filter>
-  </ind:textfilecontent54_object>
-  <ind:textfilecontent54_object id="object_priv_cmds_from_augenrules_bootc" version="1">
-    <ind:filepath operation="pattern match">^/etc/audit/rules\.d/.*\.rules$</ind:filepath>
-    <ind:pattern operation="pattern match"
-      var_ref="var_audit_rules_privileged_commands_rule_regex"/>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-    <filter action="exclude">state_unprivileged_commands_bootc</filter>
-  </ind:textfilecontent54_object>
-
-  <ind:textfilecontent54_state id="state_priv_cmds_from_system" version="1">
-    <ind:subexpression datatype="string" operation="pattern match" var_check="at least one"
-      var_ref="var_audit_rules_privileged_commands_priv_cmds"/>
-  </ind:textfilecontent54_state>
-  <ind:textfilecontent54_state id="state_priv_cmds_from_system_bootc" version="1">
+  <ind:textfilecontent54_state id="state_priv_cmds_from_system{{{ '_bootc' if bootc else '' }}}" version="1">
     <ind:subexpression datatype="string" operation="pattern match" var_check="at least one"
-      var_ref="var_audit_rules_privileged_commands_priv_cmds_bootc"/>
+      var_ref="var_audit_rules_privileged_commands_priv_cmds{{{ '_bootc' if bootc else '' }}}"/>
   </ind:textfilecontent54_state>
+{{% endmacro %}}
 
-  <ind:textfilecontent54_test id="test_augenrules_all_priv_cmds_covered" version="1"
-    check="all" check_existence="all_exist"
-    comment="There is one augenrules rule for each privileged command on the system.">
-    <ind:object object_ref="object_priv_cmds_from_augenrules" />
-    <ind:state state_ref="state_priv_cmds_from_system" />
-  </ind:textfilecontent54_test>
-  <ind:textfilecontent54_test id="test_augenrules_all_priv_cmds_covered_bootc" version="1"
-    check="all" check_existence="all_exist"
-    comment="There is one augenrules rule for each privileged command on the system.">
-    <ind:object object_ref="object_priv_cmds_from_augenrules_bootc" />
-    <ind:state state_ref="state_priv_cmds_from_system_bootc" />
-  </ind:textfilecontent54_test>
-
-  <local_variable id="var_priv_cmds_from_augenrules_count" version="1"
-    datatype="int" comment="Count privileged commands found in audit rules in augenrules format">
-    <count>
-      <object_component item_field="subexpression" object_ref="object_priv_cmds_from_augenrules"/>
-    </count>
-  </local_variable>
-  <local_variable id="var_priv_cmds_from_augenrules_count_bootc" version="1"
-    datatype="int" comment="Count privileged commands found in audit rules in augenrules format">
-    <count>
-      <object_component item_field="subexpression" object_ref="object_priv_cmds_from_augenrules_bootc"/>
-    </count>
-  </local_variable>
-
-  <ind:variable_state id="state_priv_cmds_from_augenrules_count" version="1">
-    <ind:value datatype="int" operation="equals" var_check="at least one"
-      var_ref="var_priv_cmds_from_augenrules_count"/>
-  </ind:variable_state>
-  <ind:variable_state id="state_priv_cmds_from_augenrules_count_bootc" version="1">
-    <ind:value datatype="int" operation="equals" var_check="at least one"
-      var_ref="var_priv_cmds_from_augenrules_count_bootc"/>
-  </ind:variable_state>
-
-  <ind:variable_test id="test_augenrules_count_matches_system_priv_cmds" version="1"
-    check="all" check_existence="all_exist"
-    comment="Count of augenrules for priv cmds matches the count of priv cmds in the system">
-    <ind:object object_ref="object_audit_rules_privileged_commands_priv_cmds_count"/>
-    <ind:state state_ref="state_priv_cmds_from_augenrules_count"/>
-  </ind:variable_test>
-  <ind:variable_test id="test_augenrules_count_matches_system_priv_cmds_bootc" version="1"
-    check="all" check_existence="all_exist"
-    comment="Count of augenrules for priv cmds matches the count of priv cmds in the system">
-    <ind:object object_ref="object_audit_rules_privileged_commands_priv_cmds_count_bootc"/>
-    <ind:state state_ref="state_priv_cmds_from_augenrules_count_bootc"/>
-  </ind:variable_test>
-
-  <!-- auditctl -->
-  <ind:textfilecontent54_object id="object_priv_cmds_from_auditctl" version="1">
-    <ind:filepath>/etc/audit/audit.rules</ind:filepath>
-    <ind:pattern operation="pattern match"
-      var_ref="var_audit_rules_privileged_commands_rule_regex"/>
-    <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-    <filter action="exclude">state_unprivileged_commands</filter>
-  </ind:textfilecontent54_object>
-  <ind:textfilecontent54_object id="object_priv_cmds_from_auditctl_bootc" version="1">
+{{% macro arpc_object_priv_cmds(audit_tool, bits=None, bootc=False) %}}
+  <ind:textfilecontent54_object id="object_priv_cmds_from_{{{ audit_tool }}}{{{ '_bootc' if bootc else '' }}}{{{ ('_' + bits + 'bit') if bits else '' }}}" version="1">
+    {{% if audit_tool == "augenrules" %}}
+    <ind:filepath operation="pattern match">^/etc/audit/rules\.d/.*\.rules$</ind:filepath>
+    {{% elif audit_tool == "auditctl" %}}
     <ind:filepath>/etc/audit/audit.rules</ind:filepath>
+    {{% else %}}
+    {{{ raise("Unknown audit tool: " + audit_tool) }}}
+    {{% endif %}}
     <ind:pattern operation="pattern match"
-      var_ref="var_audit_rules_privileged_commands_rule_regex"/>
+      var_ref="var_audit_rules_privileged_commands_rule_regex{{{ ('_' + bits + 'bit') if bits else '' }}}"/>
     <ind:instance operation="greater than or equal" datatype="int">1</ind:instance>
-    <filter action="exclude">state_unprivileged_commands_bootc</filter>
+    <filter action="exclude">state_unprivileged_commands{{{ '_bootc' if bootc else '' }}}</filter>
   </ind:textfilecontent54_object>
+{{% endmacro %}}
 
-  <ind:textfilecontent54_test id="test_auditctl_all_priv_cmds_covered" version="1"
+{{% macro arpc_test_all_priv_cmds_covered(audit_tool, bits=None, bootc=False) %}}
+  <ind:textfilecontent54_test id="test_{{{ audit_tool }}}_all_priv_cmds_covered{{{ '_bootc' if bootc else '' }}}{{{ ('_' + bits + 'bit') if bits else '' }}}" version="1"
     check="all" check_existence="all_exist"
-    comment="There is one auditctl rule for each privileged command on the system.">
-    <ind:object object_ref="object_priv_cmds_from_auditctl"/>
-    <ind:state state_ref="state_priv_cmds_from_system"/>
-  </ind:textfilecontent54_test>
-  <ind:textfilecontent54_test id="test_auditctl_all_priv_cmds_covered_bootc" version="1"
-    check="all" check_existence="all_exist"
-    comment="There is one auditctl rule for each privileged command on the system.">
-    <ind:object object_ref="object_priv_cmds_from_auditctl_bootc"/>
-    <ind:state state_ref="state_priv_cmds_from_system_bootc"/>
+    comment="There is one {{{ audit_tool }}} rule for each privileged command on the system.">
+    <ind:object object_ref="object_priv_cmds_from_{{{ audit_tool }}}{{{ '_bootc' if bootc else '' }}}{{{ ('_' + bits + 'bit') if bits else '' }}}" />
+    <ind:state state_ref="state_priv_cmds_from_system{{{ '_bootc' if bootc else '' }}}" />
   </ind:textfilecontent54_test>
+{{% endmacro %}}
 
-  <local_variable id="var_priv_cmds_from_auditctl_count" version="1"
-    datatype="int" comment="Count privileged commands found in audit rules in auditctl format">
-    <count>
-      <object_component object_ref="object_priv_cmds_from_auditctl" item_field="subexpression"/>
-    </count>
-  </local_variable>
-  <local_variable id="var_priv_cmds_from_auditctl_count_bootc" version="1"
-    datatype="int" comment="Count privileged commands found in audit rules in auditctl format">
+{{% macro arpc_var_priv_cmds_count(audit_tool, bits=None, bootc=False) %}}
+  <local_variable id="var_priv_cmds_from_{{{ audit_tool }}}_count{{{ '_bootc' if bootc else '' }}}{{{ ('_' + bits + 'bit') if bits else '' }}}" version="1"
+    datatype="int" comment="Count privileged commands found in audit rules in {{{ audit_tool }}} format">
     <count>
-      <object_component object_ref="object_priv_cmds_from_auditctl_bootc" item_field="subexpression"/>
+      <object_component item_field="subexpression" object_ref="object_priv_cmds_from_{{{ audit_tool }}}{{{ '_bootc' if bootc else '' }}}{{{ ('_' + bits + 'bit') if bits else '' }}}" />
     </count>
   </local_variable>
+{{% endmacro %}}
 
-  <ind:variable_state id="state_priv_cmds_from_auditctl_count" version="1">
+{{% macro arpc_state_priv_cmds_count(audit_tool, bits=None, bootc=False) %}}
+  <ind:variable_state id="state_priv_cmds_from_{{{ audit_tool }}}_count{{{ '_bootc' if bootc else '' }}}{{{ ('_' + bits + 'bit') if bits else '' }}}" version="1">
     <ind:value datatype="int" operation="equals" var_check="at least one"
-      var_ref="var_priv_cmds_from_auditctl_count"/>
-  </ind:variable_state>
-  <ind:variable_state id="state_priv_cmds_from_auditctl_count_bootc" version="1">
-    <ind:value datatype="int" operation="equals" var_check="at least one"
-      var_ref="var_priv_cmds_from_auditctl_count_bootc"/>
+      var_ref="var_priv_cmds_from_{{{ audit_tool }}}_count{{{ '_bootc' if bootc else '' }}}{{{ ('_' + bits + 'bit') if bits else '' }}}"/>
   </ind:variable_state>
+{{% endmacro %}}
 
-  <ind:variable_test id="test_auditctl_count_matches_system_priv_cmds" version="1"
+{{% macro arpc_test_count_matches_system_priv_cmds(audit_tool, bits=None, bootc=False) %}}
+  <ind:variable_test id="test_{{{ audit_tool }}}_count_matches_system_priv_cmds{{{ '_bootc' if bootc else '' }}}{{{ ('_' + bits + 'bit') if bits else '' }}}" version="1"
     check="all" check_existence="all_exist"
-    comment="Count of auditctl rules for priv cmds matches the count of priv cmds in the system">
-    <ind:object object_ref="object_audit_rules_privileged_commands_priv_cmds_count" />
-    <ind:state state_ref="state_priv_cmds_from_auditctl_count" />
-  </ind:variable_test>
-  <ind:variable_test id="test_auditctl_count_matches_system_priv_cmds_bootc" version="1"
-    check="all" check_existence="all_exist"
-    comment="Count of auditctl rules for priv cmds matches the count of priv cmds in the system">
-    <ind:object object_ref="object_audit_rules_privileged_commands_priv_cmds_count_bootc" />
-    <ind:state state_ref="state_priv_cmds_from_auditctl_count_bootc" />
+    comment="Count of {{{ audit_tool }}} for priv cmds matches the count of priv cmds in the system">
+    <ind:object object_ref="object_audit_rules_privileged_commands_priv_cmds_count{{{ '_bootc' if bootc else '' }}}"/>
+    <ind:state state_ref="state_priv_cmds_from_{{{ audit_tool }}}_count{{{ '_bootc' if bootc else '' }}}{{{ ('_' + bits + 'bit') if bits else '' }}}"/>
   </ind:variable_test>
+{{% endmacro %}}
+
+{{% for bootc in [False, True] %}}
+    {{{ arpc_variables_and_states(bootc) }}}
+    {{% if product in ["fedora", "rhel10"] %}}
+        {{% set bits_options = ["32", "64"] %}}
+    {{% else %}}
+        {{% set bits_options = [None] %}}
+    {{% endif %}}
+    {{% for bits in bits_options %}}
+        {{% for audit_tool in ["augenrules", "auditctl"] %}}
+            {{{ arpc_object_priv_cmds(audit_tool, bits=bits, bootc=bootc) }}}
+            {{{ arpc_test_all_priv_cmds_covered(audit_tool, bits=bits, bootc=bootc) }}}
+            {{{ arpc_var_priv_cmds_count(audit_tool, bits=bits, bootc=bootc) }}}
+            {{{ arpc_state_priv_cmds_count(audit_tool, bits=bits, bootc=bootc) }}}
+            {{{ arpc_test_count_matches_system_priv_cmds(audit_tool, bits=bits, bootc=bootc) }}}
+        {{% endfor %}}
+    {{% endfor %}}
+{{% endfor %}}
+
 </def-group>
 {{% endif %}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/rule.yml
index ad5a1f91a639..7baee897f2ee 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/rule.yml
@@ -13,10 +13,16 @@ description: |-
     setuid / setgid programs using the following command:
     <pre>$ sudo find <i>PARTITION</i> -xdev -perm /6000 -type f 2&gt;/dev/null</pre>
 
+{{% if product in ["fedora", "rhel10"] %}}
     For each setuid / setgid program identified by the previous command, an audit rule must be
     present in the appropriate place using the following line structure, setting ARCH to either b32 for 32-bit
     system, or having two lines for both b32 and b64 in case your system is 64-bit:
     <pre>-a always,exit -F arch=ARCH -F path=<i>PROG_PATH</i> -F perm=x -F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
+{{% else %}}
+    For each setuid / setgid program identified by the previous command, an audit rule must be
+    present in the appropriate place using the following line structure:
+    <pre>-a always,exit -F path=<i>PROG_PATH</i> -F perm=x -F auid&gt;={{{ auid }}} -F auid!=unset -F key=privileged</pre>
+{{% endif %}}
 
     If the <tt>auditd</tt> daemon is configured to use the <tt>augenrules</tt> program to read
     audit rules during daemon startup, add the line to a file with suffix <tt>.rules</tt> in the
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh
index adbf71ccf508..4f991c60a85d 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_extra_rules_configured.pass.sh
@@ -3,4 +3,9 @@
 # platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu
 
 ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules
-echo "-a always,exit -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
+{{% if product in ["fedora", "rhel10"] %}}
+    echo "-a always,exit -F arch=b32 -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
+    echo "-a always,exit -F arch=b64 -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
+{{% else %}}
+    echo "-a always,exit -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
+{{% endif %}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh
index 2c3c6124c6ba..6e197e75a561 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh
@@ -1,5 +1,9 @@
 #!/bin/bash
 # packages = audit
 # platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu
-
-echo "-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
+{{% if product in ["fedora", "rhel10"] %}}
+    echo "-a always,exit -F arch=b32 -F path=/usr/bin/sudo -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
+    echo "-a always,exit -F arch=b64 -F path=/usr/bin/sudo -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
+{{% else %}}
+    echo "-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
+{{% endif %}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh
index 8f3c02693f5a..6bba4a1c089c 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh
@@ -2,6 +2,15 @@
 # packages = audit
 # platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8,multi_platform_ubuntu
 
+{{% if product in ["fedora", "rhel10"] %}}
+echo "-a always,exit -F arch=b32 -F path=/usr/bin/newgrp -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules
+echo "-a always,exit -F arch=b64 -F path=/usr/bin/newgrp -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules
+echo "-a always,exit -F arch=b32 -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules
+echo "-a always,exit -F arch=b64 -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules
+echo "-a always,exit -F arch=b32 -F path=/usr/bin/passwd -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
+echo "-a always,exit -F arch=b64 -F path=/usr/bin/passwd -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
+{{% else %}}
 echo "-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules
 echo "-a always,exit -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules
 echo "-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
+{{% endif %}}
diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/generate_privileged_commands_rule.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/generate_privileged_commands_rule.sh
index 7120537185ea..51fe6dc630d4 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/generate_privileged_commands_rule.sh
+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/generate_privileged_commands_rule.sh
@@ -4,5 +4,12 @@ AUID=$1
 KEY=$2
 RULEPATH=$3
 for file in $(find / -not \( -fstype afs -o -fstype autofs -o -fstype ceph -o -fstype cifs -o -fstype smb3 -o -fstype smbfs -o -fstype sshfs -o -fstype ncpfs -o -fstype ncp -o -fstype nfs -o -fstype nfs4 -o -fstype gfs -o -fstype gfs2 -o -fstype glusterfs -o -fstype gpfs -o -fstype pvfs2 -o -fstype ocfs2 -o -fstype lustre -o -fstype davfs -o -fstype fuse.sshfs \) -type f \( -perm -4000 -o -perm -2000 \) 2> /dev/null); do
-     echo "-a always,exit -F path=$file -F perm=x -F auid>=$AUID -F auid!=unset -k $KEY" >> $RULEPATH
+{{% if product in ["fedora", "rhel10"] %}}
+    [ "$(getconf LONG_BIT)" = "32" ] && RULE_ARCHS=("b32") || RULE_ARCHS=("b32" "b64")
+    for ARCH in "${RULE_ARCHS[@]}" ; do
+        echo "-a always,exit -F arch=$ARCH -F path=$file -F perm=x -F auid>=$AUID -F auid!=unset -k $KEY" >> $RULEPATH
+    done
+{{% else %}}
+    echo "-a always,exit -F path=$file -F perm=x -F auid>=$AUID -F auid!=unset -k $KEY" >> $RULEPATH
+{{% endif %}}
 done