diff --git a/docs/STIG-Manager-OSS.ckl b/docs/STIG-Manager-OSS.ckl
index 19a9d5a16..f12e5e273 100644
--- a/docs/STIG-Manager-OSS.ckl
+++ b/docs/STIG-Manager-OSS.ckl
@@ -1,9 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- STIG Manager 1.0.40 -->
+<!-- STIG Manager 1.4.1 -->
+<!-- Classification: NONE -->
 <CHECKLIST>
   <ASSET>
     <ROLE>None</ROLE>
     <ASSET_TYPE>Non-Computing</ASSET_TYPE>
+    <MARKING>NONE</MARKING>
     <HOST_NAME>STIG-Manager-OSS</HOST_NAME>
     <HOST_IP/>
     <HOST_MAC/>
@@ -34,7 +36,7 @@
         </SI_DATA>
         <SI_DATA>
           <SID_NAME>description</SID_NAME>
-          <SID_DATA>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.</SID_DATA>
+          <SID_DATA>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.</SID_DATA>
         </SI_DATA>
         <SI_DATA>
           <SID_NAME>filename</SID_NAME>
@@ -42,7 +44,7 @@
         </SI_DATA>
         <SI_DATA>
           <SID_NAME>releaseinfo</SID_NAME>
-          <SID_DATA>Release: 1 Benchmark Date: 23 Oct 2020</SID_DATA>
+          <SID_DATA>Release: 3 Benchmark Date: 26 Jul 2023</SID_DATA>
         </SI_DATA>
         <SI_DATA>
           <SID_NAME>title</SID_NAME>
@@ -69,13 +71,17 @@
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000001</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222387r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222387r879511_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -87,7 +93,8 @@
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application management includes the ability to control the number of users and user sessions that utilize an application. Limiting the number of allowed users and sessions per user is helpful in limiting risks related to DoS attacks. 
+          <ATTRIBUTE_DATA>Application management includes the ability to control the number of users and user sessions that utilize an application. Limiting the number of allowed users and sessions per user is helpful in limiting risks related to DoS attacks.
+
 This requirement may be met via the application or by utilizing information system session control provided by a web server or other underlying solution that provides specialized session management capabilities.
 
 If it has been specified that this requirement will be handled by the application, the capability to limit the maximum number of concurrent single user sessions must be designed and built into the application.
@@ -154,7 +161,7 @@ If the application is not configured to limit the number of logon sessions per u
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -162,7 +169,7 @@ If the application is not configured to limit the number of logon sessions per u
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The User Session layer, including concurrent session handling, is implemented by an external OpenID Connect (OIDC) Provider that issues OAuth2 tokens.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -175,13 +182,17 @@ If the application is not configured to limit the number of logon sessions per u
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000295</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222388r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222388r879673_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -215,7 +226,7 @@ Log out of the application and close the browser. Reopen the browser and examine
 
 The procedure to view cookies will vary according to the browser used. Some modern browsers are making use of SQLite databases to store cookie data so use of a SQLite db reader/browser may be required.
 
-Open the cookies related to the application website and search for any identification or authentication information. While authentication information can vary on a per application basis, this is most often specified as &#x22;username=x&#x22;, or &#x22;password=x&#x22;.
+Open the cookies related to the application website and search for any identification or authentication information. While authentication information can vary on a per application basis, this is most often specified as &quot;username=x&quot;, or &quot;password=x&quot;.
 
 If the web application prompts the user to save their password, or if a username or password value exists within a cookie or within local storage locations, even if hashed, this is a finding.
 
@@ -263,7 +274,7 @@ The application may use means other than cookies to store user information. If t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -271,7 +282,7 @@ The application may use means other than cookies to store user information. If t
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The Web Client does not persist storage of any user information, including OAuth2 tokens.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -284,13 +295,17 @@ The application may use means other than cookies to store user information. If t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000295</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222389r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222389r879673_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -302,9 +317,9 @@ The application may use means other than cookies to store user information. If t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Leaving a user&#x2019;s application session established for an indefinite period of time increases the risk of session hijacking.
+          <ATTRIBUTE_DATA>Leaving a user’s application session established for an indefinite period of time increases the risk of session hijacking.
 
-Session termination terminates an individual user&#x27;s logical application session after 15 minutes of application inactivity at which time the user must re-authenticate and a new session must be established if the user desires to continue work in the application.</ATTRIBUTE_DATA>
+Session termination terminates an individual user&apos;s logical application session after 15 minutes of application inactivity at which time the user must re-authenticate and a new session must be established if the user desires to continue work in the application.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -362,7 +377,7 @@ If the configuration setting is not set to time out user sessions after 15 minut
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -370,7 +385,7 @@ If the configuration setting is not set to time out user sessions after 15 minut
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The User Session layer, including idle session handling, is implemented by an external OpenID Connect (OIDC) Provider that issues OAuth2 tokens.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -383,13 +398,17 @@ If the configuration setting is not set to time out user sessions after 15 minut
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000295</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222390r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222390r879673_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -401,9 +420,9 @@ If the configuration setting is not set to time out user sessions after 15 minut
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Leaving an admin user&#x27;s application session established for an indefinite period of time increases the risk of session hijacking.
+          <ATTRIBUTE_DATA>Leaving an admin user&apos;s application session established for an indefinite period of time increases the risk of session hijacking.
 
-Session termination terminates an individual user&#x27;s logical application session after 10 minutes of application inactivity at which time the user must re-authenticate and a new session must be established if the user desires to continue work in the application.</ATTRIBUTE_DATA>
+Session termination terminates an individual user&apos;s logical application session after 10 minutes of application inactivity at which time the user must re-authenticate and a new session must be established if the user desires to continue work in the application.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -461,7 +480,7 @@ If the configuration setting is not set to time out admin user sessions after 10
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -469,7 +488,7 @@ If the configuration setting is not set to time out admin user sessions after 10
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The User Session layer, including idle session handling, is implemented by an external OpenID Connect (OIDC) Provider that issues OAuth2 tokens.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -482,13 +501,17 @@ If the configuration setting is not set to time out admin user sessions after 10
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000296</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222391r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222391r879674_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -560,15 +583,15 @@ If the user session is not terminated or if the logoff function does not exist,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002363</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The Web Client requests logoff service from the OIDC Provider after user interaction with a DOM element whose innerText = &#x27;Logout&#x27;</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The Web Client requests logoff service from the OIDC Provider after user interaction with a DOM element whose innerText = &apos;Logout&apos;</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -581,13 +604,17 @@ If the user session is not terminated or if the logoff function does not exist,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000297</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222392r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222392r879675_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -657,17 +684,17 @@ If the application does not provide an explicit logoff message indicating the us
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002364</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The SPA does not display an explicit &#x27;logged out&#x27; screen, it immediately redirects to the login screen of the configured OIDC Provider.
+        <FINDING_DETAILS>The SPA does not display an explicit &apos;logged out&apos; screen, it immediately redirects to the login screen of the configured OIDC Provider.
 
 Addressed by Issue #485</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -680,13 +707,17 @@ Addressed by Issue #485</FINDING_DETAILS>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000311</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222393r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222393r879689_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -768,15 +799,15 @@ If application data required to be marked is not marked and does not retain its
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002262</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The API scaffolds each new database instance with the classification specified by the environment variable STIGMAN_CLASSIFICATION. This value is stored in the &#x27;configuration&#x27; table and represents the default classification for all data that is stored by the database instance, served by the API, and received by the Web Client.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The API scaffolds each new database instance with the classification specified by the environment variable STIGMAN_CLASSIFICATION. This value is stored in the &apos;configuration&apos; table and represents the default classification for all data that is stored by the database instance, served by the API, and received by the Web Client.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -789,13 +820,17 @@ If application data required to be marked is not marked and does not retain its
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000313</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222394r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222394r879690_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -875,7 +910,7 @@ If application data required to be marked does not retain its marking while it i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -883,7 +918,7 @@ If application data required to be marked does not retain its marking while it i
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Individual objects do not contain data markings. An API endpoint returns the data marking for all data served by the API. The Web Client displays a banner that represents the data marking for all data received by the Client. Processing the data does not alter this banner in any circumstances.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -896,13 +931,17 @@ If application data required to be marked does not retain its marking while it i
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000314</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222395r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222395r879691_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -982,7 +1021,7 @@ If application data required to be marked does not retain its marking when it is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -990,7 +1029,7 @@ If application data required to be marked does not retain its marking when it is
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Individual objects do not contain data markings. An API endpoint returns the data marking for all data served by the API. The Web Client displays a banner that represents the data marking for all data received by the Client. Data transmission does not alter this banner in any circumstances.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1003,13 +1042,17 @@ If application data required to be marked does not retain its marking when it is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222396r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222396r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1085,7 +1128,7 @@ If the connection is not secured with TLS, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1093,7 +1136,7 @@ If the connection is not secured with TLS, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The documentation recommends deployments locate the application behind a TLS reverse proxy.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1106,13 +1149,17 @@ If the connection is not secured with TLS, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000015</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222397r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222397r879520_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1188,7 +1235,7 @@ If the connection is not secured with TLS, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1196,7 +1243,7 @@ If the connection is not secured with TLS, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The documentation recommends deployments locate the application behind a TLS reverse proxy.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1209,13 +1256,17 @@ If the connection is not secured with TLS, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000015</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222398r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222398r879520_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1297,7 +1348,7 @@ If SOAP messages requiring integrity do not have the Message ID, Service Request
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1305,7 +1356,7 @@ If SOAP messages requiring integrity do not have the Message ID, Service Request
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize SOAP messages.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1318,13 +1369,17 @@ If SOAP messages requiring integrity do not have the Message ID, Service Request
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222399r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222399r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1394,7 +1449,7 @@ If messages using WS Security do not contain time stamps, sequence numbers, and
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1402,7 +1457,7 @@ If messages using WS Security do not contain time stamps, sequence numbers, and
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize WS-Security tokens.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1415,13 +1470,17 @@ If messages using WS Security do not contain time stamps, sequence numbers, and
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222400r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222400r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1493,7 +1552,7 @@ If the design document does not exist, or does not indicate validity periods are
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1501,7 +1560,7 @@ If the design document does not exist, or does not indicate validity periods are
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize WSS or SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1514,13 +1573,17 @@ If the design document does not exist, or does not indicate validity periods are
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222401r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222401r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1532,7 +1595,7 @@ If the design document does not exist, or does not indicate validity periods are
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains. SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider). SAML assertions are usually made about a subject, (user) represented by the &#x3C;Subject&#x3E; element. SAML assertion identifiers should be unique across a system implementation. Duplicate SAML assertion identifiers could lead to unauthorized access to a web service.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains. SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider). SAML assertions are usually made about a subject, (user) represented by the &lt;Subject&gt; element. SAML assertion identifiers should be unique across a system implementation. Duplicate SAML assertion identifiers could lead to unauthorized access to a web service.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -1592,7 +1655,7 @@ If the design document does not exist, or does not indicate SAML assertion ident
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1600,7 +1663,7 @@ If the design document does not exist, or does not indicate SAML assertion ident
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1613,13 +1676,17 @@ If the design document does not exist, or does not indicate SAML assertion ident
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222402r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222402r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1631,7 +1698,7 @@ If the design document does not exist, or does not indicate SAML assertion ident
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains.  SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider).  SAML assertions are usually made about a subject, (user) represented by the &#x3C;Subject&#x3E; element.   
+          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains.  SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider).  SAML assertions are usually made about a subject, (user) represented by the &lt;Subject&gt; element.   
 
 The confidentially of the data in a message as the message is passed through an intermediary web service may be required to be restricted by the intermediary web service. The intermediary web service may leak or distribute the data contained in a message if not encrypted or protected.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -1693,7 +1760,7 @@ If the design document does not exist, or does not indicate all WS-Security toke
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1701,7 +1768,7 @@ If the design document does not exist, or does not indicate all WS-Security toke
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize WS-Security tokens</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1714,13 +1781,17 @@ If the design document does not exist, or does not indicate all WS-Security toke
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222403r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222403r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1732,9 +1803,9 @@ If the design document does not exist, or does not indicate all WS-Security toke
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains.  SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider).  SAML assertions are usually made about a subject, (user) represented by the &#x3C;Subject&#x3E; element.
+          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains.  SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider).  SAML assertions are usually made about a subject, (user) represented by the &lt;Subject&gt; element.
 
-When a SAML assertion is used with a &#x3C;SubjectConfirmation&#x3E; element, a begin and end time for the &#x3C;SubjectConfirmation&#x3E; should be set to prevent reuse of the message at a later time. Not setting a specific time period for the &#x3C;SubjectConfirmation&#x3E;, may grant immediate access to an attacker and result in an immediate loss of confidentiality.</ATTRIBUTE_DATA>
+When a SAML assertion is used with a &lt;SubjectConfirmation&gt; element, a begin and end time for the &lt;SubjectConfirmation&gt; should be set to prevent reuse of the message at a later time. Not setting a specific time period for the &lt;SubjectConfirmation&gt;, may grant immediate access to an attacker and result in an immediate loss of confidentiality.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -1748,13 +1819,13 @@ Review the design document for web services using SAML assertions.
 
 If the application does not utilize SAML assertions, this check is not applicable.
 
-Examine the contents of a SOAP message using the &#x3C;SubjectConfirmation&#x3E; element. All messages should contain the &#x3C;NotOnOrAfter&#x3E; element. This can be accomplished if the application allows the ability to view XML messages or via a protocol analyzer like Wireshark.
+Examine the contents of a SOAP message using the &lt;SubjectConfirmation&gt; element. All messages should contain the &lt;NotOnOrAfter&gt; element. This can be accomplished if the application allows the ability to view XML messages or via a protocol analyzer like Wireshark.
 
-If SOAP messages do not contain &#x3C;NotOnOrAfter&#x3E; elements, this is a finding.</ATTRIBUTE_DATA>
+If SOAP messages do not contain &lt;NotOnOrAfter&gt; elements, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Design and configure the application to use the &#x3C;NotOnOrAfter&#x3E; condition when using the &#x3C;SubjectConfirmation&#x3E; element in a SAML assertion.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Design and configure the application to use the &lt;NotOnOrAfter&gt; condition when using the &lt;SubjectConfirmation&gt; element in a SAML assertion.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -1794,7 +1865,7 @@ If SOAP messages do not contain &#x3C;NotOnOrAfter&#x3E; elements, this is a fin
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1802,7 +1873,7 @@ If SOAP messages do not contain &#x3C;NotOnOrAfter&#x3E; elements, this is a fin
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1815,13 +1886,17 @@ If SOAP messages do not contain &#x3C;NotOnOrAfter&#x3E; elements, this is a fin
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222404r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222404r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1833,9 +1908,9 @@ If SOAP messages do not contain &#x3C;NotOnOrAfter&#x3E; elements, this is a fin
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains.  SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider).  SAML assertions are usually made about a subject, (user) represented by the &#x3C;Subject&#x3E; element.
+          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains.  SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider).  SAML assertions are usually made about a subject, (user) represented by the &lt;Subject&gt; element.
 
-When a SAML assertion is used with a &#x3C;Conditions&#x3E; element, a begin and end time for the &#x3C;Conditions&#x3E; element should be set in order to specify a timeframe in which the assertion is valid. Not setting a specific time period for the &#x3C;Conditions&#x3E; element, the possibility exists of granting immediate access or elevated privileges to an attacker which results in an immediate loss of confidentiality.</ATTRIBUTE_DATA>
+When a SAML assertion is used with a &lt;Conditions&gt; element, a begin and end time for the &lt;Conditions&gt; element should be set in order to specify a timeframe in which the assertion is valid. Not setting a specific time period for the &lt;Conditions&gt; element, the possibility exists of granting immediate access or elevated privileges to an attacker which results in an immediate loss of confidentiality.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -1849,13 +1924,13 @@ Review the design document for web services using SAML assertions.
 
 If the application does not utilize SAML assertions, this check is not applicable.
 
-Examine the contents of a SOAP message using the &#x3C;Conditions&#x3E; element; all messages should contain the &#x3C;NotBefore&#x3E; and &#x3C;NotOnOrAfter&#x3E; or &#x3C;OneTimeUse&#x3E; element when in a SAML Assertion. This can be accomplished using a protocol analyzer such as Wireshark.
+Examine the contents of a SOAP message using the &lt;Conditions&gt; element; all messages should contain the &lt;NotBefore&gt; and &lt;NotOnOrAfter&gt; or &lt;OneTimeUse&gt; element when in a SAML Assertion. This can be accomplished using a protocol analyzer such as Wireshark.
 
-If SOAP using the &#x3C;Conditions&#x3E; element does not contain &#x3C;NotBefore&#x3E; and &#x3C;NotOnOrAfter&#x3E; or &#x3C;OneTimeUse&#x3E; elements, this is a finding.</ATTRIBUTE_DATA>
+If SOAP using the &lt;Conditions&gt; element does not contain &lt;NotBefore&gt; and &lt;NotOnOrAfter&gt; or &lt;OneTimeUse&gt; elements, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Design and configure the application to implement the use of the &#x3C;NotBefore&#x3E; and &#x3C;NotOnOrAfter&#x3E; or &#x3C;OneTimeUse&#x3E; when using the &#x3C;Conditions&#x3E; element in a SAML assertion.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Design and configure the application to implement the use of the &lt;NotBefore&gt; and &lt;NotOnOrAfter&gt; or &lt;OneTimeUse&gt; when using the &lt;Conditions&gt; element in a SAML assertion.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -1895,7 +1970,7 @@ If SOAP using the &#x3C;Conditions&#x3E; element does not contain &#x3C;NotBefor
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1903,7 +1978,7 @@ If SOAP using the &#x3C;Conditions&#x3E; element does not contain &#x3C;NotBefor
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1916,13 +1991,17 @@ If SOAP using the &#x3C;Conditions&#x3E; element does not contain &#x3C;NotBefor
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222405r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222405r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1934,7 +2013,7 @@ If SOAP using the &#x3C;Conditions&#x3E; element does not contain &#x3C;NotBefor
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Multiple &#x3C;OneTimeUse&#x3E; elements used in a SAML assertion can lead to elevation of privileges, if the application does not process SAML assertions correctly.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Multiple &lt;OneTimeUse&gt; elements used in a SAML assertion can lead to elevation of privileges, if the application does not process SAML assertions correctly.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -1948,7 +2027,7 @@ Review the design document for web services using SAML assertions.
 
 If the application does not utilize SAML assertions, this check is not applicable.
 
-Examine the contents of a SOAP message using the OneTimeUse element; all messages should contain only one instance of a &#x3C;OneTimeUse&#x3E; element in a SAML assertion. This can be accomplished using a protocol analyzer such as Wireshark.
+Examine the contents of a SOAP message using the OneTimeUse element; all messages should contain only one instance of a &lt;OneTimeUse&gt; element in a SAML assertion. This can be accomplished using a protocol analyzer such as Wireshark.
 
 If SOAP message uses more than one, OneTimeUse element in a SAML assertion, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -1994,7 +2073,7 @@ If SOAP message uses more than one, OneTimeUse element in a SAML assertion, this
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2002,7 +2081,7 @@ If SOAP message uses more than one, OneTimeUse element in a SAML assertion, this
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2015,13 +2094,17 @@ If SOAP message uses more than one, OneTimeUse element in a SAML assertion, this
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222406r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222406r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2093,7 +2176,7 @@ If the SessionIndex is tied to privacy information, and it is not encrypted, thi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2101,7 +2184,7 @@ If the SessionIndex is tied to privacy information, and it is not encrypted, thi
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2114,13 +2197,17 @@ If the SessionIndex is tied to privacy information, and it is not encrypted, thi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222407r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222407r879522_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2138,7 +2225,7 @@ Manual examples include but are not limited to admin staff logging into the syst
 
 A comprehensive application account management process that includes automation helps to ensure accounts designated as requiring attention are consistently and promptly addressed. Examples include, but are not limited to, using automation to take action on multiple accounts designated as inactive, suspended or terminated or by disabling accounts located in non-centralized account stores such as multiple servers. This requirement applies to all account types, including individual/user, shared, group, system, guest/anonymous, emergency, developer/manufacturer/vendor, temporary, and service.
 
-The application must be configured to automatically provide account management functions and these functions must immediately enforce the organization&#x27;s current account policy. The automated mechanisms may reside within the application itself or may be offered by the operating system or other infrastructure providing automated account management capabilities. Automated mechanisms may be comprised of differing technologies that when placed together contain an overall automated mechanism supporting an organization&#x27;s automated account management requirements.
+The application must be configured to automatically provide account management functions and these functions must immediately enforce the organization&apos;s current account policy. The automated mechanisms may reside within the application itself or may be offered by the operating system or other infrastructure providing automated account management capabilities. Automated mechanisms may be comprised of differing technologies that when placed together contain an overall automated mechanism supporting an organization&apos;s automated account management requirements.
 
 Account management functions include: assignment of group or role membership; identifying account type; specifying user access authorizations (i.e., privileges); account removal, update, or termination; and administrative alerts. The use of automated mechanisms can include, for example: using email or text messaging to automatically notify account managers when users are terminated or transferred; using the information system to monitor account usage; and using automated telephonic notification to report atypical system account usage.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -2206,7 +2293,7 @@ If the account management process is manual in nature, this is a finding.</ATTRI
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2214,7 +2301,7 @@ If the account management process is manual in nature, this is a finding.</ATTRI
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2227,13 +2314,17 @@ If the account management process is manual in nature, this is a finding.</ATTRI
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000317</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222408r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222408r879694_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2307,7 +2398,7 @@ If there is no process for handling group account credentials, this is a finding
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2315,7 +2406,7 @@ If there is no process for handling group account credentials, this is a finding
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2328,13 +2419,17 @@ If there is no process for handling group account credentials, this is a finding
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000024</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222409r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222409r879523_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2414,7 +2509,7 @@ If the application has no ability to specify a user account as being temporary i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2422,7 +2517,7 @@ If the application has no ability to specify a user account as being temporary i
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2435,13 +2530,17 @@ If the application has no ability to specify a user account as being temporary i
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222410r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222410r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2519,7 +2618,7 @@ If a process, procedure, function or feature designed to prevent emergency accou
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2527,7 +2626,7 @@ If a process, procedure, function or feature designed to prevent emergency accou
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2540,13 +2639,17 @@ If a process, procedure, function or feature designed to prevent emergency accou
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000025</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222411r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222411r879524_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2626,7 +2729,7 @@ If the application is not set to expire inactive accounts after 35 days, or if t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2634,7 +2737,7 @@ If the application is not set to expire inactive accounts after 35 days, or if t
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2647,13 +2750,17 @@ If the application is not set to expire inactive accounts after 35 days, or if t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000025</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222412r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222412r879524_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2725,7 +2832,7 @@ If any accounts cannot be validated and are deemed to be unnecessary, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2733,7 +2840,7 @@ If any accounts cannot be validated and are deemed to be unnecessary, this is a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2746,13 +2853,17 @@ If any accounts cannot be validated and are deemed to be unnecessary, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000026</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222413r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222413r879525_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2832,7 +2943,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2840,7 +2951,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2853,13 +2964,17 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000027</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222414r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222414r879526_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2939,7 +3054,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2947,7 +3062,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2960,13 +3075,17 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000028</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222415r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222415r879527_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3046,7 +3165,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3054,7 +3173,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3067,13 +3186,17 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000029</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222416r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222416r879528_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3153,7 +3276,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3161,7 +3284,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3174,13 +3297,17 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000291</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222417r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222417r879669_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3254,7 +3381,7 @@ If system administrators and ISSOs are not notified when accounts are created, t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3262,7 +3389,7 @@ If system administrators and ISSOs are not notified when accounts are created, t
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3275,13 +3402,17 @@ If system administrators and ISSOs are not notified when accounts are created, t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000292</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222418r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222418r879670_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3357,7 +3488,7 @@ If system administrators and ISSOs are not notified when accounts are modified,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3365,7 +3496,7 @@ If system administrators and ISSOs are not notified when accounts are modified,
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3378,13 +3509,17 @@ If system administrators and ISSOs are not notified when accounts are modified,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000293</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222419r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222419r879671_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3460,7 +3595,7 @@ If system administrators and ISSOs are not notified when accounts are disabled,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3468,7 +3603,7 @@ If system administrators and ISSOs are not notified when accounts are disabled,
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3481,13 +3616,17 @@ If system administrators and ISSOs are not notified when accounts are disabled,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000294</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222420r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222420r879672_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3563,7 +3702,7 @@ If system administrators and ISSOs are not notified when accounts are removed, t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3571,7 +3710,7 @@ If system administrators and ISSOs are not notified when accounts are removed, t
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3584,13 +3723,17 @@ If system administrators and ISSOs are not notified when accounts are removed, t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000319</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222421r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222421r918115_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3614,6 +3757,10 @@ Application developers are encouraged to integrate their applications with enter
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Examine the application documentation or interview the application representative to identify how the application users are managed.
 
+Interview the application administrator and determine if the application is configured to utilize a centralized user management system such as Active Directory for user management or if the application manages user accounts within the application.
+
+If the application is configured to use an enterprise-based application user management capability that is STIG compliant, the requirement is not applicable.
+
 Identify the location of the audit logs and review the end of the logs.
 
 Access the user account management functionality and enable a test user account.
@@ -3666,15 +3813,15 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider..</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3687,13 +3834,17 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000320</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222422r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222422r879697_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3769,7 +3920,7 @@ If system administrators and ISSOs are not notified when accounts are enabled, t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3777,7 +3928,7 @@ If system administrators and ISSOs are not notified when accounts are enabled, t
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3790,13 +3941,17 @@ If system administrators and ISSOs are not notified when accounts are enabled, t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000323</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222423r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222423r879700_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3870,7 +4025,7 @@ If the application data protection requirements are not documented, this is a fi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3878,7 +4033,7 @@ If the application data protection requirements are not documented, this is a fi
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The project provides documentation describing its data structures and protection methods, including RBAC and other access controls. These concepts are also expressed and enforced by its use of an appropriate OAS definition.  All app data is persisted in a deployment-provided database that must be configured in accordance with organization requirements.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3891,13 +4046,17 @@ If the application data protection requirements are not documented, this is a fi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000324</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222424r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222424r879701_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3985,7 +4144,7 @@ If the application requirements specify protections for data mining and the appl
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3993,7 +4152,7 @@ If the application requirements specify protections for data mining and the appl
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Data mining detection and prevention are to be implemented at the Log Analysis layer, Ingress controller, or elsewhere.  No data mining protection requirements apply to application itself.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4006,13 +4165,17 @@ If the application requirements specify protections for data mining and the appl
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000033</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222425r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222425r879530_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4110,7 +4273,7 @@ If the enforcement of configured access restrictions is not performed, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -4118,7 +4281,7 @@ If the enforcement of configured access restrictions is not performed, this is a
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API ensures proper access to application resources in accordance with Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) mechanisms at the application and Collection levels. No direct database access is provided by the application. See documentation.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4131,13 +4294,17 @@ If the enforcement of configured access restrictions is not performed, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000328</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222426r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222426r879705_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4223,7 +4390,7 @@ If the enforcement of configured access restrictions is not performed, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -4231,7 +4398,7 @@ If the enforcement of configured access restrictions is not performed, this is a
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API ensures proper access to application resources in accordance with Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) mechanisms at the application and Collection levels. No direct database access is provided by the application. See documentation.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4244,13 +4411,17 @@ If the enforcement of configured access restrictions is not performed, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000038</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222427r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222427r879533_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4343,7 +4514,7 @@ If the application does not enforce the approved authorizations for controlling
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -4351,7 +4522,7 @@ If the application does not enforce the approved authorizations for controlling
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The application does not provide data flow control capabilities, the requirement is not applicable.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4364,13 +4535,17 @@ If the application does not enforce the approved authorizations for controlling
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000039</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222428r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222428r879534_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4465,7 +4640,7 @@ If the application does not enforce the approved authorizations for controlling
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -4473,7 +4648,7 @@ If the application does not enforce the approved authorizations for controlling
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The application does not provide data flow control capabilities, the requirement is not applicable.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4486,13 +4661,17 @@ If the application does not enforce the approved authorizations for controlling
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000340</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222429r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222429r879717_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4514,7 +4693,7 @@ Privileged functions include, for example, establishing accounts, performing sys
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Identify the application user account(s) that the application uses to run. These accounts include the application processes (defined by Control Panel Services (Windows) or ps &#x2013;ef (UNIX)) or for an n-tier application, the account that connects from one service (such as a web server) to another (such as a database server).
+          <ATTRIBUTE_DATA>Identify the application user account(s) that the application uses to run. These accounts include the application processes (defined by Control Panel Services (Windows) or ps –ef (UNIX)) or for an n-tier application, the account that connects from one service (such as a web server) to another (such as a database server).
 
 Determine the OS user groups in which each account is a member.
 
@@ -4578,15 +4757,15 @@ The finding details should note the full path of the file(s) and the associated
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002235</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The Project publishes container images configured to execute the API as the unprivileged user, &#x27;node&#x27; whose userId is not 0.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The Project publishes container images configured to execute the API as the unprivileged user, &apos;node&apos; whose userId is not 0.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4599,13 +4778,17 @@ The finding details should note the full path of the file(s) and the associated
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000342</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222430r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222430r879719_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4683,15 +4866,15 @@ If the application user account has excessive OS privileges such as being in the
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002233</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The project supplied container images are configured to run by the limited, unprivileged user, &#x27;node&#x27;.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The project supplied container images are configured to run by the limited, unprivileged user, &apos;node&apos;.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4704,13 +4887,17 @@ If the application user account has excessive OS privileges such as being in the
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000343</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222431r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222431r879720_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4786,7 +4973,7 @@ If the execution of privileged functionality is not logged, this is a finding.</
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -4794,7 +4981,7 @@ If the execution of privileged functionality is not logged, this is a finding.</
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records for privileged functions that document the specific endpoint invoked, the date and time, and all path and query parameters.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4807,13 +4994,17 @@ If the execution of privileged functionality is not logged, this is a finding.</
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000065</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222432r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222432r879546_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4893,7 +5084,7 @@ If the logon is successful upon the 4th attempt the account was not locked after
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -4901,7 +5092,7 @@ If the logon is successful upon the 4th attempt the account was not locked after
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>User Account services are provided by a external OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4914,13 +5105,17 @@ If the logon is successful upon the 4th attempt the account was not locked after
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000345</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222433r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222433r879722_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5002,7 +5197,7 @@ Use that process when unlocking application user accounts.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5010,7 +5205,7 @@ Use that process when unlocking application user accounts.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>User Account services are provided by a external OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5023,13 +5218,17 @@ Use that process when unlocking application user accounts.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000068</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222434r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222434r879547_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5047,7 +5246,7 @@ System use notifications are required only for access via logon interfaces with
 
 The banner must be formatted in accordance with DTM-08-060. Use the following verbiage for applications that can accommodate banners of 1300 characters:
 
-&#x22;You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+&quot;You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
 
 By using this IS (which includes any device attached to this IS), you consent to the following conditions:
 
@@ -5059,11 +5258,11 @@ By using this IS (which includes any device attached to this IS), you consent to
 
 -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
 
--Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.&#x22;
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.&quot;
 
 Use the following verbiage for operating systems that have severe limitations on the number of characters that can be displayed in the banner:
 
-&#x22;I&#x27;ve read &#x26; consent to terms in IS user agreem&#x27;t.&#x22;</ATTRIBUTE_DATA>
+&quot;I&apos;ve read &amp; consent to terms in IS user agreem&apos;t.&quot;</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -5123,7 +5322,7 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5131,7 +5330,7 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The Standard Mandatory DoD Notice and Consent Banner can be displayed by the external OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5144,13 +5343,17 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000069</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222435r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222435r879548_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5164,7 +5367,7 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>The banner must be acknowledged by the user prior to allowing the user access to the application. This provides assurance that the user has seen the message and accepted the conditions for access. If the consent banner is not acknowledged by the user, DoD will not be in compliance with system use notifications required by law.
 
-To establish acceptance of the application usage policy, a click-through banner at application logon is required. The application must prevent further activity until the user executes a positive action to manifest agreement by clicking on a box indicating &#x22;OK&#x22;.</ATTRIBUTE_DATA>
+To establish acceptance of the application usage policy, a click-through banner at application logon is required. The application must prevent further activity until the user executes a positive action to manifest agreement by clicking on a box indicating &quot;OK&quot;.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -5222,7 +5425,7 @@ If the banner is not displayed or no action must be taken to accept terms of use
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5230,7 +5433,7 @@ If the banner is not displayed or no action must be taken to accept terms of use
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Standard Mandatory DoD Notice and Consent Banner services are provided by a external OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5243,13 +5446,17 @@ If the banner is not displayed or no action must be taken to accept terms of use
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000070</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222436r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222436r879549_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5267,7 +5474,7 @@ System use notifications are required only for access via logon interfaces with
 
 The banner must be formatted in accordance with DTM-08-060. Use the following verbiage for desktops, laptops, and other devices accommodating banners of 1300 characters:
 
-&#x22;You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+&quot;You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
 
 By using this IS (which includes any device attached to this IS), you consent to the following conditions:
 
@@ -5279,11 +5486,11 @@ By using this IS (which includes any device attached to this IS), you consent to
 
 -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
 
--Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.&#x22;
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.&quot;
 
 Use the following verbiage for operating systems that have severe limitations on the number of characters that can be displayed in the banner:
 
-&#x22;I&#x27;ve read &#x26; consent to terms in IS user agreem&#x27;t.&#x22;</ATTRIBUTE_DATA>
+&quot;I&apos;ve read &amp; consent to terms in IS user agreem&apos;t.&quot;</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -5339,7 +5546,7 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5363,7 +5570,7 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Standard Mandatory DoD Notice and Consent Banner services are provided by a external OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5376,13 +5583,17 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000075</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222437r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222437r879551_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5462,7 +5673,7 @@ If the date and time the user account was last granted access to the application
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5470,7 +5681,7 @@ If the date and time the user account was last granted access to the application
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>User Session services are provided by a external OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5483,13 +5694,17 @@ If the date and time the user account was last granted access to the application
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000080</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222438r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222438r879554_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5569,7 +5784,7 @@ If the application is required to provide non-repudiation services and does not,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5577,7 +5792,7 @@ If the application is required to provide non-repudiation services and does not,
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>STIG Manager does not have any non-repudiation requirements as part of its design.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5590,13 +5805,17 @@ If the application is required to provide non-repudiation services and does not,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000086</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222439r561233_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222439r879557_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5676,7 +5895,7 @@ If the log dates and times do not correlate when the logs are aggregated, this i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5684,7 +5903,7 @@ If the log dates and times do not correlate when the logs are aggregated, this i
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>STIG Manager does not offer log aggregation services. This is expected to be implemented by specific deployments at the Log Analysis level.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5697,13 +5916,17 @@ If the log dates and times do not correlate when the logs are aggregated, this i
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222441r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222441r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5785,7 +6008,7 @@ If the application generates session ID creation event logs by default, and that
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5793,7 +6016,7 @@ If the application generates session ID creation event logs by default, and that
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5806,13 +6029,17 @@ If the application generates session ID creation event logs by default, and that
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222442r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222442r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5888,7 +6115,7 @@ If the application generates audit logs by default when session IDs are destroye
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5896,7 +6123,7 @@ If the application generates audit logs by default when session IDs are destroye
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5909,13 +6136,17 @@ If the application generates audit logs by default when session IDs are destroye
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222443r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222443r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5929,7 +6160,7 @@ If the application generates audit logs by default when session IDs are destroye
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Application design sometimes requires the renewal of session IDs in order to continue approved user access to the application.
 
-Session renewal is done on a case by case basis under circumstances defined by the application architecture. The following are some examples of when session renewal must be done; whenever there is a change in user privilege such as transitioning from a user to an admin role or when a user changes from an anonymous user to an authenticated user or when a user&#x27;s permissions have changed.
+Session renewal is done on a case by case basis under circumstances defined by the application architecture. The following are some examples of when session renewal must be done; whenever there is a change in user privilege such as transitioning from a user to an admin role or when a user changes from an anonymous user to an authenticated user or when a user&apos;s permissions have changed.
 
 For these types of critical application functionalities, the previous session ID needs to be destroyed or otherwise invalidated and a new session ID must be created.
 
@@ -5945,7 +6176,7 @@ Web based applications will often utilize an application server that creates, ma
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Interview the system admin and review the application documentation.
 
-Identify any web pages or application functionality where a user&#x27;s privileges or permissions will change. This is most likely to occur during the authentication stages.
+Identify any web pages or application functionality where a user&apos;s privileges or permissions will change. This is most likely to occur during the authentication stages.
 
 Evaluate the log/audit output by opening the log files and observing changes to the logs.
 
@@ -6005,7 +6236,7 @@ If the application is not configured to log session ID renewal events this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6013,7 +6244,7 @@ If the application is not configured to log session ID renewal events this is a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6026,13 +6257,17 @@ If the application is not configured to log session ID renewal events this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222444r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222444r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6058,13 +6293,13 @@ Examples of such data include but are not limited to; Passwords, Session IDs, Ap
 
 Utilizing the UNIX grep-based search utility include the following examples which are meant to illustrate the purpose of the requirement.
 
-Password values are usually associated with usernames so searching for &#x22;username&#x22; in the provided log file will often assist in determining if password values are included.
+Password values are usually associated with usernames so searching for &quot;username&quot; in the provided log file will often assist in determining if password values are included.
 
-grep -i &#x22;username&#x22; &#x3C;  logfile.txt
+grep -i &quot;username&quot; &lt;  logfile.txt
 
 Search for social security numbers in the provided log file.
 
-grep -i &#x22;[0-9]{3}[-]?[0-9]{2}[-]?[0-9]{4}&#x22; &#x3C;  logfile.txt
+grep -i &quot;[0-9]{3}[-]?[0-9]{2}[-]?[0-9]{4}&quot; &lt;  logfile.txt
 
 Use regular expressions to aid in searching log files. All search syntax cannot be provided within the STIG, the reviewer must utilize their knowledge to create new search criteria based upon the log format used and the potentially sensitive data processed by the application.
 
@@ -6112,7 +6347,7 @@ If the application logs sensitive data such as session IDs, application source c
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6120,7 +6355,7 @@ If the application logs sensitive data such as session IDs, application source c
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API does not emit audit records with sensitive data, including session Ids (not used), encryption keys, or passwords (not used).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6133,13 +6368,17 @@ If the application logs sensitive data such as session IDs, application source c
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222445r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222445r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6151,7 +6390,7 @@ If the application logs sensitive data such as session IDs, application source c
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>When a user&#x27;s session times out, it is important to be able to identify these events in the application logs.
+          <ATTRIBUTE_DATA>When a user&apos;s session times out, it is important to be able to identify these events in the application logs.
 
 Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one.
 
@@ -6231,7 +6470,7 @@ If the session timeout event is not recorded in the logs, this is a finding.</AT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6239,7 +6478,7 @@ If the session timeout event is not recorded in the logs, this is a finding.</AT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6252,13 +6491,17 @@ If the session timeout event is not recorded in the logs, this is a finding.</AT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222446r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222446r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6324,7 +6567,7 @@ If the time the event occurred is not included as part of the event, this is a f
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6332,7 +6575,7 @@ If the time the event occurred is not included as part of the event, this is a f
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records that are time stamped.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6345,13 +6588,17 @@ If the time the event occurred is not included as part of the event, this is a f
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222447r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222447r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6443,7 +6690,7 @@ If HTTP headers are not logged, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6451,7 +6698,7 @@ If HTTP headers are not logged, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Addressed by Issue #179, allowing different log levels and configuration to affect headers included in audit record.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6464,13 +6711,17 @@ If HTTP headers are not logged, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222448r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222448r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6544,7 +6795,7 @@ If the IP addresses of the systems that connect to the application are not recor
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6552,7 +6803,7 @@ If the IP addresses of the systems that connect to the application are not recor
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that include the original source IP address.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6565,13 +6816,17 @@ If the IP addresses of the systems that connect to the application are not recor
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222449r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222449r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6583,7 +6838,7 @@ If the IP addresses of the systems that connect to the application are not recor
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>When users conduct activity within an application, that user&#x2019;s identity must be recorded in the audit log. Failing to record the identity of the user responsible for the activity within the application is detrimental to forensic analysis.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>When users conduct activity within an application, that user’s identity must be recorded in the audit log. Failing to record the identity of the user responsible for the activity within the application is detrimental to forensic analysis.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -6641,15 +6896,15 @@ If the user ID is not recorded along with the event in the event log, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000169</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that include the OAuth2 token claim configured as representing the requesting entity&#x27;s username.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that include the OAuth2 token claim configured as representing the requesting entity&apos;s username.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6662,13 +6917,17 @@ If the user ID is not recorded along with the event in the event log, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000091</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222450r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222450r879561_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6700,9 +6959,9 @@ Access and open the auditing logs.
 
 Using an account with the appropriate privileges, grant the user a privilege they previously did not have.
 
-Attempt to grant privileges in a manner that will cause a failure event such as granting privileges to a non-existent user or attempting to grant privileges with an account that doesn&#x27;t have the rights to do so.
+Attempt to grant privileges in a manner that will cause a failure event such as granting privileges to a non-existent user or attempting to grant privileges with an account that doesn&apos;t have the rights to do so.
 
-Review the application logs and ensure both events were captured in the logs. The event data should include the user&#x2019;s identity and the privilege that was granted and the privilege that failed to be granted.
+Review the application logs and ensure both events were captured in the logs. The event data should include the user’s identity and the privilege that was granted and the privilege that failed to be granted.
 
 If the application does not log when successful and unsuccessful attempts to grant privilege occur, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -6748,7 +7007,7 @@ If the application does not log when successful and unsuccessful attempts to gra
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6756,7 +7015,7 @@ If the application does not log when successful and unsuccessful attempts to gra
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Addressed by Issue #179, must include POST content and JSON reply in audit record.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6769,13 +7028,17 @@ If the application does not log when successful and unsuccessful attempts to gra
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000492</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222451r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222451r879863_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6854,7 +7117,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6862,7 +7125,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to access security objects (i.e., Collections, Assets, Reviews).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6875,13 +7138,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000493</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222452r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222452r879864_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6959,7 +7226,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6967,7 +7234,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to access security levels (i.e., Collection Grants).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6980,13 +7247,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000494</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222453r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222453r879865_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7070,7 +7341,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7078,7 +7349,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to access all categories of information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7091,13 +7362,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000495</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222454r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222454r879866_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7127,9 +7402,9 @@ Access and open the auditing logs.
 
 Using an admin account, modify the privileges of a privileged user.
 
-Attempt to modify privileges in a manner that will cause a failure event such as attempting to modify a user&#x2019;s privileges with an account that doesn&#x27;t have the rights to do so.
+Attempt to modify privileges in a manner that will cause a failure event such as attempting to modify a user’s privileges with an account that doesn&apos;t have the rights to do so.
 
-Review the application logs and ensure both events were captured in the logs. The event data should include the user&#x2019;s identity and the privilege that was granted and the privilege that failed to be granted.
+Review the application logs and ensure both events were captured in the logs. The event data should include the user’s identity and the privilege that was granted and the privilege that failed to be granted.
 
 If the application does not log when successful and unsuccessful attempts to modify privileges occur, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -7175,7 +7450,7 @@ If the application does not log when successful and unsuccessful attempts to mod
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7183,7 +7458,7 @@ If the application does not log when successful and unsuccessful attempts to mod
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Addressed by Issue #179, must include POST content and JSON reply in audit record.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7196,13 +7471,17 @@ If the application does not log when successful and unsuccessful attempts to mod
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000496</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222455r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222455r879867_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7281,7 +7560,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7289,7 +7568,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to modify security objects (i.e, Collections, Assets, Reviews and Users).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7302,13 +7581,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000497</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222456r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222456r879868_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7390,7 +7673,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7398,7 +7681,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to modify security levels (i.e, Collection Grants).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7411,13 +7694,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000498</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222457r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222457r879869_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7501,7 +7788,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7509,7 +7796,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to modify categories of information (i.e, Collection Grants, Restricted User Access).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7522,13 +7809,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000499</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222458r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222458r879870_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7558,9 +7849,9 @@ Access and open the auditing logs.
 
 Using an admin account, delete some or all of the privileges of a privileged user.
 
-Attempt to delete privileges in a manner that will cause a failure event such as attempting to delete a user&#x2019;s privileges with an account that doesn&#x27;t have the rights to do so.
+Attempt to delete privileges in a manner that will cause a failure event such as attempting to delete a user’s privileges with an account that doesn&apos;t have the rights to do so.
 
-Review the application logs and ensure both events were captured in the logs. The event data should include the user&#x2019;s identity and the privilege that was granted and the privilege that failed to be granted.
+Review the application logs and ensure both events were captured in the logs. The event data should include the user’s identity and the privilege that was granted and the privilege that failed to be granted.
 
 If the application does not log when successful and unsuccessful attempts to delete privileges occur, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -7606,7 +7897,7 @@ If the application does not log when successful and unsuccessful attempts to del
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7614,7 +7905,7 @@ If the application does not log when successful and unsuccessful attempts to del
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Addressed by Issue #179, must include POST content and JSON reply in audit record.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7627,13 +7918,17 @@ If the application does not log when successful and unsuccessful attempts to del
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000500</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222459r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222459r879871_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7715,7 +8010,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7723,7 +8018,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to delete security levels  (i.e, Collection Grants, Restricted User Access).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7736,13 +8031,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000501</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222460r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222460r879872_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7820,7 +8119,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7828,7 +8127,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API does not implement functionality that manipulates database security objects, including deletions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7841,13 +8140,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000502</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222461r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222461r879873_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7931,7 +8234,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7939,7 +8242,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to delete categories of information (i.e, Collection Grants, Restricted User Access).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7952,13 +8255,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000503</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222462r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222462r879874_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7984,7 +8291,7 @@ Knowing when a user successfully or unsuccessfully logged on to the application
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Review and monitor the application logs.
 
-Authenticate to the application and observe if the log includes an entry to indicate the user&#x2019;s authentication was successful.
+Authenticate to the application and observe if the log includes an entry to indicate the user’s authentication was successful.
 
 Terminate the user session by logging out.
 
@@ -8034,7 +8341,7 @@ If successful and unsuccessful logon events are not recorded in the logs, this i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8042,7 +8349,7 @@ If successful and unsuccessful logon events are not recorded in the logs, this i
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8055,13 +8362,17 @@ If successful and unsuccessful logon events are not recorded in the logs, this i
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000504</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222463r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222463r879875_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8087,7 +8398,7 @@ Privileged access does not include an application design which does not modify t
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Review and monitor the application logs.
 
-Authenticate to the application as a privileged user and observe if the log includes an entry to indicate the user&#x2019;s authentication was successful.
+Authenticate to the application as a privileged user and observe if the log includes an entry to indicate the user’s authentication was successful.
 
 Perform actions as an admin or other privileged user such as modifying the logging verbosity, or starting or stopping an application service, or terminating a test user session.
 
@@ -8135,7 +8446,7 @@ If log events that correspond with the actions performed are not recorded in the
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8143,7 +8454,7 @@ If log events that correspond with the actions performed are not recorded in the
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>By design, privileged access does not include the ability to modify the application or its configuration.  It only provide users with the functionality or the ability to manage their own user specific preferences or otherwise tailor the application to suit individual user needs based upon choices or selections built into the application.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8156,13 +8467,17 @@ If log events that correspond with the actions performed are not recorded in the
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000505</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222464r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222464r879876_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8174,7 +8489,7 @@ If log events that correspond with the actions performed are not recorded in the
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Knowing when a user&#x2019;s application session began and when it ended is critical information that aids in forensic analysis.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Knowing when a user’s application session began and when it ended is critical information that aids in forensic analysis.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -8232,7 +8547,7 @@ If the start and the end time of the session are not recorded in the logs, this
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8240,7 +8555,7 @@ If the start and the end time of the session are not recorded in the logs, this
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8253,13 +8568,17 @@ If the start and the end time of the session are not recorded in the logs, this
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000507</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222465r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222465r879878_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8335,7 +8654,7 @@ If the application does not log application object access, this is a finding.</A
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8343,7 +8662,7 @@ If the application does not log application object access, this is a finding.</A
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to access to application objects (i.e, Collections, Assets, Reviews, Users).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8356,13 +8675,17 @@ If the application does not log application object access, this is a finding.</A
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000508</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222466r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222466r879879_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8445,7 +8768,7 @@ If the application does not log all direct access to the system, this is a findi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8453,7 +8776,7 @@ If the application does not log all direct access to the system, this is a findi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The application does not provide direct access to the underlying information system.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8466,13 +8789,17 @@ If the application does not log all direct access to the system, this is a findi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000509</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222467r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222467r918117_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8498,11 +8825,15 @@ Application developers are encouraged to integrate their applications with enter
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Log on to the application as an administrative user.
+          <ATTRIBUTE_DATA>Examine the application documentation or interview the application representative to identify how the application users are managed.
+
+Interview the application administrator and determine if the application is configured to utilize a centralized user management system such as Active Directory for user management or if the application manages user accounts within the application.
 
-Navigate to the user account management functionality. If no user management capability exists within the application, refer to the Enterprise Active Directory or LDAP user management interfaces.
+If the application is configured to use an enterprise-based application user management capability that is STIG compliant, the requirement is not applicable.
+
+Identify the location of the audit logs and review the end of the logs.
 
-Monitor and review the log where the application&#x27;s user activity is recorded.
+Access the user account management functionality.
 
 Create an application test account and then review the log to ensure a log record that documents the event is created.
 
@@ -8510,11 +8841,11 @@ Modify the test account and then review the log to ensure a log record that docu
 
 Disable the test account and then review the log to ensure a log record that documents the event is created.
 
-Terminate/Remove the test account and then review the log to ensure a log record that documents the event is created.
+Terminate/remove the test account and then review the log to ensure a log record that documents the event is created.
 
 If log events are not created that document all of these events, this is a finding.
 
-If some, but not all of the aforementioned events are documented in the logs, this is a finding.
+If some but not all of the aforementioned events are documented in the logs, this is a finding.
 
 Findings should document which of the events was not logged.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -8560,7 +8891,7 @@ Findings should document which of the events was not logged.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8568,7 +8899,7 @@ Findings should document which of the events was not logged.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8581,13 +8912,17 @@ Findings should document which of the events was not logged.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000092</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222468r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222468r879562_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8667,7 +9002,7 @@ If the application does not begin logging events upon start up, this is a findin
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8676,8 +9011,8 @@ If the application does not begin logging events upon start up, this is a findin
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records immediately upon the start of its bootstrapping process.
 
-Your local definition of &#x27;application startup&#x27; may include other components (i.e, OIDC Provider, database, reverse proxies, log servers, etc.) whose compliance with this check must be individually evaluated.</FINDING_DETAILS>
-        <COMMENTS/>
+Your local definition of &apos;application startup&apos; may include other components (i.e, OIDC Provider, database, reverse proxies, log servers, etc.) whose compliance with this check must be individually evaluated.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8690,13 +9025,17 @@ Your local definition of &#x27;application startup&#x27; may include other compo
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000095</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222469r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222469r879563_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8708,8 +9047,8 @@ Your local definition of &#x27;application startup&#x27; may include other compo
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Forensics is a large part of security incident response.  Applications must provide a record of their actions so application events can be investigated post-event.  
-
+          <ATTRIBUTE_DATA>Forensics is a large part of security incident response.  Applications must provide a record of their actions so application events can be investigated post-event.  
+
 Attackers may attempt to shut off the application logging capability to cover their activity while on the system.  Recording the shutdown event and the time it occurred in the application or  system logs helps to provide forensic evidence that aids in investigating the events.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
@@ -8718,12 +9057,12 @@ Attackers may attempt to shut off the application logging capability to cover th
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review and monitor the application and system logs.
-
-If an application shutdown event is not recorded in the logs, either initiate a shutdown event and review the logs after reestablishing access or request backup copies of the application or system logs that indicate shutdown events are being recorded.
-
-Alternatively, check for a setting within the application that controls application logging events and determine if application shutdown logging is configured.
-
+          <ATTRIBUTE_DATA>Review and monitor the application and system logs.
+
+If an application shutdown event is not recorded in the logs, either initiate a shutdown event and review the logs after reestablishing access or request backup copies of the application or system logs that indicate shutdown events are being recorded.
+
+Alternatively, check for a setting within the application that controls application logging events and determine if application shutdown logging is configured.
+
 If the application is not recording application shutdown events in either the application or system log, or if the application is not configured to record shutdown events, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
@@ -8768,7 +9107,7 @@ If the application is not recording application shutdown events in either the ap
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8777,8 +9116,8 @@ If the application is not recording application shutdown events in either the ap
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records after receiving the SIGINT or SIGTERM signal that initiates a shutdown. Addressed by Issue #484
 
-Your local definition of &#x27;application shutdown&#x27; may include other components (i.e, OIDC Provider, database, reverse proxies, log servers, etc.) whose compliance with this check must be individually evaluated.</FINDING_DETAILS>
-        <COMMENTS/>
+Your local definition of &apos;application shutdown&apos; may include other components (i.e, OIDC Provider, database, reverse proxies, log servers, etc.) whose compliance with this check must be individually evaluated.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8791,13 +9130,17 @@ Your local definition of &#x27;application shutdown&#x27; may include other comp
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000095</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222470r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222470r879563_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8875,7 +9218,7 @@ If the IP address of the remote system is not recorded along with the event in t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8883,7 +9226,7 @@ If the IP address of the remote system is not recorded along with the event in t
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records containing the destination IP when retrieving token signing keys from the OIDC Provider or when optionally downloading STIG compilations during  the initial database bootstrap.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8896,13 +9239,17 @@ If the IP address of the remote system is not recorded along with the event in t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000095</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222471r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222471r879563_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8930,7 +9277,7 @@ If the application design documents include specific data elements that require
 
 Utilize the application as a regular user and operate the application so as to access data elements contained within the application. This includes using the application user interface to browse through data elements, query/search data elements and using report generation capability if it exists.
 
-Observe and determine if the application log includes an entry to indicate the user&#x2019;s access to the data was recorded.
+Observe and determine if the application log includes an entry to indicate the user’s access to the data was recorded.
 
 If successful access to application data elements is not recorded in the logs, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -8976,7 +9323,7 @@ If successful access to application data elements is not recorded in the logs, t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8984,7 +9331,7 @@ If successful access to application data elements is not recorded in the logs, t
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for user actions involving access to data (i.e, Collections, Assets, Reviews, Users).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8997,13 +9344,17 @@ If successful access to application data elements is not recorded in the logs, t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000095</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222472r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222472r879563_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9079,7 +9430,7 @@ If successful changes/modifications to application data elements are not recorde
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -9087,7 +9438,7 @@ If successful changes/modifications to application data elements are not recorde
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for user actions involving changes to data (i.e, Collections, Assets, Reviews, Users).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9100,13 +9451,17 @@ If successful changes/modifications to application data elements are not recorde
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000096</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222473r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222473r879564_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9174,7 +9529,7 @@ If the audit logs do not have a corresponding date and time associated with each
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -9182,7 +9537,7 @@ If the audit logs do not have a corresponding date and time associated with each
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records that are time stamped.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9195,13 +9550,17 @@ If the audit logs do not have a corresponding date and time associated with each
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000097</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222474r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222474r879565_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9293,16 +9652,15 @@ If the audit logs do not contain enough data in the logs to establish which comp
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000132</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The API emits audit records that include a component property. 
-</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The API emits audit records that include a component property.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9315,13 +9673,17 @@ If the audit logs do not contain enough data in the logs to establish which comp
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000098</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222475r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222475r879566_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9335,7 +9697,7 @@ If the audit logs do not contain enough data in the logs to establish which comp
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Without establishing the source, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack.
 
-In the case of centralized logging, or other instances where log files are consolidated, there is risk that the application&#x27;s log data could be co-mingled with other log data.  To address this issue, the application itself must be identified as well as the application host or client name. 
+In the case of centralized logging, or other instances where log files are consolidated, there is risk that the application&apos;s log data could be co-mingled with other log data.  To address this issue, the application itself must be identified as well as the application host or client name. 
 
 In order to compile an accurate risk assessment, and provide forensic analysis, it is essential for security personnel to know the source of the event, particularly in the case of centralized logging.
 
@@ -9401,7 +9763,7 @@ If the application name and the hosts or client names are not identified, this i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -9409,7 +9771,7 @@ If the application name and the hosts or client names are not identified, this i
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records that include an instance property.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9422,13 +9784,17 @@ If the application name and the hosts or client names are not identified, this i
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000099</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222476r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222476r879567_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9458,9 +9824,9 @@ Access the application logs and review the logs to determine if the results of a
 
 Successful application events are expected to far outnumber errors.   Therefore, success events may be implied by default and not specified in the logs if this behavior is documented.
 
-The outcome will be a log record that displays the application event/operation that occurred followed by the result of the operation such as &#x22;ERROR&#x22;, &#x22;FAILURE&#x22;, &#x22;SUCCESS&#x22; or &#x22;PASS&#x22;.
+The outcome will be a log record that displays the application event/operation that occurred followed by the result of the operation such as &quot;ERROR&quot;, &quot;FAILURE&quot;, &quot;SUCCESS&quot; or &quot;PASS&quot;.
 
-Operation outcomes may also be indicated by numeric code where a &#x22;1&#x22; might indicate success and a &#x22;0&#x22; may indicate operation failure.
+Operation outcomes may also be indicated by numeric code where a &quot;1&quot; might indicate success and a &quot;0&quot; may indicate operation failure.
 
 If the application does not produce audit records that contain information regarding the results of application operations, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -9506,7 +9872,7 @@ If the application does not produce audit records that contain information regar
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -9514,7 +9880,7 @@ If the application does not produce audit records that contain information regar
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that contain the response status code.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9527,13 +9893,17 @@ If the application does not produce audit records that contain information regar
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000100</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222477r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222477r879568_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9606,15 +9976,15 @@ If the event logs do not include the appropriate identifier or identifiers, this
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001487</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that include the OAuth2 token claim configured as representing the requesting entity&#x27;s username.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that include the OAuth2 token claim configured as representing the requesting entity&apos;s username.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9627,13 +9997,17 @@ If the event logs do not include the appropriate identifier or identifiers, this
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000101</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222478r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222478r879569_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9713,17 +10087,17 @@ If the application does not log the full text recording of privileged commands o
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>When logging endpoint requests, if the request includes parameter &#x27;elevate&#x27; == true, the API emits audit records that include the JSON POST content and the JSON reply
+        <FINDING_DETAILS>When logging endpoint requests, if the request includes parameter &apos;elevate&apos; == true, the API emits audit records that include the JSON POST content and the JSON reply
 
 Addressed by Issue #179</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9736,13 +10110,17 @@ Addressed by Issue #179</FINDING_DETAILS>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000101</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222479r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222479r879569_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9812,7 +10190,7 @@ If the application is not configured to utilize transaction logging, this is a f
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -9820,7 +10198,7 @@ If the application is not configured to utilize transaction logging, this is a f
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Implemented by the Data Storage layer</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9833,13 +10211,17 @@ If the application is not configured to utilize transaction logging, this is a f
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000356</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222480r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222480r879729_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9915,15 +10297,15 @@ If the application does not provide the ability to centrally manage the content
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001844</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9936,13 +10318,17 @@ If the application does not provide the ability to centrally manage the content
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000358</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222481r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222481r879731_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10022,15 +10408,15 @@ If the logs are not automatically moved off the system as per approved schedule,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10043,13 +10429,17 @@ If the logs are not automatically moved off the system as per approved schedule,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000515</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222482r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222482r879886_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10123,15 +10513,15 @@ If the system is not configured to write the application logs to the centralized
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10144,13 +10534,17 @@ If the system is not configured to write the application logs to the centralized
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000359</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222483r561236_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222483r879732_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10174,11 +10568,11 @@ The requirement will take into account a reasonable amount of processing time su
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review system documentation and interview application administrator for details regarding logging configuration.  
+          <ATTRIBUTE_DATA>Review system documentation and interview application administrator for details regarding logging configuration. 
 
 If the application utilizes a centralized logging system that provides storage capacity alarming, this requirement is not applicable.
 
-Identify application alarming capability relating to storage capacity alarming for the log repository.  Coordinate with the appropriate personnel regarding the generation of test alarms.
+Identify application alarming capability relating to storage capacity alarming for the log repository. Coordinate with the appropriate personnel regarding the generation of test alarms.
 
 Review log alarm settings and ensure audit log storage capacity alarming is enabled and set to alarm when the storage threshold exceeds 75% of disk storage capacity or the capacity value the SA and ISSO have determined will provide adequate time to plan for capacity expansion.
 
@@ -10228,15 +10622,15 @@ If the application is not configured to send an alarm when storage volume exceed
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10249,13 +10643,17 @@ If the application is not configured to send an alarm when storage volume exceed
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000360</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222484r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222484r879733_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10335,15 +10733,15 @@ Configure the log alerts to be immediately sent to the application admin/SA and
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001858</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10356,13 +10754,17 @@ Configure the log alerts to be immediately sent to the application admin/SA and
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000108</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222485r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222485r879570_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10444,15 +10846,15 @@ If the application is not configured to alarm on alerts that indicate the audit
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000139</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10465,13 +10867,17 @@ If the application is not configured to alarm on alerts that indicate the audit
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000109</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222486r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222486r879571_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10555,15 +10961,15 @@ If the application does not shut down processing when an audit failure is detect
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000140</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution. Application must be stopped by the Container Platform layer (e.g., k8s).</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution. Application must be stopped by the Container Platform layer (e.g., k8s).</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10576,13 +10982,17 @@ If the application does not shut down processing when an audit failure is detect
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000111</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222487r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222487r879572_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10610,7 +11020,7 @@ Automated mechanisms for centralized reviews and analyses include, for example,
 
 If the application utilizes a centralized logging system that provides the capability to review the log files from one central location, this requirement is not applicable.
 
-Access the application&#x27;s log management utility and review the log files.  Ensure all of the applications logs are reviewable from within the centralized log management function and access to other systems in order to review application logs are not required.
+Access the application&apos;s log management utility and review the log files.  Ensure all of the applications logs are reviewable from within the centralized log management function and access to other systems in order to review application logs are not required.
 
 If all of the application logs are not reviewable from a central location, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -10656,15 +11066,15 @@ If all of the application logs are not reviewable from a central location, this
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000154</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10677,13 +11087,17 @@ If all of the application logs are not reviewable from a central location, this
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000115</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222488r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222488r879574_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10770,15 +11184,15 @@ If the application does not provide the ability to filter audit events, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000158</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10791,13 +11205,17 @@ If the application does not provide the ability to filter audit events, this is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000181</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222489r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222489r879618_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10809,7 +11227,7 @@ If the application does not provide the ability to filter audit events, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The ability to generate on-demand reports, including after the audit data has been subjected to audit reduction, greatly facilitates the organization&#x27;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
+          <ATTRIBUTE_DATA>The ability to generate on-demand reports, including after the audit data has been subjected to audit reduction, greatly facilitates the organization&apos;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
 
 Audit reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. The report generation capability provided by the application must support on-demand (i.e., customizable, ad-hoc, and as-needed) reports.
 
@@ -10888,15 +11306,15 @@ If the application does not provide on demand reports based on the filtered audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001876</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10909,13 +11327,17 @@ If the application does not provide on demand reports based on the filtered audi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000364</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222490r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222490r879737_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10927,7 +11349,7 @@ If the application does not provide on demand reports based on the filtered audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The ability to perform on-demand audit review and analysis, including after the audit data has been subjected to audit reduction, greatly facilitates the organization&#x27;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
+          <ATTRIBUTE_DATA>The ability to perform on-demand audit review and analysis, including after the audit data has been subjected to audit reduction, greatly facilitates the organization&apos;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
 
 Audit reduction is a technique used to reduce the volume of audit records in order to facilitate a manual review. Audit reduction does not alter original audit records. The report generation capability provided by the application must support on-demand (i.e., customizable, ad-hoc, and as-needed) reports.
 
@@ -11006,15 +11428,15 @@ If the application does not provide an audit reduction capability that supports
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001875</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11027,13 +11449,17 @@ If the application does not provide an audit reduction capability that supports
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000365</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222491r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222491r879738_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11119,15 +11545,15 @@ If the application does not provide an audit reduction (event filtering) capabil
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001877</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11140,13 +11566,17 @@ If the application does not provide an audit reduction (event filtering) capabil
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000366</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222492r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222492r879739_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11158,7 +11588,7 @@ If the application does not provide an audit reduction (event filtering) capabil
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The report generation capability must support on-demand review and analysis in order to facilitate the organization&#x27;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
+          <ATTRIBUTE_DATA>The report generation capability must support on-demand review and analysis in order to facilitate the organization&apos;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
 
 Report generation must be capable of generating on-demand (i.e., customizable, ad-hoc, and as-needed) reports. On-demand reporting allows personnel to report issues more rapidly to more effectively meet reporting requirements. Collecting log data and aggregating it to present the data in a single, consolidated report achieves this objective.
 
@@ -11228,15 +11658,15 @@ If the application does not provide an immediate, ad-hoc audit review and analys
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001878</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11249,13 +11679,17 @@ If the application does not provide an immediate, ad-hoc audit review and analys
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000367</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222493r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222493r879740_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11267,7 +11701,7 @@ If the application does not provide an immediate, ad-hoc audit review and analys
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The report generation capability must support on-demand reporting in order to facilitate the organization&#x27;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
+          <ATTRIBUTE_DATA>The report generation capability must support on-demand reporting in order to facilitate the organization&apos;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
 
 The report generation capability provided by the application must be capable of generating on-demand (i.e., customizable, ad-hoc, and as-needed) reports. On-demand reporting allows personnel to report issues more rapidly to more effectively meet reporting requirements. Collecting log data and aggregating it to present the data in a single, consolidated report achieves this objective.
 
@@ -11335,15 +11769,15 @@ If the application does not provide customizable, immediate, ad-hoc audit log re
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001879</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11356,13 +11790,17 @@ If the application does not provide customizable, immediate, ad-hoc audit log re
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000368</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222494r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222494r879741_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11442,15 +11880,15 @@ If the application does not have a report generation capability that supports af
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001880</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11463,13 +11901,17 @@ If the application does not have a report generation capability that supports af
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000369</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222495r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222495r879742_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11555,15 +11997,15 @@ If the application of event filters modifies the original log records, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001881</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11576,13 +12018,17 @@ If the application of event filters modifies the original log records, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000370</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222496r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222496r879743_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11668,15 +12114,15 @@ If the application of event filters modifies the original log records, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001882</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11689,13 +12135,17 @@ If the application of event filters modifies the original log records, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000116</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222497r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222497r879575_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11729,7 +12179,7 @@ Access the system OS hosting the application and use the related OS commands to
 
 Perform an action in the application that causes a log event to be written and review the log to ensure the system times and the application log times correlate; compensating for any time delays that may have occurred between running the OS time command and running the application action.
 
-If the application doesn&#x27;t use the internal system clocks to generate time stamps for the audit event logs, this is a finding.</ATTRIBUTE_DATA>
+If the application doesn&apos;t use the internal system clocks to generate time stamps for the audit event logs, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
@@ -11773,7 +12223,7 @@ If the application doesn&#x27;t use the internal system clocks to generate time
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -11781,7 +12231,7 @@ If the application doesn&#x27;t use the internal system clocks to generate time
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records with a time stamp generated from the system clock.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11794,13 +12244,17 @@ If the application doesn&#x27;t use the internal system clocks to generate time
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000374</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222498r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222498r879747_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11876,7 +12330,7 @@ If the application is not configured to map to UTC or GMT, this is a finding.</A
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -11884,7 +12338,7 @@ If the application is not configured to map to UTC or GMT, this is a finding.</A
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records with the time stamp represented as an ISO-8601 string, including time zone.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11897,13 +12351,17 @@ If the application is not configured to map to UTC or GMT, this is a finding.</A
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000375</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222499r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222499r879748_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11975,7 +12433,7 @@ If the application audit log time stamps differ from the OS time source by more
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -11983,7 +12441,7 @@ If the application audit log time stamps differ from the OS time source by more
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records with millisecond time stamp precision.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11996,13 +12454,17 @@ If the application audit log time stamps differ from the OS time source by more
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000118</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222500r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222500r879576_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12090,15 +12552,15 @@ If a non-privileged user account is allowed to access the audit data or the audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000162</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12111,13 +12573,17 @@ If a non-privileged user account is allowed to access the audit data or the audi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000119</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222501r561239_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222501r879577_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12205,15 +12671,15 @@ If a non-privileged user account is allowed to modify the audit data or the audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000163</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12226,13 +12692,17 @@ If a non-privileged user account is allowed to modify the audit data or the audi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000120</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222502r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222502r879578_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12320,15 +12790,15 @@ If a non-privileged user account is allowed to delete the audit data or the audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000164</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12341,13 +12811,17 @@ If a non-privileged user account is allowed to delete the audit data or the audi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000121</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222503r561242_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222503r879579_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12431,15 +12905,15 @@ If a non-privileged user account is allowed to access the audit data or the audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001493</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12452,13 +12926,17 @@ If a non-privileged user account is allowed to access the audit data or the audi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000122</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222504r561290_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222504r879580_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12540,15 +13018,15 @@ If file permissions are configured so as to allow unapproved modifications to th
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001494</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12561,13 +13039,17 @@ If file permissions are configured so as to allow unapproved modifications to th
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000123</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222505r561245_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222505r879581_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12649,15 +13131,15 @@ If file permissions are configured to allow unapproved deletions of the audit to
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001495</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12670,13 +13152,17 @@ If file permissions are configured to allow unapproved deletions of the audit to
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000125</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222506r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222506r879582_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12752,15 +13238,15 @@ If the application backup settings are not configured to backup application audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001348</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12773,13 +13259,17 @@ If the application backup settings are not configured to backup application audi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000126</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222507r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222507r879583_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12857,15 +13347,15 @@ If an integrity check is not created to protect the integrity of the audit infor
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001350</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12879,12 +13369,16 @@ If an integrity check is not created to protect the integrity of the audit infor
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
-          <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000290</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222508r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222508r879668_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12904,7 +13398,7 @@ It is not uncommon for attackers to replace the audit tools or inject code into
 
 To address this risk, audit tools must be cryptographically signed/hashed and the resulting value securely stored in order to provide the capability to identify when the audit tools have been modified, manipulated or replaced.
 
-Some OSs provide a native command line tool capable of extracting or creating a hash value. Care must be taken to ensure any hashing algorithm strength used is acceptable.  An example is UNIX OS variants that provide the &#x22;shasum&#x22; utility with SHA256 capabilities.  Windows is not known to provide a native cryptographic tool that utilizes an acceptable hashing algorithm.  The Windows fciv.exe checksum tool currently only utilizes MD5 and SHA1 which are not acceptable hashing algorithms.</ATTRIBUTE_DATA>
+Some OSs provide a native command line tool capable of extracting or creating a hash value. Care must be taken to ensure any hashing algorithm strength used is acceptable.  An example is UNIX OS variants that provide the &quot;shasum&quot; utility with SHA256 capabilities.  Windows is not known to provide a native cryptographic tool that utilizes an acceptable hashing algorithm.  The Windows fciv.exe checksum tool currently only utilizes MD5 and SHA1 which are not acceptable hashing algorithms.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -12924,7 +13418,7 @@ If the system hosting the application has a separate file monitoring utility ins
 
 Ask application administrator to demonstrate the cryptographic hashing mechanisms used to create the one way hashes that can be used to validate the integrity of audit tools.
 
-For example, &#x22;shasum /path/to/file &#x3E; checksum.filename&#x22;.
+For example, &quot;shasum /path/to/file &gt; checksum.filename&quot;.
 
 Ask the application administrator to provide the list of checksum values and the associated file names of the audit tools.
 
@@ -12972,15 +13466,15 @@ If a cryptographic checksum or hash value of the audit tool file is not created
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001496</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution. The project does not provide a separate tool in the form of a file which provides an ability to view and manipulate application log data, query data, or generate reports</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution. The project does not provide a separate tool in the form of a file which provides an ability to view and manipulate application log data, query data, or generate reports</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12993,13 +13487,17 @@ If a cryptographic checksum or hash value of the audit tool file is not created
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000290</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222509r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222509r879668_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13081,15 +13579,15 @@ If a cryptographic checksum or hash value of the audit tool file is not periodic
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001496</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution. The project does not provide a separate tool in the form of a file which provides an ability to view and manipulate application log data, query data or generate reports.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution. The project does not provide a separate tool in the form of a file which provides an ability to view and manipulate application log data, query data or generate reports.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13102,13 +13600,17 @@ If a cryptographic checksum or hash value of the audit tool file is not periodic
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000378</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222510r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222510r879751_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13188,7 +13690,7 @@ If the application allows regular users to install untested or unapproved softwa
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13196,7 +13698,7 @@ If the application allows regular users to install untested or unapproved softwa
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project does not provide the ability to install software components, modules, plugins, or extensions,</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13209,13 +13711,17 @@ If the application allows regular users to install untested or unapproved softwa
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000380</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222511r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222511r879753_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13295,7 +13801,7 @@ If access permissions to configuration files are not restricted to application a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13303,7 +13809,7 @@ If access permissions to configuration files are not restricted to application a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The application cannot configure itself, and does not offer any configuration mechanisms that are affected by users or config files.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13316,13 +13822,17 @@ If access permissions to configuration files are not restricted to application a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000381</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222512r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222512r879754_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13356,7 +13866,7 @@ Review the application audit logs and ensure a log entry is made identifying the
 
 If application configuration is maintained by using a text editor to modify a configuration file, modify the configuration file with a text editor. Review the system logs and ensure a log entry is made for the file modification that identifies the user that was used to make the changes.
 
-If the user account is not logged, or is a group account such as &#x22;root&#x22;, this is a finding.
+If the user account is not logged, or is a group account such as &quot;root&quot;, this is a finding.
 
 If the user account used to make the changes is not logged in the audit records, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -13402,7 +13912,7 @@ If the user account used to make the changes is not logged in the audit records,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13410,7 +13920,7 @@ If the user account used to make the changes is not logged in the audit records,
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The application cannot configure itself, and does not offer any configuration mechanisms that are affected by users or config files. The project should be deployed with a Application Services layer (Container Platform such as k8s)  that audits configuration changes to the application.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13423,13 +13933,17 @@ If the user account used to make the changes is not logged in the audit records,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000131</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222513r561248_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222513r879584_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13507,7 +14021,7 @@ Provide a cryptographic hash value that can be verified by a system administrato
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13515,7 +14029,7 @@ Provide a cryptographic hash value that can be verified by a system administrato
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The application is offered as containerized API/Web Client builds that are signed using Docker Content Trust.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13528,13 +14042,17 @@ Provide a cryptographic hash value that can be verified by a system administrato
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000133</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222514r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222514r879586_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13612,7 +14130,7 @@ If file restrictions do not limit write access to library files and if the appli
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13620,7 +14138,7 @@ If file restrictions do not limit write access to library files and if the appli
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API is designed to be stateless and runnable in a read-only  container.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13633,13 +14151,17 @@ If file restrictions do not limit write access to library files and if the appli
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222515r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222515r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13736,7 +14258,7 @@ If the high risk issues identified in the report have not been fixed or mitigate
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13744,7 +14266,7 @@ If the high risk issues identified in the report have not been fixed or mitigate
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Deployments must be scanned according to individual or organizational policies. Developers scan the codebase regularly in a test environment, but this is only one component of a functioning production deployment.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13757,13 +14279,17 @@ If the high risk issues identified in the report have not been fixed or mitigate
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000384</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222516r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222516r879757_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13839,7 +14365,7 @@ If application requirements or policy documents specify application execution re
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13847,7 +14373,7 @@ If application requirements or policy documents specify application execution re
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Organization-defined policies regarding software program usage and restrictions, and/or rules authorizing the terms and conditions of software program usage are determined locally and not by the project.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13860,13 +14386,17 @@ If application requirements or policy documents specify application execution re
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000386</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222517r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222517r879759_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13944,7 +14474,7 @@ If application whitelisting is not utilized or does not follow a deny-all, permi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13952,7 +14482,7 @@ If application whitelisting is not utilized or does not follow a deny-all, permi
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The application is not a configuration management or similar type of application designed to manage system processes and configurations, this requirement is not applicable.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13965,13 +14495,17 @@ If application whitelisting is not utilized or does not follow a deny-all, permi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000141</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222518r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222518r879587_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13997,7 +14531,7 @@ Examples of non-essential capabilities include, but are not limited to, advertis
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Review the application guidance, application requirements documentation, and interview the application administrator.
 
-Identify the application&#x27;s operational requirements and what services the application is intended to provide users.
+Identify the application&apos;s operational requirements and what services the application is intended to provide users.
 
 Review the overall application features and functionality via the user interface.
 
@@ -14009,7 +14543,7 @@ If the application is operating with extraneous capabilities that have not been
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Disable application extraneous application functionality that is not required in order to fulfill the application&#x27;s mission.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Disable application extraneous application functionality that is not required in order to fulfill the application&apos;s mission.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -14049,7 +14583,7 @@ If the application is operating with extraneous capabilities that have not been
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14057,7 +14591,7 @@ If the application is operating with extraneous capabilities that have not been
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The application runs only essential services needed for operation.  Container images are based on either the Alpine Linux distribution or the Iron Bank Universal Base Image (UBI).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14070,13 +14604,17 @@ If the application is operating with extraneous capabilities that have not been
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000142</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222519r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222519r918119_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14106,15 +14644,11 @@ Interview the application administrator.
 
 Identify the network ports and protocols that are utilized by the application.
 
-Using a combination of relevant OS commands and application configuration utilities identify the TCP/IP port numbers the application is configured to utilize and is utilizing.
-
-Review the PPSM web page at:
+Using a combination of relevant OS commands and application configuration utilities, identify the TCP/IP port numbers the application is configured to utilize and is utilizing.
 
-http://www.disa.mil/Network-Services/Enterprise-Connections/PPSM
+Review the PPSM Category Assurance List (CAL) at: 
 
-Review the PPSM Category Assurance List (CAL) directly at the following link: 
-
-https://disa.deps.mil/ext/cop/iase/ppsm/Pages/cal.aspx
+https://cyber.mil/ppsm/cal/
 
 Verify the ports used by the application are approved by the PPSM CAL.
 
@@ -14162,7 +14696,7 @@ If the ports are not approved by the PPSM CAL, this is a finding.</ATTRIBUTE_DAT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14170,7 +14704,7 @@ If the ports are not approved by the PPSM CAL, this is a finding.</ATTRIBUTE_DAT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>PPS features are implemented by the Container Platform service.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14183,13 +14717,17 @@ If the ports are not approved by the PPSM CAL, this is a finding.</ATTRIBUTE_DAT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000389</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222520r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222520r879762_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14236,7 +14774,7 @@ Authenticate to the application as the user in the User role.
 
 Access the application functionality that allows the user to change their role and change from the User role to the Report Creator role.
 
-If the user is not prompted to reauthenticate before the user&#x2019;s role is changed, this is a finding.
+If the user is not prompted to reauthenticate before the user’s role is changed, this is a finding.
 
 Log out of the application and log back in as the User role.
 
@@ -14288,7 +14826,7 @@ If the user is not prompted to reauthenticate before the user is allowed to proc
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14296,7 +14834,7 @@ If the user is not prompted to reauthenticate before the user is allowed to proc
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider. Reauthentication policies are locally defined and implemented.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14309,13 +14847,17 @@ If the user is not prompted to reauthenticate before the user is allowed to proc
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000390</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222521r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222521r879763_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14400,7 +14942,7 @@ If the device is not forced to reauthenticate periodically, this is a finding.</
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14408,7 +14950,7 @@ If the device is not forced to reauthenticate periodically, this is a finding.</
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider. Reauthentication policies are locally defined and implemented.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14421,13 +14963,17 @@ If the device is not forced to reauthenticate periodically, this is a finding.</
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000148</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222522r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222522r879589_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14506,7 +15052,7 @@ If the application does not uniquely identify and authenticate users, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14514,7 +15060,7 @@ If the application does not uniquely identify and authenticate users, this is a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14527,13 +15073,17 @@ If the application does not uniquely identify and authenticate users, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000149</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222523r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222523r879590_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14552,7 +15102,7 @@ Factors include:
 (ii) something a user has (e.g., cryptographic identification device, token); or
 (iii) something a user is (e.g., biometric).
 
-Multifactor authentication decreases the attack surface by virtue of the fact that attackers must obtain two factors, a physical token or a biometric and a PIN, in order to authenticate.  It is not enough to simply steal a user&#x27;s password to obtain access.  
+Multifactor authentication decreases the attack surface by virtue of the fact that attackers must obtain two factors, a physical token or a biometric and a PIN, in order to authenticate.  It is not enough to simply steal a user&apos;s password to obtain access.  
 
 A privileged account is defined as an information system account with authorizations of a privileged user.  
 
@@ -14618,7 +15168,7 @@ If the application allows administrative access to the application without requi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14626,7 +15176,7 @@ If the application allows administrative access to the application without requi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14639,13 +15189,17 @@ If the application allows administrative access to the application without requi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000391</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222524r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222524r879764_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14719,7 +15273,7 @@ If the application allows access without requiring a CAC, this is a finding.</AT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14727,7 +15281,7 @@ If the application allows access without requiring a CAC, this is a finding.</AT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14740,13 +15294,17 @@ If the application allows access without requiring a CAC, this is a finding.</AT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000392</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222525r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222525r879765_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14824,7 +15382,7 @@ If the application allows access without requiring a CAC, this is a finding.</AT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14832,7 +15390,7 @@ If the application allows access without requiring a CAC, this is a finding.</AT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider. Reauthentication policies are locally defined and implemented.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14845,13 +15403,17 @@ If the application allows access without requiring a CAC, this is a finding.</AT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000150</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222526r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222526r879591_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14939,7 +15501,7 @@ If the application allows access without requiring a CAC or Alt. Token, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14947,7 +15509,7 @@ If the application allows access without requiring a CAC or Alt. Token, this is
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14960,13 +15522,17 @@ If the application allows access without requiring a CAC or Alt. Token, this is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000151</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222527r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222527r879592_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14985,7 +15551,7 @@ Factors include:
 (ii) something a user has (e.g., cryptographic identification device, token); or
 (iii) something a user is (e.g., biometric).
 
-Multifactor authentication decreases the attack surface by virtue of the fact that attackers must obtain two factors, a physical token or a biometric and a PIN, in order to authenticate.  It is not enough to simply steal a user&#x27;s password to obtain access.  
+Multifactor authentication decreases the attack surface by virtue of the fact that attackers must obtain two factors, a physical token or a biometric and a PIN, in order to authenticate.  It is not enough to simply steal a user&apos;s password to obtain access.  
 
 A privileged account is defined as an information system account with authorizations of a privileged user.  
 
@@ -15053,7 +15619,7 @@ If the application allows administrative access to the application without requi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15061,7 +15627,7 @@ If the application allows administrative access to the application without requi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15074,13 +15640,17 @@ If the application allows administrative access to the application without requi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000152</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222528r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222528r879593_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15167,7 +15737,7 @@ If the application allows access without requiring a CAC or Alt. Token, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15175,7 +15745,7 @@ If the application allows access without requiring a CAC or Alt. Token, this is
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15188,13 +15758,17 @@ If the application allows access without requiring a CAC or Alt. Token, this is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000153</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222529r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222529r879594_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15274,7 +15848,7 @@ If the application allows access without first requiring the group member to aut
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15282,7 +15856,7 @@ If the application allows access without first requiring the group member to aut
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not use group or shared accounts.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15295,13 +15869,17 @@ If the application allows access without first requiring the group member to aut
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000156</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222530r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222530r879597_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15313,12 +15891,12 @@ If the application allows access without first requiring the group member to aut
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack.
-
-An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
-
-A privileged account is any information system account with authorizations of a privileged user.
-
+          <ATTRIBUTE_DATA>A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack.
+
+An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
+
+A privileged account is any information system account with authorizations of a privileged user.
+
 Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
@@ -15327,26 +15905,26 @@ Techniques used to address this include protocols using nonces (e.g., numbers ge
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review application documentation and interview application administrator to identify what authentication mechanisms are used when accessing the application.
-
-If the application is hosting publicly releasable information that does not require authentication, or if the application users are not eligible for a DoD CAC as per DoD 8520, this requirement is not applicable.
-
-Review to ensure the application is utilizing TLSV1.2 or greater to protect communication and privileged user authentication traffic.
-
-Verify the application utilizes a strong authentication mechanism such as Kerberos, IPSEC, or Secure Shell (SSH).
-
-- Cryptographically sign web services packets.
-- Time stamps and cryptographic hashes are used with web services packets.
-- Use WS_Security for web services.
-
-Request the most recent vulnerability scan results and configuration settings.
-
-Verify the configuration is set to test for known replay vulnerabilities.
-
-Request code review results (if available) and review for issues that have been identified as potential replay attack vulnerabilities.
-
-Verify identified issues have been remediated.
-
+          <ATTRIBUTE_DATA>Review application documentation and interview application administrator to identify what authentication mechanisms are used when accessing the application.
+
+If the application is hosting publicly releasable information that does not require authentication, or if the application users are not eligible for a DoD CAC as per DoD 8520, this requirement is not applicable.
+
+Review to ensure the application is utilizing TLSV1.2 or greater to protect communication and privileged user authentication traffic.
+
+Verify the application utilizes a strong authentication mechanism such as Kerberos, IPSEC, or Secure Shell (SSH).
+
+- Cryptographically sign web services packets.
+- Time stamps and cryptographic hashes are used with web services packets.
+- Use WS_Security for web services.
+
+Request the most recent vulnerability scan results and configuration settings.
+
+Verify the configuration is set to test for known replay vulnerabilities.
+
+Request code review results (if available) and review for issues that have been identified as potential replay attack vulnerabilities.
+
+Verify identified issues have been remediated.
+
 If the application is not implementing replay-resistant authentication methods applicable to the application architecture, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
@@ -15391,7 +15969,7 @@ If the application is not implementing replay-resistant authentication methods a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15399,7 +15977,7 @@ If the application is not implementing replay-resistant authentication methods a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Replay-resistant authentication mechanisms are implemented by the OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15412,13 +15990,17 @@ If the application is not implementing replay-resistant authentication methods a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000157</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222531r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222531r879598_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15430,14 +16012,14 @@ If the application is not implementing replay-resistant authentication methods a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>A replay attack is a man-in-the-middle style attack which allows an attacker to repeat or alter a valid data transmission that may enable unauthorized access to the application. Authentication sessions between the authenticating client and the application server validating the user credentials must not be vulnerable to a replay attack.
-
-The protection methods selected to protect against a replay attack will vary according to the application architecture.
-
-An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
-
-A non-privileged account is any operating system account with authorizations of a non-privileged user.
-
+          <ATTRIBUTE_DATA>A replay attack is a man-in-the-middle style attack which allows an attacker to repeat or alter a valid data transmission that may enable unauthorized access to the application. Authentication sessions between the authenticating client and the application server validating the user credentials must not be vulnerable to a replay attack.
+
+The protection methods selected to protect against a replay attack will vary according to the application architecture.
+
+An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
+
+A non-privileged account is any operating system account with authorizations of a non-privileged user.
+
 Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one time use) or challenges (e.g., TLS, WS_Security) and PKI certificates. Additional techniques include time-synchronous or challenge-response one-time authenticators.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
@@ -15446,26 +16028,26 @@ Techniques used to address this include protocols using nonces (e.g., numbers ge
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator to identify what authentication mechanisms are used when accessing the application.
-
-If the application is hosting publicly releasable information that does not require authentication, or if the application users are not eligible for a DoD CAC as per DoD 8520, this requirement is not applicable.
-
-Review to ensure the application is utilizing TLSV1.2 or greater to protect communication and non-privileged user authentication traffic.
-
-Verify the application utilizes a strong authentication mechanism such as Kerberos, IPSEC, or Secure Shell (SSH).
-
-- Cryptographically sign web services packets.
-- Time stamps and cryptographic hashes are used with web services packets.
-- Use WS_Security for web services.
-
-Request the most recent vulnerability scan results and configuration settings.
-
-Verify the configuration is set to test for known replay vulnerabilities.
-
-Request code review results (if available) and review for issues that have been identified as potential replay attack vulnerabilities.
-
-Verify identified issues have been remediated.
-
+          <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator to identify what authentication mechanisms are used when accessing the application.
+
+If the application is hosting publicly releasable information that does not require authentication, or if the application users are not eligible for a DoD CAC as per DoD 8520, this requirement is not applicable.
+
+Review to ensure the application is utilizing TLSV1.2 or greater to protect communication and non-privileged user authentication traffic.
+
+Verify the application utilizes a strong authentication mechanism such as Kerberos, IPSEC, or Secure Shell (SSH).
+
+- Cryptographically sign web services packets.
+- Time stamps and cryptographic hashes are used with web services packets.
+- Use WS_Security for web services.
+
+Request the most recent vulnerability scan results and configuration settings.
+
+Verify the configuration is set to test for known replay vulnerabilities.
+
+Request code review results (if available) and review for issues that have been identified as potential replay attack vulnerabilities.
+
+Verify identified issues have been remediated.
+
 If the application is not implementing replay-resistant authentication methods applicable to the application architecture, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
@@ -15510,7 +16092,7 @@ If the application is not implementing replay-resistant authentication methods a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15518,7 +16100,7 @@ If the application is not implementing replay-resistant authentication methods a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Replay-resistant authentication mechanisms are implemented by the OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15531,13 +16113,17 @@ If the application is not implementing replay-resistant authentication methods a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000158</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222532r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222532r879599_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15551,9 +16137,9 @@ If the application is not implementing replay-resistant authentication methods a
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Without identifying devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity.
 
-With one way SSL authentication which is the typical form of SSL authentication done between a web browser client and a web server, the client requests the server certificate to validate the server&#x27;s identity and establish a secure connection.
+With one way SSL authentication which is the typical form of SSL authentication done between a web browser client and a web server, the client requests the server certificate to validate the server&apos;s identity and establish a secure connection.
 
-When SSL mutual authentication is used, the server is configured to request the client&#x2019;s certificate as well so the server can also identify the client.
+When SSL mutual authentication is used, the server is configured to request the client’s certificate as well so the server can also identify the client.
 
 For distributed architectures (e.g., service-oriented architectures), the decisions regarding the validation of identification claims may be made by services separate from the services acting on those decisions. In such situations, it is necessary to provide the identification decisions (as opposed to the actual identifiers) to the services that need to act on those decisions.
 
@@ -15588,7 +16174,7 @@ E.g., web.xml stored in WEB-INF/ sub directory of the application root folder.
 
 Open the web.xml file using a text editor.
 
-Verify the application deployment descriptor for the application and the resource requiring protection under the &#x22;login-config&#x22; element is set to CLIENT-CERT.
+Verify the application deployment descriptor for the application and the resource requiring protection under the &quot;login-config&quot; element is set to CLIENT-CERT.
 
 If SSL mutual authentication is required and is not being utilized, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -15634,7 +16220,7 @@ If SSL mutual authentication is required and is not being utilized, this is a fi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15642,7 +16228,7 @@ If SSL mutual authentication is required and is not being utilized, this is a fi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Mutual authentication mechanisms are implemented by the OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15655,13 +16241,17 @@ If SSL mutual authentication is required and is not being utilized, this is a fi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000394</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222533r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222533r879767_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15748,7 +16338,7 @@ If no authentication mechanism is used to authenticate remote service consumers/
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15756,7 +16346,7 @@ If no authentication mechanism is used to authenticate remote service consumers/
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>All API endpoint access requires a valid OAuth2 token issued by the application OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15769,13 +16359,17 @@ If no authentication mechanism is used to authenticate remote service consumers/
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000395</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222534r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222534r879768_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15789,9 +16383,9 @@ If no authentication mechanism is used to authenticate remote service consumers/
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Without identifying devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity.
 
-One way SSL/TLS authentication is the typical form of  authentication done between a web browser client and a web server. The client requests the server certificate to validate the server&#x27;s identity and establish a secure connection.
+One way SSL/TLS authentication is the typical form of  authentication done between a web browser client and a web server. The client requests the server certificate to validate the server&apos;s identity and establish a secure connection.
 
-When SSL/TLS mutual authentication is used, the server is configured to request the client&#x2019;s certificate as well so the server can also identify the client. This form of authentication is normally chosen for system to system communications that leverage HTTP as the transport.
+When SSL/TLS mutual authentication is used, the server is configured to request the client’s certificate as well so the server can also identify the client. This form of authentication is normally chosen for system to system communications that leverage HTTP as the transport.
 
 It should be noted that SSL is being deprecated and replaced with TLS.
 
@@ -15823,7 +16417,7 @@ Verify endpoints are configured for client authentication (mutual authentication
 
 Some application architectures configure their settings in text/xml formatted files; in that case, have the application administrator identify the configuration files used by the application (e.g., web.xml stored in WEB-INF/ sub directory of the application root folder).
 
-Open the web.xml file using a text editor and verify the application deployment descriptor for the application and the resource requiring protection under the &#x22;login-config&#x22; element is set to CLIENT-CERT.
+Open the web.xml file using a text editor and verify the application deployment descriptor for the application and the resource requiring protection under the &quot;login-config&quot; element is set to CLIENT-CERT.
 
 If SSL/TLS mutual authentication is required due to the application processing non-releasable data and SSL/TLS mutual authentication not being utilized, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -15869,15 +16463,15 @@ If SSL/TLS mutual authentication is required due to the application processing n
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001967</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.  Devices should perform mutual authentication with the OIDC Provider via the  &#x27;client credentials&#x27; flow with Signed JWT or equivalent  PKI technologies.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.  Devices should perform mutual authentication with the OIDC Provider via the  &apos;client credentials&apos; flow with Signed JWT or equivalent  PKI technologies.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15890,13 +16484,17 @@ If SSL/TLS mutual authentication is required due to the application processing n
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000163</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222535r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222535r879600_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15990,15 +16588,15 @@ If the application does not disable accounts used to authenticate devices after
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000795</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider. Devices should perform mutual authentication with the OIDC Provider via the  &#x27;client credentials&#x27; flow with Signed JWT or equivalent  PKI technologies.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider. Devices should perform mutual authentication with the OIDC Provider via the  &apos;client credentials&apos; flow with Signed JWT or equivalent  PKI technologies.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16011,13 +16609,17 @@ If the application does not disable accounts used to authenticate devices after
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000164</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222536r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222536r879601_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16105,7 +16707,7 @@ If a password shorter than 15 characters can be created, this is a finding.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16113,7 +16715,7 @@ If a password shorter than 15 characters can be created, this is a finding.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16126,13 +16728,17 @@ If a password shorter than 15 characters can be created, this is a finding.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000166</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222537r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222537r879603_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16218,7 +16824,7 @@ If a password without at least one upper-case character can be created, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16226,7 +16832,7 @@ If a password without at least one upper-case character can be created, this is
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16239,13 +16845,17 @@ If a password without at least one upper-case character can be created, this is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000167</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222538r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222538r879604_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16331,7 +16941,7 @@ If a password without at least one lower-case character can be created, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16339,7 +16949,7 @@ If a password without at least one lower-case character can be created, this is
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16352,13 +16962,17 @@ If a password without at least one lower-case character can be created, this is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000168</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222539r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222539r879605_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16444,7 +17058,7 @@ If a password without at least one numeric character can be created, this is a f
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16452,7 +17066,7 @@ If a password without at least one numeric character can be created, this is a f
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16465,13 +17079,17 @@ If a password without at least one numeric character can be created, this is a f
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000169</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222540r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222540r879606_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16557,7 +17175,7 @@ If a password without at least one special character can be created, this is a f
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16565,7 +17183,7 @@ If a password without at least one special character can be created, this is a f
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16578,13 +17196,17 @@ If a password without at least one special character can be created, this is a f
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000170</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222541r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222541r879607_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16670,7 +17292,7 @@ If less than 8 characters of the password are changed, this is a finding.</ATTRI
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16678,7 +17300,7 @@ If less than 8 characters of the password are changed, this is a finding.</ATTRI
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16691,13 +17313,17 @@ If less than 8 characters of the password are changed, this is a finding.</ATTRI
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000171</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222542r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222542r879608_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16721,7 +17347,7 @@ and
 
 - When the application is publicly available and or hosting publicly releasable data requiring some degree of need-to-know protection.
 
-Passwords need to be protected at all times and using a strong one-way hashing encryption algorithm with a salt is the standard method for providing a means to validate a user&#x27;s password without having to store the actual password.  
+Passwords need to be protected at all times and using a strong one-way hashing encryption algorithm with a salt is the standard method for providing a means to validate a user&apos;s password without having to store the actual password.  
 
 Performance and time required to access are factors that must be considered and the one way hash is the most feasible means of securing the password and providing an acceptable measure of password security.  If passwords are stored in clear text, they can be plainly read and easily compromised.
 
@@ -16750,7 +17376,7 @@ Applications must only store passwords that have been cryptographically protecte
 
 If the application does not use passwords, the requirement is not applicable.
 
-Have the application administrator identify the application&#x27;s password storage locations.  Potential locations include the local file system where the application is stored or in an application-related database table that should not be accessible to application users.
+Have the application administrator identify the application&apos;s password storage locations.  Potential locations include the local file system where the application is stored or in an application-related database table that should not be accessible to application users.
 
 Review application files and folders using a text editor or by using a database tool that allows you to view data stored in database tables.  Look for indications of stored user information and review that information.  Determine if password strings are readable/discernable.
 
@@ -16804,7 +17430,7 @@ Ensure strong access control permissions on data files containing authentication
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16812,7 +17438,7 @@ Ensure strong access control permissions on data files containing authentication
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16825,13 +17451,17 @@ Ensure strong access control permissions on data files containing authentication
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000172</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222543r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222543r879609_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16873,7 +17503,7 @@ Identify when the application transmits passwords. This will most likely be when
 
 Access the application management interface with a test account and access the functionality that requires a password be provided. If the interface is via a web browser, verify the web browser has gone secure prior to entering any password or authentication information.
 
-This can be done by viewing the browser and observing a &#x201C;lock&#x201D; icon displayed somewhere in the browser as well as an https:// to indicate an SSL connection. Most browsers display this in the upper left hand corner.
+This can be done by viewing the browser and observing a “lock” icon displayed somewhere in the browser as well as an https:// to indicate an SSL connection. Most browsers display this in the upper left hand corner.
 
 If the application is transmitting the password rather than the user, obtain design documentation from the application admin that provides the details on how they are protecting the password during transmission. This will usually be via a TLS/SSL tunneled connection or VPN.
 
@@ -16921,7 +17551,7 @@ If the passwords are not encrypted when being transmitted, this is a finding.</A
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16929,7 +17559,7 @@ If the passwords are not encrypted when being transmitted, this is a finding.</A
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16942,13 +17572,17 @@ If the passwords are not encrypted when being transmitted, this is a finding.</A
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000173</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222544r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222544r879610_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16974,7 +17608,7 @@ and
 
 Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement.
 
-Restricting this setting limits the user&#x27;s ability to change their password. Passwords need to be changed at specific policy-based intervals; however, if the application allows the user to immediately and continually change their password, then the password could be repeatedly changed in a short period of time to defeat the organization&#x27;s policy regarding password reuse.</ATTRIBUTE_DATA>
+Restricting this setting limits the user&apos;s ability to change their password. Passwords need to be changed at specific policy-based intervals; however, if the application allows the user to immediately and continually change their password, then the password could be repeatedly changed in a short period of time to defeat the organization&apos;s policy regarding password reuse.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -17034,7 +17668,7 @@ If a password can be changed more than once within 24 hours, the minimum lifetim
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17042,7 +17676,7 @@ If a password can be changed more than once within 24 hours, the minimum lifetim
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17055,13 +17689,17 @@ If a password can be changed more than once within 24 hours, the minimum lifetim
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000174</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222545r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222545r879611_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17149,7 +17787,7 @@ If user passwords are not configured to expire after 60 days, or if the applicat
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17157,7 +17795,7 @@ If user passwords are not configured to expire after 60 days, or if the applicat
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17170,13 +17808,17 @@ If user passwords are not configured to expire after 60 days, or if the applicat
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000165</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222546r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222546r879602_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17264,7 +17906,7 @@ If the application does not prevent users from reusing their previous 5 password
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17272,7 +17914,7 @@ If the application does not prevent users from reusing their previous 5 password
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17285,13 +17927,17 @@ If the application does not prevent users from reusing their previous 5 password
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000397</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222547r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222547r879770_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17331,7 +17977,7 @@ If the application does not use passwords, the requirement is not applicable.
 
 Access the application management interface and view the user password settings page.
 
-Review user password settings and validate the application is configured to specify when a password is temporary and force a password change when the administrator either creates a new user account or changes a user&#x2019;s password.
+Review user password settings and validate the application is configured to specify when a password is temporary and force a password change when the administrator either creates a new user account or changes a user’s password.
 
 If the application can not specify a password as temporary and force the user to change the temporary password upon successful authentication, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -17377,7 +18023,7 @@ If the application can not specify a password as temporary and force the user to
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17385,7 +18031,7 @@ If the application can not specify a password as temporary and force the user to
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17398,13 +18044,17 @@ If the application can not specify a password as temporary and force the user to
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222548r561251_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222548r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17416,11 +18066,11 @@ If the application can not specify a password as temporary and force the user to
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>If the application allows user A to change user B&#x27;s password,  user B can be locked out of the application, and user A is provided the ability to grant themselves access to the application as user B.  This violates application integrity and availability principles.
+          <ATTRIBUTE_DATA>If the application allows user A to change user B&apos;s password,  user B can be locked out of the application, and user A is provided the ability to grant themselves access to the application as user B.  This violates application integrity and availability principles.
 
 Many applications provide a password reset capability that allows the user to reset their password if they forget it.
 
-Protections must be utilized when establishing a password change or reset capability to prevent user A from changing user B&#x27;s password.
+Protections must be utilized when establishing a password change or reset capability to prevent user A from changing user B&apos;s password.
 
 Protection is usually accomplished by having each user provide an out of bounds (OOB) communication address such as a separate email address or SMS/text address (mobile phone) that can be used to transmit password reset/change information.
 
@@ -17436,19 +18086,19 @@ Applications must prevent users other than the administrator or the user associa
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Review the application documentation and interview application administrator.
 
-Determine if the application utilizes passwords.  If the application does not utilize passwords, the requirement is NA.
+Determine if the application utilizes passwords. If the application does not utilize passwords, the requirement is NA.
 
-Identify the processes, commands or web pages the application uses to allow application users to change their own passwords.  This includes but is not limited to password resets.
+Identify the processes, commands or web pages the application uses to allow application users to change their own passwords. This includes but is not limited to password resets.
 
 If the application does not allow users to change or reset their passwords, the requirement is NA.
 
-Obtain two application test accounts, referred to here as User A and User B.  Access the application as User A.  Utilize the application password reset or change processes and determine if User A is allowed to specify or otherwise force a password change for User B.
+Obtain two application test accounts, referred to here as User A and User B. Access the application as User A. Utilize the application password reset or change processes and determine if User A is allowed to specify or otherwise force a password change for User B.
 
-If User A is allowed to change or force a reset of User B&#x27;s password, this is a finding.</ATTRIBUTE_DATA>
+If User A is allowed to change or force a reset of User B&apos;s password, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Use a CAC to authenticate users instead of using passwords.  If application users are prohibited or prevented from obtaining a CAC due to DoD policy requirements and passwords are the only viable option, design the application to utilize a secure password change or password reset process.
+          <ATTRIBUTE_DATA>Use a CAC to authenticate users instead of using passwords. If application users are prohibited or prevented from obtaining a CAC due to DoD policy requirements and passwords are the only viable option, design the application to utilize a secure password change or password reset process.
 
 Utilize out of band (OOB) communication techniques to communicate password change requests to users.
 
@@ -17494,19 +18144,15 @@ Ensure users are only allowed to change their own passwords.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000184</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17519,13 +18165,17 @@ Ensure users are only allowed to change their own passwords.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000400</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222549r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222549r879773_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17537,11 +18187,11 @@ Ensure users are only allowed to change their own passwords.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The application must ensure that a user does not retain any rights that may have been granted or retain access to the application after the user&#x27;s authorization or role within the application has been deleted or modified.  This means once a user&#x27;s role/account within the application has been modified, deleted or disabled, the changes must be enforced immediately within the application.  Any privileges or access the user had prior to the change must not be retained.  For example; any application sessions that the user may have already established prior to the configuration change must be terminated when the user account changes occur.
+          <ATTRIBUTE_DATA>The application must ensure that a user does not retain any rights that may have been granted or retain access to the application after the user&apos;s authorization or role within the application has been deleted or modified.  This means once a user&apos;s role/account within the application has been modified, deleted or disabled, the changes must be enforced immediately within the application.  Any privileges or access the user had prior to the change must not be retained.  For example; any application sessions that the user may have already established prior to the configuration change must be terminated when the user account changes occur.
 
 Simply removing a user from a web application without terminating any existing application user sessions can introduce a scenario where the deleted user still has access to the application even though their account has been deleted from the authentication store. This can be attributed to browser caching and session management on the web server.
 
-To address this, the web application must provide a means for ensuring this type of &#x22;zombie&#x22; access does not occur. Applications must provide a user management feature or function that will terminate any existing user sessions at the same time or just before the user account is terminated from the authoritative authentication source.</ATTRIBUTE_DATA>
+To address this, the web application must provide a means for ensuring this type of &quot;zombie&quot; access does not occur. Applications must provide a user management feature or function that will terminate any existing user sessions at the same time or just before the user account is terminated from the authoritative authentication source.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -17603,7 +18253,7 @@ If the test user retains access after the test account has been deleted, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17611,7 +18261,7 @@ If the test user retains access after the test account has been deleted, this is
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider. Low-latency session termination should be configured on the OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17624,13 +18274,17 @@ If the test user retains access after the test account has been deleted, this is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000175</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222550r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222550r879612_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17662,7 +18316,7 @@ Review the method to determine if a certification path that includes status info
 
 Some applications may utilize underlying OS certificate validation and certificate path building capabilities while others may build the capability into the application itself.
 
-The certification path will include the intermediary certificate CAs along with a status of the CA server&#x27;s signing certificate and will end at the trusted root anchor.
+The certification path will include the intermediary certificate CAs along with a status of the CA server&apos;s signing certificate and will end at the trusted root anchor.
 
 If the application does not construct a certificate path to an accepted trust anchor, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -17708,7 +18362,7 @@ If the application does not construct a certificate path to an accepted trust an
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17716,7 +18370,7 @@ If the application does not construct a certificate path to an accepted trust an
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17729,13 +18383,17 @@ If the application does not construct a certificate path to an accepted trust an
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000176</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222551r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222551r879613_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17761,7 +18419,7 @@ Both the holders of a digital certificate and the issuing authority must protect
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator to identify where the application&#x27;s private key is stored.
+          <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator to identify where the application&apos;s private key is stored.
 
 If the application does not perform code signing or other cryptographic tasks requiring a private key, this requirement is not applicable.
 
@@ -17819,7 +18477,7 @@ If unauthorized access is granted to the private key(s), this is a finding.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17827,7 +18485,7 @@ If unauthorized access is granted to the private key(s), this is a finding.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17840,13 +18498,17 @@ If unauthorized access is granted to the private key(s), this is a finding.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000177</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222552r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222552r879614_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17918,7 +18580,7 @@ If the application does not map the certificate data to an individual user or gr
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17926,7 +18588,7 @@ If the application does not map the certificate data to an individual user or gr
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17939,13 +18601,17 @@ If the application does not map the certificate data to an individual user or gr
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000401</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222553r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222553r879774_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18023,7 +18689,7 @@ If the application is not configured to implement a CRL, this is a finding.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18031,7 +18697,7 @@ If the application is not configured to implement a CRL, this is a finding.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18044,13 +18710,17 @@ If the application is not configured to implement a CRL, this is a finding.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000178</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222554r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222554r879615_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18068,7 +18738,7 @@ Obfuscation of user-provided information when typed into the system is a method
 
 For example, displaying asterisks when a user types in a password is an example of obscuring feedback of authentication information.
 
-Another method is to display authentication feedback for a very limited time, usually in fractions of a second. This occurs during password character entry where the password characters are displayed for a very small window of time and then automatically obfuscated. This allows users with just enough time to confirm their password as they type it while limiting the ability of &#x22;shoulder surfers&#x22; to covertly witness the values.
+Another method is to display authentication feedback for a very limited time, usually in fractions of a second. This occurs during password character entry where the password characters are displayed for a very small window of time and then automatically obfuscated. This allows users with just enough time to confirm their password as they type it while limiting the ability of &quot;shoulder surfers&quot; to covertly witness the values.
 
 A common tactic employed to circumvent password obfuscation is to copy the obfuscated password and paste it to a text file.  Proper obfuscation techniques will not paste the clear text password.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -18132,7 +18802,7 @@ Design the application so obfuscated passwords cannot be copied and then pasted
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18140,7 +18810,7 @@ Design the application so obfuscated passwords cannot be copied and then pasted
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18151,7 +18821,11 @@ Design the application so obfuscated passwords cannot be copied and then pasted
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
@@ -18159,7 +18833,7 @@ Design the application so obfuscated passwords cannot be copied and then pasted
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222555r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222555r879616_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18175,7 +18849,7 @@ Design the application so obfuscated passwords cannot be copied and then pasted
 Based on the criticality of the application, system designers might choose to utilize a hardware based cryptographic module due to the protections and security benefits a hardware based solution provides over a software based solution. Due to various factors, including expense, hardware based encryption modules are usually relegated to only those applications where the system requirements specify it as a required protection. Examples include applications that handle extremely sensitive data or those used in life and death situations, e.g., weapons systems. 
 
 General purpose applications such as a web site will often opt to leverage an underlying software based encryption capability that is offered by the OS, database or application development framework.  Operating systems or database products often provide their own cryptographic modules that are FIPS 140-2 compliant and can meet the authentication to the crypto module requirement via their Role Based Access Controls (users and groups) built into the product.  
-In all cases, user&#x2019;s accessing the cryptographic module must be authenticated and granted the appropriate rights in order to access the encryption module.  Any encryption utilized by the access control mechanisms must be FIPS 140-2 compliant.</ATTRIBUTE_DATA>
+In all cases, user’s accessing the cryptographic module must be authenticated and granted the appropriate rights in order to access the encryption module.  Any encryption utilized by the access control mechanisms must be FIPS 140-2 compliant.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -18237,7 +18911,7 @@ If the cryptographic module that requires authentication is not on the FIPS-appr
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18245,7 +18919,7 @@ If the cryptographic module that requires authentication is not on the FIPS-appr
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18258,13 +18932,17 @@ If the cryptographic module that requires authentication is not on the FIPS-appr
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000180</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222556r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222556r879617_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18342,7 +19020,7 @@ If the application does not identify and authenticate non-organizational users a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18350,7 +19028,7 @@ If the application does not identify and authenticate non-organizational users a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18363,13 +19041,17 @@ If the application does not identify and authenticate non-organizational users a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000402</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222557r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222557r879775_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18445,7 +19127,7 @@ If the application is required to provide authenticated access to Federal agenci
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18453,7 +19135,7 @@ If the application is required to provide authenticated access to Federal agenci
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18466,13 +19148,17 @@ If the application is required to provide authenticated access to Federal agenci
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000403</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222558r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222558r879776_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18548,7 +19234,7 @@ If the application is required to provide authenticated access to Federal agenci
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18556,7 +19242,7 @@ If the application is required to provide authenticated access to Federal agenci
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18569,13 +19255,17 @@ If the application is required to provide authenticated access to Federal agenci
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000404</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222559r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222559r879777_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18590,7 +19280,7 @@ If the application is required to provide authenticated access to Federal agenci
           <ATTRIBUTE_DATA>FICAM establishes a federated identity framework for the Federal Government. FICAM provides Government-wide services for common Identity, Credential and Access Management (ICAM) requirements.  The FICAM Trust Framework Solutions (TFS) is the federated identity framework for the U.S. federal government.
  The TFS is a process by which Industry Trust Frameworks (The codification of requirements for credentials and their issuance, privacy and security requirements, as well as auditing qualifications and processes) are evaluated and assessed for potential use by the Government.  
 
-A Trust Framework that is comparable to federal standards is adopted through this process, which allows Federal Government Relying Parties (Federal Government web sites or RP&#x27;s) to trust Credential Service Providers a.k.a. Identity Providers that have been assessed under that particular trust framework.  This allows federal government relying parties to trust such credentials at their approved assurance levels. 
+A Trust Framework that is comparable to federal standards is adopted through this process, which allows Federal Government Relying Parties (Federal Government web sites or RP&apos;s) to trust Credential Service Providers a.k.a. Identity Providers that have been assessed under that particular trust framework.  This allows federal government relying parties to trust such credentials at their approved assurance levels. 
 
 This requirement only applies to applications that are intended to be accessible to non-federal government agencies and other partners through FICAM. 
 
@@ -18656,7 +19346,7 @@ If the application does not accept FICAM approved credentials when accepting thi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18664,7 +19354,7 @@ If the application does not accept FICAM approved credentials when accepting thi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18677,13 +19367,17 @@ If the application does not accept FICAM approved credentials when accepting thi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000405</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222560r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222560r879778_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18722,7 +19416,7 @@ This requirement applies to DoD service providers who are relying parties of ext
  
 Ask the application administrator to demonstrate how the application conforms to FICAM issued profiles such as SAML or OPENID.  
 
-If the application is designed to be a service provider utilizing an external identify provider and doesn&#x27;t conform to FICAM-issued profiles, this is a finding.</ATTRIBUTE_DATA>
+If the application is designed to be a service provider utilizing an external identify provider and doesn&apos;t conform to FICAM-issued profiles, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
@@ -18766,7 +19460,7 @@ If the application is designed to be a service provider utilizing an external id
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18774,7 +19468,7 @@ If the application is designed to be a service provider utilizing an external id
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The project conforms to OpenID Connect, a FICAM issued profile.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18787,13 +19481,17 @@ If the application is designed to be a service provider utilizing an external id
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000409</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222561r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222561r879782_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18811,7 +19509,7 @@ If events associated with non-local administrative access or diagnostic sessions
 
 This requirement addresses auditing-related issues associated with maintenance tools used specifically for diagnostic and repair actions on organizational information systems.
 
-This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &#x22;ping,&#x22; &#x22;ls,&#x22; &#x22;ipconfig,&#x22; or the hardware and software implementing the monitoring port of an Ethernet switch).</ATTRIBUTE_DATA>
+This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &quot;ping,&quot; &quot;ls,&quot; &quot;ipconfig,&quot; or the hardware and software implementing the monitoring port of an Ethernet switch).</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -18875,7 +19573,7 @@ If the application provides maintenance functions and capabilities and those fun
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18883,7 +19581,7 @@ If the application provides maintenance functions and capabilities and those fun
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not provide non-local maintenance and diagnostic capability.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18896,13 +19594,17 @@ If the application provides maintenance functions and capabilities and those fun
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000411</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222562r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222562r879784_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18918,7 +19620,7 @@ If the application provides maintenance functions and capabilities and those fun
 
 Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Local maintenance and diagnostic activities are those activities carried out by individuals physically present at the information system or information system component and not communicating across a network connection.
 
-This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &#x22;ping,&#x22; &#x22;ls,&#x22; &#x22;ipconfig,&#x22; or the hardware and software implementing the monitoring port of an Ethernet switch).
+This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &quot;ping,&quot; &quot;ls,&quot; &quot;ipconfig,&quot; or the hardware and software implementing the monitoring port of an Ethernet switch).
 
 The application can meet this requirement through leveraging a cryptographic module.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -18984,7 +19686,7 @@ If the application provides remote access to maintenance functions and capabilit
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18992,7 +19694,7 @@ If the application provides remote access to maintenance functions and capabilit
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not provide non-local maintenance and diagnostic capability.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -19005,13 +19707,17 @@ If the application provides remote access to maintenance functions and capabilit
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000412</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222563r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222563r879785_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -19091,7 +19797,7 @@ If the application provides remote access to maintenance functions and capabilit
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19099,7 +19805,7 @@ If the application provides remote access to maintenance functions and capabilit
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not provide non-local maintenance and diagnostic capability.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -19112,13 +19818,17 @@ If the application provides remote access to maintenance functions and capabilit
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000413</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222564r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222564r879786_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -19154,13 +19864,13 @@ Identify the IP address of the source system used to originate testing traffic.
 
 Access the operating system of the application host and execute the relevant OS commands to identify active TCP/IP sessions on the application host.
 
-For example, the &#x22;netstat -a&#x22; command will provide a status of all TCP/IP connections on both Windows and UNIX systems.
+For example, the &quot;netstat -a&quot; command will provide a status of all TCP/IP connections on both Windows and UNIX systems.
 
 Netstat output can be redirected to a file or the grep command can be used on UNIX systems to identify the specific application processes and network connections.
 
-netstat -a |grep -i &#x22;application process name&#x22; &#x3E; filename
+netstat -a |grep -i &quot;application process name&quot; &gt; filename
 or
-netstat  -a |grep -i source IP address &#x3E; filename
+netstat  -a |grep -i source IP address &gt; filename
 
 Utilizing the application, access using the appropriate role needed to execute maintenance tasks.
 
@@ -19216,7 +19926,7 @@ If the application provides remote access to maintenance functions and capabilit
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19224,7 +19934,7 @@ If the application provides remote access to maintenance functions and capabilit
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not provide non-local maintenance and diagnostic capability.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -19237,13 +19947,17 @@ If the application provides remote access to maintenance functions and capabilit
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000185</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222565r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222565r879620_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -19261,7 +19975,7 @@ Non-local maintenance and diagnostic activities are those activities conducted b
 
 Typically, strong authentication requires authenticators that are resistant to replay attacks and employ multifactor authentication. Strong authenticators include, for example, PKI where certificates are stored on a token protected by a password, passphrase, or biometric.
 
-This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &#x22;ping,&#x22; &#x22;ls,&#x22; &#x22;ipconfig,&#x22; or the hardware and software implementing the monitoring port of an Ethernet switch).</ATTRIBUTE_DATA>
+This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &quot;ping,&quot; &quot;ls,&quot; &quot;ipconfig,&quot; or the hardware and software implementing the monitoring port of an Ethernet switch).</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -19329,7 +20043,7 @@ If a CAC is not used when remotely accessing the application for maintenance or
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19337,7 +20051,7 @@ If a CAC is not used when remotely accessing the application for maintenance or
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not provide non-local maintenance and diagnostic capability.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -19350,13 +20064,17 @@ If a CAC is not used when remotely accessing the application for maintenance or
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000186</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222566r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222566r879621_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -19372,7 +20090,7 @@ If a CAC is not used when remotely accessing the application for maintenance or
 
 Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Local maintenance and diagnostic activities are those activities carried out by individuals physically present at the information system or information system component and not communicating across a network connection.
 
-This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &#x22;ping,&#x22; &#x22;ls,&#x22; &#x22;ipconfig,&#x22; or the hardware and software implementing the monitoring port of an Ethernet switch).</ATTRIBUTE_DATA>
+This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &quot;ping,&quot; &quot;ls,&quot; &quot;ipconfig,&quot; or the hardware and software implementing the monitoring port of an Ethernet switch).</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -19440,7 +20158,7 @@ If the application does not deny access after each user session has exceeded the
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19448,7 +20166,7 @@ If the application does not deny access after each user session has exceeded the
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not provide non-local maintenance and diagnostic capability.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -19461,13 +20179,17 @@ If the application does not deny access after each user session has exceeded the
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222567r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222567r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -19553,7 +20275,7 @@ Validate that variable values do not change while a switch event is occurring.</
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19565,7 +20287,7 @@ Validate that variable values do not change while a switch event is occurring.</
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Code review by SonarCloud tests reveal no race conditions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -19578,13 +20300,17 @@ Validate that variable values do not change while a switch event is occurring.</
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000190</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222568r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222568r879622_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -19620,11 +20346,11 @@ Identify any documented exceptions to the requirement and review associated miti
 
 If the application provides a management interface for controlling or monitoring application network sessions, access that management interface.  Monitor application network activity.  
 
-If the application utilizes the underlying OS to control network connections, access the command prompt of the OS.  Run the OS command for observing network connections at the OS.  For Windows and Unix OS&#x27;s, use the &#x22;netstat&#x22; command.  Include command parameters that identify the application and/or process ID. netstat /? or -h provides the list of available parameters.
+If the application utilizes the underlying OS to control network connections, access the command prompt of the OS.  Run the OS command for observing network connections at the OS.  For Windows and Unix OS&apos;s, use the &quot;netstat&quot; command.  Include command parameters that identify the application and/or process ID. netstat /? or -h provides the list of available parameters.
 
 Observe network activity and associate application processes with network connections.  Repeat use of the command to identify changing network state.
 
-Determine if application session network connections are being terminated at the end of the session by observing the &#x22;state&#x22; column of the netstat command output with each iteration.
+Determine if application session network connections are being terminated at the end of the session by observing the &quot;state&quot; column of the netstat command output with each iteration.
 
 If the application does not terminate network connections when application sessions end, this is a finding.
 
@@ -19672,7 +20398,7 @@ If exceptions are documented with no mitigation this is a finding.</ATTRIBUTE_DA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19680,74 +20406,46 @@ If exceptions are documented with no mitigation this is a finding.</ATTRIBUTE_DA
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The application relies on the underlying OS to control the network connection aspect of the application which is perfectly acceptable.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
       <VULN>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>V-222569</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>V-222570</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SRG-APP-000416</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SRG-APP-000514</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222569r561293_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222570r879885_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>APSC-DV-002010</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>APSC-DV-002020</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The application must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>The application must utilize FIPS-validated cryptographic modules when signing application components.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect classified data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.
- 
-Advanced Encryption Standard (AES)
-Symmetric block cipher used for information protection
-FIPS Pub 197
-Use 256 bit keys to protect up to TOP SECRET
-
-Elliptic Curve Diffie-Hellman (ECDH) Key Exchange
-Asymmetric algorithm used for key establishment
-NIST SP 800-56A
-Use Curve P-384 to protect up to TOP SECRET.
-
-Elliptic Curve Digital Signature Algorithm (ECDSA)
-Asymmetric algorithm used for digital signatures
-FIPS Pub 186-4
-Use Curve P-384 to protect up to TOP SECRET.
-
-Secure Hash Algorithm (SHA)
-Algorithm used for computing a condensed representation of information
-FIPS Pub 180-4
-
-Use SHA-384 to protect up to TOP SECRET.
- 
-Diffie-Hellman (DH) Key Exchange
-Asymmetric algorithm used for key establishment
-IETF RFC 3526 
-Minimum 3072-bit modulus to protect up to TOP SECRET
+          <ATTRIBUTE_DATA>Applications that distribute components of the application must sign the components to provide an identity assurance to consumers of the application component. Components can include application messages or application code.
 
-RSA
-Asymmetric algorithm used for key establishment
-NIST SP 800-56B rev 1
-Minimum 3072-bit modulus to protect up to TOP SECRET
+Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to validate the author of application components. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance the modules have been tested and validated.
 
-RSA 
-Asymmetric algorithm used for digital signatures
-FIPS PUB 186-4
-Minimum 3072 bit-modulus to protect up to TOP SECRET.</ATTRIBUTE_DATA>
+If the application resides on a National Security System (NSS) it must not use algorithms weaker than SHA-384.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -19755,27 +20453,23 @@ Minimum 3072 bit-modulus to protect up to TOP SECRET.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review the application documentation, system security plan and interview the application administrator to determine if the application processes classified data.
+          <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator to identify the cryptographic modules used by the application.
 
-If the application does not process classified data, this requirement is not applicable.
+Review the application components and application requirements. Interview application developers and application admins to determine if code signing is performed on distributable application components, files or packages.  
 
-Identify the data classifications and the cryptographic protections established to protect the application data.
+For example, a developer may sign application code components or an admin may sign application files or packages in order to provide application consumers with integrity assurances.
 
-Verify the application is configured to utilize the appropriate encryption based upon data classification, cryptographic tasks that need to be performed (information protection, hashing, signing) and information protection requirements.
+If signing has been identified in the application security plan as not being required and if a documented acceptance of risk is provided, this is not a finding.
 
-NIST-certified cryptography must be used to store classified non-Sources and Methods Intelligence (SAMI) information if required by the information owner.
+Have the application admin or the developer demonstrate how the signing algorithms are used and how signing of components including files, code and packages is performed.
 
-NSA-validated type-1 encryption must be used for all SAMI data stored in the enclave.
+While SHA1 is currently FIPS-140-2 approved, due to known vulnerabilities with this algorithm, DoD PKI policy prohibits the use of SHA1 as of December 2016.  See DoD CIO Memo Subject: Revised Schedule to Update DoD Public Key Infrastructure Certificates to Secure Hash Algorithm-256. 
 
-If the application is not configured to utilize the NSA-approved cryptographic modules in accordance with data protection requirements specified in the security plan, this is a finding.</ATTRIBUTE_DATA>
+If the application signing process does not use FIPS validated cryptographic modules, or if the signing process includes SHA1 or MD5 hashing algorithms, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Configure application to encrypt stored classified information; Ensure encryption is performed using NIST FIPS 140-2-validated encryption.
-
-Encrypt stored, non-SAMI classified information using NIST FIPS 140-2-validated encryption.
-
-Implement NSA-validated type-1 encryption of all SAMI data stored in the enclave.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Utilize FIPS-validated algorithms when signing application components.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -19815,50 +20509,52 @@ Implement NSA-validated type-1 encryption of all SAMI data stored in the enclave
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>The project expects other layers to provide appropriate data protection via compliant cryptography. It supports interactions with the Data Storage layer via TLS. The project containers are read-only, stateless builds.</FINDING_DETAILS>
-        <COMMENTS/>
+        <STATUS>NotAFinding</STATUS>
+        <FINDING_DETAILS>Container images are signed via Docker Content Trust, which uses SHA256 digests.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
       <VULN>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>V-222570</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>V-222571</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000514</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222570r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222571r879885_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>APSC-DV-002020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>APSC-DV-002030</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The application must utilize FIPS-validated cryptographic modules when signing application components.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Applications that distribute components of the application must sign the components to provide an identity assurance to consumers of the application component. Components can include application messages or application code.
-
-Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to validate the author of application components. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance the modules have been tested and validated.
+          <ATTRIBUTE_DATA>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.
 
-If the application resides on a National Security System (NSS) it must not use algorithms weaker than SHA-384.</ATTRIBUTE_DATA>
+If the application resides on a National Security System (NSS) it must not use a hashing algorithm weaker than SHA-384.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -19866,23 +20562,23 @@ If the application resides on a National Security System (NSS) it must not use a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator to identify the cryptographic modules used by the application.
-
-Review the application components and application requirements. Interview application developers and application admins to determine if code signing is performed on distributable application components, files or packages.  
+          <ATTRIBUTE_DATA>Review the application components and the application requirements to determine if the application is capable of generating cryptographic hashes.
 
-For example, a developer may sign application code components or an admin may sign application files or packages in order to provide application consumers with integrity assurances.
+Review the application documentation and interview the application developer or administrator to identify the cryptographic modules used by the application.
 
-If signing has been identified in the application security plan as not being required and if a documented acceptance of risk is provided, this is not a finding.
+If hashing of application components has been identified in the application security plan as not being required and if a documented acceptance of risk is provided, this is not a finding.
 
-Have the application admin or the developer demonstrate how the signing algorithms are used and how signing of components including files, code and packages is performed.
+Have the application admin or the developer demonstrate how the application generates hashes and what hashing algorithms are used when generating a hash value.
 
 While SHA1 is currently FIPS-140-2 approved, due to known vulnerabilities with this algorithm, DoD PKI policy prohibits the use of SHA1 as of December 2016.  See DoD CIO Memo Subject: Revised Schedule to Update DoD Public Key Infrastructure Certificates to Secure Hash Algorithm-256. 
 
-If the application signing process does not use FIPS validated cryptographic modules, or if the signing process includes SHA1 or MD5 hashing algorithms, this is a finding.</ATTRIBUTE_DATA>
+If the application resides on a National Security System (NSS) and uses an algorithm weaker than SHA-384, this is a finding.
+
+If FIPS-validated cryptographic modules are not used when generating hashes or if the application is configured to use the MD5 or SHA1 hashing algorithm, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Utilize FIPS-validated algorithms when signing application components.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Configure the application to use a FIPS-validated hashing algorithm when creating a cryptographic hash.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -19922,7 +20618,7 @@ If the application signing process does not use FIPS validated cryptographic mod
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19930,123 +20626,22 @@ If the application signing process does not use FIPS validated cryptographic mod
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Container images are signed via Docker Content Trust, which uses SHA256 digests.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
       <VULN>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>V-222571</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>V-222572</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
-          <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SRG-APP-000514</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222571r508029_rule</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>APSC-DV-002030</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes.</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.
-
-If the application resides on a National Security System (NSS) it must not use a hashing algorithm weaker than SHA-384.</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review the application components and the application requirements to determine if the application is capable of generating cryptographic hashes.
-
-Review the application documentation and interview the application developer or administrator to identify the cryptographic modules used by the application.
-
-If hashing of application components has been identified in the application security plan as not being required and if a documented acceptance of risk is provided, this is not a finding.
-
-Have the application admin or the developer demonstrate how the application generates hashes and what hashing algorithms are used when generating a hash value.
-
-While SHA1 is currently FIPS-140-2 approved, due to known vulnerabilities with this algorithm, DoD PKI policy prohibits the use of SHA1 as of December 2016.  See DoD CIO Memo Subject: Revised Schedule to Update DoD Public Key Infrastructure Certificates to Secure Hash Algorithm-256. 
-
-If the application resides on a National Security System (NSS) and uses an algorithm weaker than SHA-384, this is a finding.
-
-If FIPS-validated cryptographic modules are not used when generating hashes or if the application is configured to use the MD5 or SHA1 hashing algorithm, this is a finding.</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Configure the application to use a FIPS-validated hashing algorithm when creating a cryptographic hash.</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>Container images are signed via Docker Content Trust, which uses SHA256 digests.</FINDING_DETAILS>
-        <COMMENTS/>
-        <SEVERITY_OVERRIDE/>
-        <SEVERITY_JUSTIFICATION/>
-      </VULN>
-      <VULN>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>V-222572</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
@@ -20054,7 +20649,7 @@ If FIPS-validated cryptographic modules are not used when generating hashes or i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222572r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222572r879885_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20126,7 +20721,7 @@ If the application is using cryptographic modules that are not FIPS-validated to
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20134,7 +20729,7 @@ If the application is using cryptographic modules that are not FIPS-validated to
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Conformant data protection techniques should be implemented by the Data Storage service, and/or by Ingress configuration of the Container Platform.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20147,13 +20742,17 @@ If the application is using cryptographic modules that are not FIPS-validated to
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000514</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222573r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222573r879885_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20229,7 +20828,7 @@ If the application is using cryptographic modules that are not FIPS-validated wh
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20237,7 +20836,7 @@ If the application is using cryptographic modules that are not FIPS-validated wh
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not use SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20250,13 +20849,17 @@ If the application is using cryptographic modules that are not FIPS-validated wh
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000211</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222574r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222574r879631_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20330,7 +20933,7 @@ If the application user interface and the application management interface are s
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20338,7 +20941,7 @@ If the application user interface and the application management interface are s
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Web application is logically separated from data storage layer.  Authorization for privileged access determined by the OIDC Provider, also logically separated. Web application offers no application configuration functionality in the application itself.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20351,13 +20954,17 @@ If the application user interface and the application management interface are s
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000219</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222575r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222575r879636_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20399,9 +21006,9 @@ Access the application website and establish an application session.
 
 Access the page that sets the session cookie.
 
-Press &#x201C;F12&#x201D; to open Developer Tools.
+Press “F12” to open Developer Tools.
 
-Select &#x22;cache&#x22; and then &#x22;view cookie information&#x22;.
+Select &quot;cache&quot; and then &quot;view cookie information&quot;.
 
 Identify the session cookies. An example of an HTTPOnly session cookie is as follows:
 
@@ -20451,7 +21058,7 @@ If the application does not set the HTTPOnly flag on session cookies or if the a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20459,7 +21066,7 @@ If the application does not set the HTTPOnly flag on session cookies or if the a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20472,13 +21079,17 @@ If the application does not set the HTTPOnly flag on session cookies or if the a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000219</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222576r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222576r879636_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20515,11 +21126,11 @@ To manually perform the check, open a web browser, logon to the web application
 The procedures used for viewing and clearing browser cookies will vary based upon the web browser used.  Providing steps for every browser is outside the scope of the STIG.  There are numerous sites that document how to view cookies using various web browsers.
 
 For IE11:
-Alt-X &#x3E;&#x3E; Internet options &#x3E;&#x3E; General &#x3E;&#x3E; Settings &#x3E;&#x3E; View Files
+Alt-X &gt;&gt; Internet options &gt;&gt; General &gt;&gt; Settings &gt;&gt; View Files
 
 A windows explorer box will open that contains the contents of the Temporary Internet Files.  Browse the folder and locate the application session cookie(s).  View the contents of the cookie(s).
 
-If the &#x22;secure&#x22; flag is not set on the session cookie, or if the vulnerability scan results indicate the application does not set the secure flag on cookies, this is a finding.</ATTRIBUTE_DATA>
+If the &quot;secure&quot; flag is not set on the session cookie, or if the vulnerability scan results indicate the application does not set the secure flag on cookies, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
@@ -20563,7 +21174,7 @@ If the &#x22;secure&#x22; flag is not set on the session cookie, or if the vulne
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20571,7 +21182,7 @@ If the &#x22;secure&#x22; flag is not set on the session cookie, or if the vulne
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20584,13 +21195,17 @@ If the &#x22;secure&#x22; flag is not set on the session cookie, or if the vulne
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000219</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222577r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222577r879636_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20672,7 +21287,7 @@ If the session IDs are unencrypted across network segments, this is a finding.</
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20680,7 +21295,7 @@ If the session IDs are unencrypted across network segments, this is a finding.</
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20693,13 +21308,17 @@ If the session IDs are unencrypted across network segments, this is a finding.</
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000220</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222578r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222578r879637_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20713,7 +21332,7 @@ If the session IDs are unencrypted across network segments, this is a finding.</
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Many web development frameworks such as PHP, .NET, and ASP include their own mechanisms for session management. Whenever possible it is recommended to utilize the provided session management framework.
 
-Session cookies contain application session information that can be used to impersonate the web application user or hijack their application session. Once the user&#x27;s session has terminated, these session IDs must be destroyed and not reused.</ATTRIBUTE_DATA>
+Session cookies contain application session information that can be used to impersonate the web application user or hijack their application session. Once the user&apos;s session has terminated, these session IDs must be destroyed and not reused.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -20725,7 +21344,7 @@ Session cookies contain application session information that can be used to impe
 
 Identify how the application destroys session IDs.
 
-If using a web development framework, ask the application administrator to provide details on the framework&#x27;s session configuration.
+If using a web development framework, ask the application administrator to provide details on the framework&apos;s session configuration.
 
 Review framework configuration setting to determine how the session identifiers are destroyed.
 
@@ -20775,7 +21394,7 @@ If the session IDs and associated cookies are not destroyed on logoff or browser
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20783,7 +21402,7 @@ If the session IDs and associated cookies are not destroyed on logoff or browser
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20796,13 +21415,17 @@ If the session IDs and associated cookies are not destroyed on logoff or browser
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000223</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222579r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222579r879638_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20814,7 +21437,7 @@ If the session IDs and associated cookies are not destroyed on logoff or browser
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Session fixation allows an attacker to hijack a valid user&#x2019;s application session. The attack focuses on the manner in which a web application manages the user&#x2019;s session ID. Applications become vulnerable when they do not assign a new session ID when authenticating users thereby using the existing session ID.
+          <ATTRIBUTE_DATA>Session fixation allows an attacker to hijack a valid user’s application session. The attack focuses on the manner in which a web application manages the user’s session ID. Applications become vulnerable when they do not assign a new session ID when authenticating users thereby using the existing session ID.
 
 Many web development frameworks such as PHP, .NET, and ASP include their own mechanisms for session management. Whenever possible it is recommended to utilize the provided session management framework.
 
@@ -20882,7 +21505,7 @@ If the session testing results indicate application session IDs are re-used afte
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20890,7 +21513,7 @@ If the session testing results indicate application session IDs are re-used afte
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20903,13 +21526,17 @@ If the session testing results indicate application session IDs are re-used afte
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000223</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222580r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222580r879638_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20933,7 +21560,7 @@ If the session testing results indicate application session IDs are re-used afte
 
 Identify how the application validates session IDs.
 
-If using a web development framework, ask the application administrator to provide details on the framework&#x27;s session configuration as it relates to session validation.
+If using a web development framework, ask the application administrator to provide details on the framework&apos;s session configuration as it relates to session validation.
 
 If the application is not configured to validate user session identifiers, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -20979,7 +21606,7 @@ If the application is not configured to validate user session identifiers, this
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20987,7 +21614,7 @@ If the application is not configured to validate user session identifiers, this
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21000,13 +21627,17 @@ If the application is not configured to validate user session identifiers, this
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000223</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222581r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222581r879638_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21034,7 +21665,7 @@ Using cookies to establish session ID information is desired.</ATTRIBUTE_DATA>
 
 Identify how the application generates session IDs.
 
-If using a web development framework, ask the application administrator to provide details on the framework&#x27;s session configuration.
+If using a web development framework, ask the application administrator to provide details on the framework&apos;s session configuration.
 
 Review the framework configuration setting to determine how the session identifiers are created.
 
@@ -21084,7 +21715,7 @@ If the framework or the application is configured to transmit cookies within the
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21092,7 +21723,7 @@ If the framework or the application is configured to transmit cookies within the
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21105,13 +21736,17 @@ If the framework or the application is configured to transmit cookies within the
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000223</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222582r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222582r879638_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21125,7 +21760,7 @@ If the framework or the application is configured to transmit cookies within the
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Many web development frameworks such as PHP, .NET, and ASP include their own mechanisms for session management. Whenever possible it is recommended to utilize the provided session management framework.
 
-Session identifiers are assigned to application users so they can be uniquely identified. This allows the user to customize their web application experience and also allows the developer to differentiate between users thereby providing the opportunity to customize the user&#x2019;s features and functions.
+Session identifiers are assigned to application users so they can be uniquely identified. This allows the user to customize their web application experience and also allows the developer to differentiate between users thereby providing the opportunity to customize the user’s features and functions.
 
 Once a user has logged out of the application or had their session terminated, their session IDs should not be re-used. Session IDs should also not be used for other purposes such as creating unique file names and they should also not be re-assigned to other users once the original user has logged out or otherwise quit the application.
 
@@ -21193,7 +21828,7 @@ If the session testing results indicate application session IDs are re-used afte
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21201,7 +21836,7 @@ If the session testing results indicate application session IDs are re-used afte
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21214,13 +21849,17 @@ If the session testing results indicate application session IDs are re-used afte
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000224</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222583r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222583r879639_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21300,7 +21939,7 @@ If the application does not use FIPS 140-2-approved encryption algorithms, this
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21308,7 +21947,7 @@ If the application does not use FIPS 140-2-approved encryption algorithms, this
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application expects OAuth2 tokens to be signed by the OIDC Provider using FIP-140-2 validated algorithms .</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21321,13 +21960,17 @@ If the application does not use FIPS 140-2-approved encryption algorithms, this
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000427</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222584r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222584r879798_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21357,15 +22000,15 @@ This requirement applies to applications that utilize communications sessions. T
 
 Internet Explorer can be used to view certificate information:
 
-Select &#x201C;Tools&#x201D;
-Select &#x201C;Internet Options&#x201D;
-Select &#x201C;Content&#x201D; tab
-Select &#x201C;Certificates&#x201D;
+Select “Tools”
+Select “Internet Options”
+Select “Content” tab
+Select “Certificates”
 Select the certificate used for authentication:
 
-Click &#x201C;View&#x201D;
-Select &#x201C;Details&#x201D; tab
-Select &#x201C;Issuer&#x201D;
+Click “View”
+Select “Details” tab
+Select “Issuer”
 
 If the application utilizes PKI certificates other than DoD-approved PKI and ECA certificates, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -21411,7 +22054,7 @@ If the application utilizes PKI certificates other than DoD-approved PKI and ECA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21419,7 +22062,7 @@ If the application utilizes PKI certificates other than DoD-approved PKI and ECA
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects DoD-approved CAs to be referenced by the OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21432,13 +22075,17 @@ If the application utilizes PKI certificates other than DoD-approved PKI and ECA
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000225</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222585r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222585r879640_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21532,7 +22179,7 @@ If the application fails in such a way that the application security controls ar
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21540,7 +22187,7 @@ If the application fails in such a way that the application security controls ar
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects fail-safe procedures to be implemented by the Container Platform (i.e, k8s).  The web application is provided as a stateless container that caches no data and will not respond with data to requests when components are inoperable or inaccessible.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21553,13 +22200,17 @@ If the application fails in such a way that the application security controls ar
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000226</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222586r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222586r879641_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21631,7 +22282,7 @@ If the application does not log the data required to determine root cause of app
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21639,7 +22290,7 @@ If the application does not log the data required to determine root cause of app
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects fail-safe procedures to be implemented by the Container Platform (i.e, k8s).  The web application is provided as a stateless container that caches no data and will not respond with data to requests when components are inoperable or inaccessible.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21652,13 +22303,17 @@ If the application does not log the data required to determine root cause of app
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000231</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222587r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222587r879642_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21742,7 +22397,7 @@ If the application processes classified data or if the data owner has specified
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21750,7 +22405,7 @@ If the application processes classified data or if the data owner has specified
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects conformant data storage procedures to be implemented by the Data Storage layer.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21763,13 +22418,17 @@ If the application processes classified data or if the data owner has specified
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000428</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222588r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222588r879799_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21781,7 +22440,7 @@ If the application processes classified data or if the data owner has specified
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Applications handling data requiring &#x22;data at rest&#x22; protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
+          <ATTRIBUTE_DATA>Applications handling data requiring &quot;data at rest&quot; protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
 
 Selection of a cryptographic mechanism is based on the need to protect the integrity of organizational information. The strength of the mechanism is commensurate with the security category and/or classification of the information. Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields).</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -21853,7 +22512,7 @@ Encrypt data according to DoD policy or data owner requirements.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21861,7 +22520,7 @@ Encrypt data according to DoD policy or data owner requirements.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects conformant data storage procedures to be implemented by the Data Storage layer.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21874,13 +22533,17 @@ Encrypt data according to DoD policy or data owner requirements.</ATTRIBUTE_DATA
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000429</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222589r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222589r879800_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21892,7 +22555,7 @@ Encrypt data according to DoD policy or data owner requirements.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Applications handling data requiring &#x22;data at rest&#x22; protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
+          <ATTRIBUTE_DATA>Applications handling data requiring &quot;data at rest&quot; protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
 
 Selection of a cryptographic mechanism is based on the need to protect the confidentiality of organizational information. The strength of mechanism is commensurate with the security category and/or classification of the information. Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields).
 
@@ -21966,7 +22629,7 @@ Encrypt classified data using Type 1, Suite B, or other NSA-approved encryption
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21974,7 +22637,7 @@ Encrypt classified data using Type 1, Suite B, or other NSA-approved encryption
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects conformant data storage procedures to be implemented by the Data Storage layer.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21987,13 +22650,17 @@ Encrypt classified data using Type 1, Suite B, or other NSA-approved encryption
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000233</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222590r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222590r879643_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22069,7 +22736,7 @@ If the application does not protect security functions that enforce security pol
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22077,7 +22744,7 @@ If the application does not protect security functions that enforce security pol
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The project RBAC is described in the documentation.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22090,13 +22757,17 @@ If the application does not protect security functions that enforce security pol
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000431</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222591r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222591r879802_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22168,7 +22839,7 @@ If the application does not maintain a separate execution domain for each execut
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22176,7 +22847,7 @@ If the application does not maintain a separate execution domain for each execut
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The project should be deployed as an immutable, stateless container that runs in a single, isolated execution domain.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22189,13 +22860,17 @@ If the application does not maintain a separate execution domain for each execut
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000243</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222592r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222592r879649_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22269,7 +22944,7 @@ If the application does not prevent unauthorized and unintended information tran
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22277,7 +22952,7 @@ If the application does not prevent unauthorized and unintended information tran
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The project should be deployed as an immutable, stateless container that is isolated from other host processes (i.e, k8s)</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22290,13 +22965,17 @@ If the application does not prevent unauthorized and unintended information tran
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000435</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222593r561254_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222593r879806_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22388,15 +23067,15 @@ If the application administrator cannot demonstrate how these protections are im
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002385</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The project uses the library &#x27;fast-xml-parser&#x27; a maintained library whose development pipeline tests itself against XML based attacks.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The project uses the library &apos;fast-xml-parser&apos; a maintained library whose development pipeline tests itself against XML based attacks.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22409,13 +23088,17 @@ If the application administrator cannot demonstrate how these protections are im
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000246</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222594r561257_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222594r879650_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22499,7 +23182,7 @@ If the test results indicate the application is susceptible to DoS attacks or ca
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22507,7 +23190,7 @@ If the test results indicate the application is susceptible to DoS attacks or ca
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that resists DoS attacks.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22520,13 +23203,17 @@ If the test results indicate the application is susceptible to DoS attacks or ca
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000247</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222595r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222595r879651_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22610,7 +23297,7 @@ If the application has been designated as high availability but the architecture
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22618,7 +23305,7 @@ If the application has been designated as high availability but the architecture
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that provides high-availability services.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22631,13 +23318,17 @@ If the application has been designated as high availability but the architecture
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000439</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222596r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222596r879810_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22653,7 +23344,7 @@ If the application has been designated as high availability but the architecture
 
 This requirement applies  to those applications that transmit data, or allow access to data non-locally. Application and data owners have a responsibility for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process. 
 
-Application and data owners need to identify the data that requires cryptographic protection. If no data protection requirements are defined as to what specific data must be encrypted and what data is non-sensitive and doesn&#x27;t require encryption, all data must be encrypted.
+Application and data owners need to identify the data that requires cryptographic protection. If no data protection requirements are defined as to what specific data must be encrypted and what data is non-sensitive and doesn&apos;t require encryption, all data must be encrypted.
  
 When transmitting data, applications need to leverage transmission protection mechanisms, such as TLS, SSL VPNs, or IPSEC.
 
@@ -22721,7 +23412,7 @@ If the application does not utilize TLS, IPsec or other approved encryption mech
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22729,7 +23420,7 @@ If the application does not utilize TLS, IPsec or other approved encryption mech
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that protects the confidentiality and integrity of transmitted information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22742,13 +23433,17 @@ If the application does not utilize TLS, IPsec or other approved encryption mech
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000440</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222597r561260_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222597r879811_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22764,7 +23459,7 @@ If the application does not utilize TLS, IPsec or other approved encryption mech
 
 All transmitted information means that the protections are not restricted to just the data itself. Protection mechanisms must be extended to include data labels, security parameters, or metadata if data protection requirements specify.
 
-Modern web application data transfer methods can be complex and are not necessarily just point-to-point in nature. Service-Oriented Architecture (SOA) and RESTFUL web services allow for XML-based application data to be transmitted in a manner similar to network traffic wherein the application data is transmitted along multiple servers&#x27; hops.
+Modern web application data transfer methods can be complex and are not necessarily just point-to-point in nature. Service-Oriented Architecture (SOA) and RESTFUL web services allow for XML-based application data to be transmitted in a manner similar to network traffic wherein the application data is transmitted along multiple servers&apos; hops.
 
 In such cases, point-to-point protection methods like TLS or SSL may not be the best choice for ensuring data integrity and alternative data integrity protection methods like XML Integrity Signature protections where the XML payload itself is signed may be required as part of the application design.
 
@@ -22830,7 +23525,7 @@ If the application is not configured to provide cryptographic protections to app
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22838,7 +23533,7 @@ If the application is not configured to provide cryptographic protections to app
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that protects the confidentiality and integrity of transmitted information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22851,13 +23546,17 @@ If the application is not configured to provide cryptographic protections to app
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000441</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222598r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222598r879812_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22869,7 +23568,7 @@ If the application is not configured to provide cryptographic protections to app
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Data is subject to manipulation and other integrity related attacks whenever that data is transferred across a network. To protect data integrity during transmission, the application must implement mechanisms to ensure the integrity of all transmitted information. All transmitted information means that the protections are not restricted to just the data itself. Protection mechanisms must be extended to include data labels, security parameters or metadata if data protection requirements specify. Modern web application data transfer methods can be complex and are not necessarily just point-to-point in nature. Service-Oriented Architecture (SOA) and RESTFUL web services allow for XML-based application data to be transmitted in a manner similar to network traffic wherein the application data is transmitted along multiple servers&#x27; hops. In such cases, point-to-point protection methods like TLS or SSL may not be the best choice for ensuring data integrity and alternative data integrity protection methods like XML Integrity Signature protections where the XML payload itself is signed may be required as part of the application design. Overall application design and architecture must always be taken into account when establishing data integrity protection mechanisms. Custom-developed solutions that provide a file transfer capability should implement data integrity checks for incoming and outgoing files. Transmitted information requires mechanisms to ensure the data integrity (e.g., digital signatures, SSL, TLS, or cryptographic hashing).</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Data is subject to manipulation and other integrity related attacks whenever that data is transferred across a network. To protect data integrity during transmission, the application must implement mechanisms to ensure the integrity of all transmitted information. All transmitted information means that the protections are not restricted to just the data itself. Protection mechanisms must be extended to include data labels, security parameters or metadata if data protection requirements specify. Modern web application data transfer methods can be complex and are not necessarily just point-to-point in nature. Service-Oriented Architecture (SOA) and RESTFUL web services allow for XML-based application data to be transmitted in a manner similar to network traffic wherein the application data is transmitted along multiple servers&apos; hops. In such cases, point-to-point protection methods like TLS or SSL may not be the best choice for ensuring data integrity and alternative data integrity protection methods like XML Integrity Signature protections where the XML payload itself is signed may be required as part of the application design. Overall application design and architecture must always be taken into account when establishing data integrity protection mechanisms. Custom-developed solutions that provide a file transfer capability should implement data integrity checks for incoming and outgoing files. Transmitted information requires mechanisms to ensure the data integrity (e.g., digital signatures, SSL, TLS, or cryptographic hashing).</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -22931,7 +23630,7 @@ If the application does not utilize TLS to protect the confidentiality and integ
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22939,7 +23638,7 @@ If the application does not utilize TLS to protect the confidentiality and integ
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that protects the confidentiality and integrity of transmitted information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22952,13 +23651,17 @@ If the application does not utilize TLS to protect the confidentiality and integ
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000442</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222599r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222599r879813_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22970,7 +23673,7 @@ If the application does not utilize TLS to protect the confidentiality and integ
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Data is subject to manipulation and other integrity related attacks whenever that data is transferred across a network. To protect data integrity during transmission, the application must implement mechanisms to ensure the integrity of all transmitted information. All transmitted information means that the protections are not restricted to just the data itself. Protection mechanisms must be extended to include data labels, security parameters or metadata if data protection requirements specify. Modern web application data transfer methods can be complex and are not necessarily just point-to-point in nature. Service-Oriented Architecture (SOA) and RESTFUL web services allow for XML-based application data to be transmitted in a manner similar to network traffic wherein the application data is transmitted along multiple servers&#x27; hops. In such cases, point-to-point protection methods like TLS or SSL may not be the best choice for ensuring data integrity and alternative data integrity protection methods like XML Integrity Signature protections where the XML payload itself is signed may be required as part of the application design. Overall application design and architecture must always be taken into account when establishing data integrity protection mechanisms. Custom-developed solutions that provide a file transfer capability should implement data integrity checks for incoming and outgoing files. Transmitted information requires mechanisms to ensure the data integrity (e.g., digital signatures, SSL, TLS, or cryptographic hashing).</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Data is subject to manipulation and other integrity related attacks whenever that data is transferred across a network. To protect data integrity during transmission, the application must implement mechanisms to ensure the integrity of all transmitted information. All transmitted information means that the protections are not restricted to just the data itself. Protection mechanisms must be extended to include data labels, security parameters or metadata if data protection requirements specify. Modern web application data transfer methods can be complex and are not necessarily just point-to-point in nature. Service-Oriented Architecture (SOA) and RESTFUL web services allow for XML-based application data to be transmitted in a manner similar to network traffic wherein the application data is transmitted along multiple servers&apos; hops. In such cases, point-to-point protection methods like TLS or SSL may not be the best choice for ensuring data integrity and alternative data integrity protection methods like XML Integrity Signature protections where the XML payload itself is signed may be required as part of the application design. Overall application design and architecture must always be taken into account when establishing data integrity protection mechanisms. Custom-developed solutions that provide a file transfer capability should implement data integrity checks for incoming and outgoing files. Transmitted information requires mechanisms to ensure the data integrity (e.g., digital signatures, SSL, TLS, or cryptographic hashing).</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -23032,7 +23735,7 @@ If the application does not utilize TLS to protect the confidentiality and integ
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23040,7 +23743,7 @@ If the application does not utilize TLS to protect the confidentiality and integ
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that protects the confidentiality and integrity of transmitted information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23053,13 +23756,17 @@ If the application does not utilize TLS to protect the confidentiality and integ
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000441</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222600r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222600r879812_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23137,7 +23844,7 @@ If the application displays any application technical data such as database vers
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23145,7 +23852,7 @@ If the application displays any application technical data such as database vers
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Error messages addressed by Issue #483</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23158,13 +23865,17 @@ If the application displays any application technical data such as database vers
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000441</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222601r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222601r879812_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23180,7 +23891,7 @@ If the application displays any application technical data such as database vers
 
 However, hidden fields are not secure and can be easily manipulated by users.  Information requiring confidentiality or integrity protections must not be placed in a hidden field.   If data that is sensitive must be stored in a hidden field, it must be encrypted.
 
-Furthermore, hidden fields used to control access decisions can lead to a complete compromise of access control mechanisms allowing immediate compromise of the user&#x27;s application session.</ATTRIBUTE_DATA>
+Furthermore, hidden fields used to control access decisions can lead to a complete compromise of access control mechanisms allowing immediate compromise of the user&apos;s application session.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -23240,7 +23951,7 @@ Encrypt sensitive information stored in hidden fields using DoD-approved encrypt
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23249,7 +23960,7 @@ Encrypt sensitive information stored in hidden fields using DoD-approved encrypt
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>No sensitive authentication or session data is stored in hidden fields. 
 SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23262,13 +23973,17 @@ SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222602r561263_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222602r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23282,11 +23997,11 @@ SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabi
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>XSS attacks are essentially code injection attacks against the various language interpreters contained within the browser. XSS can be executed via HTML, JavaScript, VBScript, ActiveX; essentially any scripting language a browser is capable of processing.
 
-XSS vulnerabilities are created when a website does not properly sanitize, escape, or encode user input. For example, &#x22;&#x26;lt;&#x22; is the HTML encoding for the &#x22;&#x3C;&#x22; character. If the encoding is performed, the script code will not execute.
+XSS vulnerabilities are created when a website does not properly sanitize, escape, or encode user input. For example, &quot;&lt;&quot; is the HTML encoding for the &quot;&lt;&quot; character. If the encoding is performed, the script code will not execute.
 
 There are 3 parties involved in an XSS attack, the attacker, the trusted and vulnerable website, and the victim. An attacker will take advantage of a vulnerable website that does not properly validate user input by inserting malicious code into any data entry field.
 
-When the victim visits the trusted website and clicks on the malicious link left by the attacker, the attacker&#x2019;s script is executed in the victims browser with the trust permissions assigned to the site.
+When the victim visits the trusted website and clicks on the malicious link left by the attacker, the attacker’s script is executed in the victims browser with the trust permissions assigned to the site.
 
 There are several different types of XSS attack and the complete details regarding XSS cannot be described completely here.
 
@@ -23305,7 +24020,7 @@ The site is available by pointing your browser to https://www.owasp.org.</ATTRIB
           <ATTRIBUTE_DATA>Review the application documentation and the vulnerability assessment scan results from automated vulnerability assessment tools.
 
 Verify scan configuration settings include web-based applications settings which include XSS tests.
- 
+
 Review scan results for XSS vulnerabilities.
 
 If the scan results indicate aspects of the application are vulnerable to XSS, request subsequent scan data that shows the XSS vulnerabilities previously detected have been fixed.
@@ -23318,8 +24033,8 @@ Navigate through the web application as a regular user and identify any data ent
 
 Input the following strings:
 
-&#x3C;script&#x3E;alert(&#x27;hello&#x27;)&#x3C;/script&#x3E;
-&#x3C;img src=x onerror=&#x22;alert(document.cookie);&#x22;
+&lt;script&gt;alert(&apos;hello&apos;)&lt;/script&gt;
+&lt;img src=x onerror=&quot;alert(document.cookie);&quot;
 
 If the script pop up box is displayed, or if scan reports show unremediated XSS results and no mitigating steps have been taken, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -23367,15 +24082,15 @@ Develop your application using a web template system or a web application develo
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001310</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>SonarCloud scans, OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23388,13 +24103,17 @@ Develop your application using a web template system or a web application develo
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222603r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222603r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23408,7 +24127,7 @@ Develop your application using a web template system or a web application develo
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Cross-Site Request Forgery (CSRF) is an attack where a website user is forced to execute an unwanted action on a website that he or she is currently authenticated to. An attacker, through social engineering (e.g., e-mail or chat) creates a hyperlink which executes unwanted actions on the website the victim is authenticated to and sends it to the victim. If the victim clicks on the link, the action is executed unbeknownst to the victim.
 
-A CSRF attack executes a website request on behalf of the user which can lead to a compromise of the user&#x2019;s data. What is needed to be successful is for the attacker to know the URL, an authenticated application user, and trick the user into clicking the malicious link.
+A CSRF attack executes a website request on behalf of the user which can lead to a compromise of the user’s data. What is needed to be successful is for the attacker to know the URL, an authenticated application user, and trick the user into clicking the malicious link.
 
 While XSS is not needed for a CSRF attack to work, XSS vulnerabilities can provide the attacker with a vector to obtain information from the user that may be used in mitigating the risk. The application must not be vulnerable to XSS as an XSS attack can be used to help defeat token, double-submit cookie, referrer and origin-based CSRF defenses.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -23476,7 +24195,7 @@ If application scan results show an unremediated CSRF vulnerability, or if no sc
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23484,7 +24203,7 @@ If application scan results show an unremediated CSRF vulnerability, or if no sc
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23497,13 +24216,17 @@ If application scan results show an unremediated CSRF vulnerability, or if no sc
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222604r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222604r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23527,13 +24250,13 @@ http://sitename/cgi-bin/userData.pl?doc=user1.txt
 Example URL modified: 
 http://sitename/cgi-bin/userData.pl?doc=/bin/ls|
 
-The result is the execution of the command &#x201C;/bin/ls&#x201D; which could allow the attacker to list contents of the directory via the browser.
+The result is the execution of the command “/bin/ls” which could allow the attacker to list contents of the directory via the browser.
 
 The following is a list of functions vulnerable to command injection sorted according to language.  
 
 Language Functions/Characters
 - C/C++  - system(), popen(), execlp(), execvp(), ShellExecute(), ShellExecuteEx(), _wsystem()
-- Perl - system, exec, &#x60;,open, |, eval, /e
+- Perl - system, exec, `,open, |, eval, /e
 - Python - exec, eval, os.system, os.popen, execfile, input, compile
 - Java - Class.forName(), Class.newInstance(), Runtime.exec()</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -23601,7 +24324,7 @@ If testing results are not provided demonstrating the vulnerability does not exi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23609,7 +24332,7 @@ If testing results are not provided demonstrating the vulnerability does not exi
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23622,13 +24345,17 @@ If testing results are not provided demonstrating the vulnerability does not exi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222605r561266_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222605r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23666,21 +24393,21 @@ Review web server and application configuration.
 
 The OWASP website provides the following test procedures:
 
-&#x22;Investigate the web application to determine if it asserts an internal code page, locale, or culture.
+&quot;Investigate the web application to determine if it asserts an internal code page, locale, or culture.
 
 If the default character set, locale is not asserted it will be one of the following:
 
-    HTTP Posts. Interesting tidbit: All HTTP posts are required to be ISO 8859-1, which will lose data for most double byte character sets. You must test your application with your supported browsers to determine if they pass in fully encoded double byte characters safely
+HTTP Posts. Interesting tidbit: All HTTP posts are required to be ISO 8859-1, which will lose data for most double byte character sets. You must test your application with your supported browsers to determine if they pass in fully encoded double byte characters safely
 
-    HTTP Gets. Depends on the previously rendered page and per-browser implementations, but URL encoding is not properly defined for double byte character sets. IE can be optionally forced to do all submits as UTF-8 which is then properly canonicalized on the server
+HTTP Gets. Depends on the previously rendered page and per-browser implementations, but URL encoding is not properly defined for double byte character sets. IE can be optionally forced to do all submits as UTF-8 which is then properly canonicalized on the server
 
-    .NET: Unicode (little endian)
+.NET: Unicode (little endian)
 
-    JSP implementations, such as Tomcat: UTF8 - see &#x201C;javaEncoding&#x201D; in web.xml by many servlet containers
+JSP implementations, such as Tomcat: UTF8 - see “javaEncoding” in web.xml by many servlet containers
 
-    Java: Unicode (UTF-16, big endian, or depends on the OS during JVM startup)
+Java: Unicode (UTF-16, big endian, or depends on the OS during JVM startup)
 
-    PHP: Set in php.ini, ISO 8859-1&#x201D;
+PHP: Set in php.ini, ISO 8859-1”
 
 If the results are not provided or the application representative cannot demonstrate that the application does not use Unicode encoding, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -23728,15 +24455,15 @@ Security checks should be carried out after decoding is completed. Moreover, it
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001310</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>SonarCloud scans, OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23749,13 +24476,17 @@ Security checks should be carried out after decoding is completed. Moreover, it
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222606r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222606r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23847,7 +24578,7 @@ If test results include input validation errors, or if no test results exist, th
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23855,7 +24586,7 @@ If test results include input validation errors, or if no test results exist, th
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>API input is validated against the OAS definition. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23868,13 +24599,17 @@ If test results include input validation errors, or if no test results exist, th
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222607r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222607r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23968,7 +24703,7 @@ If the application is vulnerable to SQL injection attack, contains SQL injection
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23976,7 +24711,7 @@ If the application is vulnerable to SQL injection attack, contains SQL injection
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>All SQL queries that process user input are parameterized. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23989,13 +24724,17 @@ If the application is vulnerable to SQL injection attack, contains SQL injection
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222608r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222608r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24085,7 +24824,7 @@ Patch the application components when vulnerabilities are discovered.</ATTRIBUTE
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24093,7 +24832,7 @@ Patch the application components when vulnerabilities are discovered.</ATTRIBUTE
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>SonarCloud scans are run regularly to identify XML vulnerabilities. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24106,13 +24845,17 @@ Patch the application components when vulnerabilities are discovered.</ATTRIBUTE
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000447</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222609r561269_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222609r879818_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24220,7 +24963,7 @@ Remediate identified vulnerabilities and obtain documented risk acceptance for t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24228,7 +24971,7 @@ Remediate identified vulnerabilities and obtain documented risk acceptance for t
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>All user input is validated on both the client and the server. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24241,13 +24984,17 @@ Remediate identified vulnerabilities and obtain documented risk acceptance for t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000266</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222610r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222610r879655_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24259,7 +25006,7 @@ Remediate identified vulnerabilities and obtain documented risk acceptance for t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization&#x27;s operational state or can identify application components. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+          <ATTRIBUTE_DATA>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization&apos;s operational state or can identify application components. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
 The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
 
@@ -24325,7 +25072,7 @@ Use generic error messages.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24333,7 +25080,7 @@ Use generic error messages.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Error messages addressed by Issue #483</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24346,13 +25093,17 @@ Use generic error messages.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000267</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222611r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222611r879656_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24364,7 +25115,7 @@ Use generic error messages.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization&#x27;s operational state or can identify application components. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+          <ATTRIBUTE_DATA>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization&apos;s operational state or can identify application components. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
 The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
 
@@ -24434,7 +25185,7 @@ Use generic error messages for non-privileged users.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24442,7 +25193,7 @@ Use generic error messages for non-privileged users.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Error messages addressed by Issue #483</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24455,13 +25206,17 @@ Use generic error messages for non-privileged users.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000450</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222612r561272_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222612r879821_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24495,7 +25250,7 @@ A code review, static code analysis or active vulnerability or fuzz testing are
 
 Interview the application admin and identify the most recent code testing and analysis that has been conducted.
 
-Review the test results; verify configuration of analysis tools are set to check for the existence of overflows.  This includes but is not limited to buffer overflows, stack overflows, heap overflows, integer overflows and format string overflows.
+Review the test results; verify configuration of analysis tools are set to check for the existence of overflows. This includes but is not limited to buffer overflows, stack overflows, heap overflows, integer overflows and format string overflows.
 
 If overflows are identified in the test results, verify the latest test results are being used, if not, ensure remediation has been completed.
 
@@ -24551,15 +25306,15 @@ Patch applications when overflows are identified in vendor products.</ATTRIBUTE_
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002824</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>SonarCloud scans, OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24572,13 +25327,17 @@ Patch applications when overflows are identified in vendor products.</ATTRIBUTE_
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000454</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222613r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222613r879825_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24648,7 +25407,7 @@ If old versions of the application or components are still installed on the syst
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24656,7 +25415,7 @@ If old versions of the application or components are still installed on the syst
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Dependabot services provided by GitHub to identify vulnerable software components. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24669,13 +25428,17 @@ If old versions of the application or components are still installed on the syst
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000456</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222614r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222614r879827_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24693,7 +25456,7 @@ Organization-defined time periods for updating security-relevant software may va
 
 This requirement will apply to software patch management solutions that are used to install patches across the enclave and also to applications themselves that are not part of that patch management solution. For example, many browsers today provide the capability to install their own patch software. Patch criticality, as well as system criticality will vary. Therefore, the tactical situations regarding the patch management process will also vary. This means that the time period utilized must be a configurable parameter. Time frames for application of security-relevant software updates may be dependent upon the Information Assurance Vulnerability Management (IAVM) process.
 
-The application, or the patch management solution that is configured to patch the application, must be configured to check for and install security-relevant software updates and patches at least weekly. Patches must be applied immediately or in accordance with POA&#x26;Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources.</ATTRIBUTE_DATA>
+The application, or the patch management solution that is configured to patch the application, must be configured to check for and install security-relevant software updates and patches at least weekly. Patches must be applied immediately or in accordance with POA&amp;Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -24707,11 +25470,11 @@ Interview the application administrator and inquire about patching process.
 
 Review IAVMs and CTOs to determine if the application is being updated in accordance with authoritative sources.
 
-If application updates are not checked on at least on a weekly basis and applied immediately or in accordance with POA&#x26;Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources, this is a finding.</ATTRIBUTE_DATA>
+If application updates are not checked on at least on a weekly basis and applied immediately or in accordance with POA&amp;Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Check for application updates at least weekly and apply patches immediately or in accordance with POA&#x26;Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Check for application updates at least weekly and apply patches immediately or in accordance with POA&amp;Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -24751,7 +25514,7 @@ If application updates are not checked on at least on a weekly basis and applied
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24759,7 +25522,7 @@ If application updates are not checked on at least on a weekly basis and applied
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Dependabot services provided by GitHub to identify vulnerable software components. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24772,13 +25535,17 @@ If application updates are not checked on at least on a weekly basis and applied
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000472</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222615r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222615r879843_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24854,7 +25621,7 @@ If the application is designed to perform security function testing and does not
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24862,7 +25629,7 @@ If the application is designed to perform security function testing and does not
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The application is not designed or intended to perform security function testing.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24875,13 +25642,17 @@ If the application is designed to perform security function testing and does not
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000473</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222616r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222616r879844_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24959,7 +25730,7 @@ If the application is designed to perform security function testing and does not
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24967,7 +25738,7 @@ If the application is designed to perform security function testing and does not
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The application is not designed or intended to perform security function testing.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24980,13 +25751,17 @@ If the application is designed to perform security function testing and does not
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000275</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222617r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222617r879661_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25068,7 +25843,7 @@ If the application is designed to perform security function testing and does not
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -25076,7 +25851,7 @@ If the application is designed to perform security function testing and does not
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The application is not designed or intended to perform security function testing.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25089,13 +25864,17 @@ If the application is designed to perform security function testing and does not
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000206</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222618r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222618r879627_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25127,13 +25906,13 @@ When JavaScript and VBScript execute within the browser they are Category 3, how
 
 If the application does not contain mobile code, or if the mobile code executes within the client browser, this is not applicable.
 
-The URL of the application must be added to the Trusted Sites zone. This is accomplished via the Tools, Internet Options, and &#x201C;Security&#x201D; Tab.
+The URL of the application must be added to the Trusted Sites zone. This is accomplished via the Tools, Internet Options, and “Security” Tab.
 
-Select the &#x201C;Trusted Sites&#x201D; zone.
-Click the &#x201C;sites&#x201D; button.
-Enter the URL into the text box below the &#x201C;Add this site to this zone&#x201D; message.
-Click &#x22;Add&#x201D;.
-Click &#x201C;OK&#x201D;.
+Select the “Trusted Sites” zone.
+Click the “sites” button.
+Enter the URL into the text box below the “Add this site to this zone” message.
+Click &quot;Add”.
+Click “OK”.
 
 Note: This requires administrator privileges to add URL to sites on a STIG compliant workstation.
 
@@ -25185,7 +25964,7 @@ If the code has not been signed or the application warns that a control cannot b
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -25193,7 +25972,7 @@ If the code has not been signed or the application warns that a control cannot b
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>No Category 1A present in the application. The SPA mobile code executes within the client browser.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25206,13 +25985,17 @@ If the code has not been signed or the application warns that a control cannot b
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222619r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222619r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25280,11 +26063,7 @@ If a documented account management process does not exist or unauthorized users
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -25292,7 +26071,7 @@ If a documented account management process does not exist or unauthorized users
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account management services are provided by the external OpenID Connect (OIDC) Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25305,13 +26084,17 @@ If a documented account management process does not exist or unauthorized users
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222620r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222620r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25412,11 +26195,7 @@ If the application is tiered and the network infrastructure hosting the applicat
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -25424,7 +26203,7 @@ If the application is tiered and the network infrastructure hosting the applicat
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Determined by deployment configuration.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25437,13 +26216,17 @@ If the application is tiered and the network infrastructure hosting the applicat
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222621r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222621r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25509,19 +26292,15 @@ If audit logs have not been retained for one year or five years for SAMI data, t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000167</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25534,13 +26313,17 @@ If audit logs have not been retained for one year or five years for SAMI data, t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222622r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222622r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25608,19 +26391,15 @@ Maintain a log or records of dates and times audit logs are reviewed.</ATTRIBUTE
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001872</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Dependent on organizational compliance.  Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Dependent on organizational compliance.  Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25633,13 +26412,17 @@ Maintain a log or records of dates and times audit logs are reviewed.</ATTRIBUTE
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222623r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222623r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25705,19 +26488,15 @@ If there is no policy for reporting IA violations, this is a finding.</ATTRIBUTE
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000149</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25730,13 +26509,17 @@ If there is no policy for reporting IA violations, this is a finding.</ATTRIBUTE
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222624r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222624r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25748,7 +26531,7 @@ If there is no policy for reporting IA violations, this is a finding.</ATTRIBUTE
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Use of automated scanning tools accompanied with manual testing/validation which confirms or expands on the automated test results is an accepted best practice when performing application security testing. Automated scanning tools expedite and help to standardize security testing, they can incorporate known attack methods and procedures, test for libraries and other software modules known to be vulnerable to attack and utilize a test method known as &#x22;fuzz testing&#x22;. Fuzz testing is a testing process where the application is provided invalid, unexpected, or random data. Poorly designed and coded applications will become unstable or crash. Properly designed and coded applications will reject improper and unexpected data input from application clients and remain stable.
+          <ATTRIBUTE_DATA>Use of automated scanning tools accompanied with manual testing/validation which confirms or expands on the automated test results is an accepted best practice when performing application security testing. Automated scanning tools expedite and help to standardize security testing, they can incorporate known attack methods and procedures, test for libraries and other software modules known to be vulnerable to attack and utilize a test method known as &quot;fuzz testing&quot;. Fuzz testing is a testing process where the application is provided invalid, unexpected, or random data. Poorly designed and coded applications will become unstable or crash. Properly designed and coded applications will reject improper and unexpected data input from application clients and remain stable.
 
 Many vulnerability scanning tools provide automated fuzz testing capabilities for the testing of web applications. All of these tools help to identify a wide range of application vulnerabilities including, but not limited to; buffer overflows, cross-site scripting flaws, denial of service format bugs and SQL injection, all of which can lead to a successful compromise of the system or result in a denial of service.
 
@@ -25830,19 +26613,15 @@ Address discovered vulnerabilities.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000256</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25855,13 +26634,17 @@ Address discovered vulnerabilities.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222625r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222625r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25943,7 +26726,7 @@ If deadlock issues are not being addressed via documented web service configurat
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -25955,7 +26738,7 @@ If deadlock issues are not being addressed via documented web service configurat
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>By design, the application web service is not subject to deadlocking as it does not call the client.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25968,13 +26751,17 @@ If deadlock issues are not being addressed via documented web service configurat
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222626r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222626r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26048,19 +26835,15 @@ If the application user data is located in the same directory as the application
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000345</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application is provided as a stateless container.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26073,13 +26856,17 @@ If the application user data is located in the same directory as the application
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222627r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222627r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26160,19 +26947,15 @@ or vendor literature and lock down guides, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000363</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.  Deployment and security guidance available in project documentation.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26185,13 +26968,17 @@ or vendor literature and lock down guides, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222628r561275_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222628r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26277,11 +27064,7 @@ Verify that all ports, protocols, and services are used in accordance with the D
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -26289,7 +27072,7 @@ Verify that all ports, protocols, and services are used in accordance with the D
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26303,12 +27086,16 @@ Verify that all ports, protocols, and services are used in accordance with the D
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
-          <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222629r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222629r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26374,11 +27161,7 @@ If the application requires registration, and is not registered or all ports use
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -26386,7 +27169,7 @@ If the application requires registration, and is not registered or all ports use
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26399,13 +27182,17 @@ If the application requires registration, and is not registered or all ports use
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222630r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222630r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26483,11 +27270,7 @@ If CM repository is not at the latest security patch level and is not operating
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -26495,7 +27278,7 @@ If CM repository is not at the latest security patch level and is not operating
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Configuration management dependent on organizational compliance and processes.  Application code hosted on GitHub according to Code.mil guidance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26508,13 +27291,17 @@ If CM repository is not at the latest security patch level and is not operating
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222631r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222631r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26596,19 +27383,15 @@ If CM access privileges have not been reviewed within the last three months, thi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001795</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Configuration management dependent on organizational compliance and processes.  Application code hosted on GitHub according to Code.mil guidance. Codebase access restricted to repository administrators, which are publicly listed on the project&#x27;s GitHub site.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Configuration management dependent on organizational compliance and processes.  Application code hosted on GitHub according to Code.mil guidance. Codebase access restricted to repository administrators, which are publicly listed on the project&apos;s GitHub site.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26621,13 +27404,17 @@ If CM access privileges have not been reviewed within the last three months, thi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222632r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222632r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26838,11 +27625,7 @@ If the CMR does not audit for modifications, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -26850,7 +27633,7 @@ If the CMR does not audit for modifications, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Configuration management dependent on organizational compliance and processes.  All project artifacts are publicly available on the GitHub site, in accordance with Code.mil guidance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26863,13 +27646,17 @@ If the CMR does not audit for modifications, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222633r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222633r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26881,7 +27668,7 @@ If the CMR does not audit for modifications, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Software Configuration Management (SCM) is very important in tracking code releases, baselines, and managing access to the configuration management repository. An SCM plan or charter identifies what should be under configuration management control. Without an SCM plan and a CCB, application releases can&#x27;t be tracked and vulnerabilities can be inserted intentionally or unintentionally into the code base of the application.
+          <ATTRIBUTE_DATA>Software Configuration Management (SCM) is very important in tracking code releases, baselines, and managing access to the configuration management repository. An SCM plan or charter identifies what should be under configuration management control. Without an SCM plan and a CCB, application releases can&apos;t be tracked and vulnerabilities can be inserted intentionally or unintentionally into the code base of the application.
 
 This requirement is intended to be applied to application developers or organizations responsible for code management or who have and operate an application CM repository.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -26949,11 +27736,7 @@ If there is no evidence of CCB activity or meetings prior to the last release cy
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -26961,7 +27744,7 @@ If there is no evidence of CCB activity or meetings prior to the last release cy
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Configuration management dependent on organizational compliance and processes.  All project artifacts are publicly available on the GitHub site, in accordance with Code.mil guidance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26974,13 +27757,17 @@ If there is no evidence of CCB activity or meetings prior to the last release cy
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000387</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222634r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222634r879760_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27048,7 +27835,7 @@ If the application environment is not compliant with all DoD IPv6 Standards Prof
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27056,7 +27843,7 @@ If the application environment is not compliant with all DoD IPv6 Standards Prof
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on specific deployment. Web application is a Node.js application that includes support for IPv6.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27069,13 +27856,17 @@ If the application environment is not compliant with all DoD IPv6 Standards Prof
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222635r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222635r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27145,11 +27936,7 @@ If a mission critical application is deployed onto the same server as non-missio
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27157,7 +27944,7 @@ If a mission critical application is deployed onto the same server as non-missio
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27170,13 +27957,17 @@ If a mission critical application is deployed onto the same server as non-missio
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222636r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222636r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27248,11 +28039,7 @@ If the disaster recovery/continuity plan does not exist or does not meet the sev
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27260,7 +28047,7 @@ If the disaster recovery/continuity plan does not exist or does not meet the sev
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27273,13 +28060,17 @@ If the disaster recovery/continuity plan does not exist or does not meet the sev
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222637r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222637r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27293,7 +28084,7 @@ If the disaster recovery/continuity plan does not exist or does not meet the sev
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Without a disaster recovery plan, the application is susceptible to interruption in service due to damage within the processing site.
 
-If the application is part of the site&#x2019;s disaster recovery plan, ensure that the plan contains detailed instructions pertaining to the application. Verify that recovery procedures indicate the steps needed for secure and trusted recovery.</ATTRIBUTE_DATA>
+If the application is part of the site’s disaster recovery plan, ensure that the plan contains detailed instructions pertaining to the application. Verify that recovery procedures indicate the steps needed for secure and trusted recovery.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -27307,7 +28098,7 @@ Verify that a disaster recovery plan is in place for the application.
 
 Verify that the recovery procedures include any special considerations for trusted recovery.
 
-If the application is not part of the site&#x2019;s disaster recovery plan, or if any special considerations for trusted recovery are not documented, this is a finding.</ATTRIBUTE_DATA>
+If the application is not part of the site’s disaster recovery plan, or if any special considerations for trusted recovery are not documented, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
@@ -27351,11 +28142,7 @@ If the application is not part of the site&#x2019;s disaster recovery plan, or i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27363,7 +28150,7 @@ If the application is not part of the site&#x2019;s disaster recovery plan, or i
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27376,13 +28163,17 @@ If the application is not part of the site&#x2019;s disaster recovery plan, or i
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222638r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222638r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27476,11 +28267,7 @@ If any of the requirements above for the associated risk level of the applicatio
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27488,7 +28275,7 @@ If any of the requirements above for the associated risk level of the applicatio
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27501,13 +28288,17 @@ If any of the requirements above for the associated risk level of the applicatio
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222639r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222639r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27583,11 +28374,7 @@ If back-up copies of the application software or source code are not stored in a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27595,7 +28382,7 @@ If back-up copies of the application software or source code are not stored in a
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application codebase is stored in a GitHub repository (offsite).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27608,13 +28395,17 @@ If back-up copies of the application software or source code are not stored in a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222640r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222640r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27626,7 +28417,7 @@ If back-up copies of the application software or source code are not stored in a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Protection of backup and restoration assets is essential for the successful restore of operations after a catastrophic failure or damage to the system or data files. Failure to follow proper procedures may result in the permanent loss of system data and/or the loss of system capability resulting in failure of the customer&#x2019;s mission.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Protection of backup and restoration assets is essential for the successful restore of operations after a catastrophic failure or damage to the system or data files. Failure to follow proper procedures may result in the permanent loss of system data and/or the loss of system capability resulting in failure of the customer’s mission.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -27682,11 +28473,7 @@ If backup and restoration devices are not included in the recovery procedures, t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27694,7 +28481,7 @@ If backup and restoration devices are not included in the recovery procedures, t
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27707,13 +28494,17 @@ If backup and restoration devices are not included in the recovery procedures, t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222641r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222641r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27783,19 +28574,15 @@ If the application does not implement encryption for key exchange, this is a fin
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000201</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects other layers to provide appropriate data protection via compliant cryptography.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27808,13 +28595,17 @@ If the application does not implement encryption for key exchange, this is a fin
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222642r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222642r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27886,7 +28677,7 @@ The finding details should note specifically where the offending credentials or
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27894,7 +28685,7 @@ The finding details should note specifically where the offending credentials or
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>No passwords, certificates, or sensitive data are included in the source code.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27907,13 +28698,17 @@ The finding details should note specifically where the offending credentials or
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222643r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222643r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27935,11 +28730,11 @@ The finding details should note specifically where the offending credentials or
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator.
 
-Ask the application representative for the application&#x2019;s classification guide. This guide should document the data elements and their classification.
+Ask the application representative for the application’s classification guide. This guide should document the data elements and their classification.
 
 Determine which application functions to examine, giving preference to report generation capabilities and the most common user transactions that involve sensitive data (FOUO, secret or above).
 
-Log on to the application and perform these in sequence, printing output when applicable. The application representative&#x2019;s assistance may be required to perform these steps. For each function, note whether the appropriate markings appear on the displayed and printed output. If a classification document does not exist, data must be marked at the highest classification of the system.
+Log on to the application and perform these in sequence, printing output when applicable. The application representative’s assistance may be required to perform these steps. For each function, note whether the appropriate markings appear on the displayed and printed output. If a classification document does not exist, data must be marked at the highest classification of the system.
 
 Appropriate markings for an application are as follows: For classified data, markings are required at a minimum at the top and the bottom of screens and reports.
 
@@ -27953,7 +28748,7 @@ If it is not technically feasible to meet the minimum marking requirement and no
 
 In any case of a finding, the finding details should specify which functions failed to produce the desired results.
 
-After completing the test, destroy all printed output using the site&#x2019;s preferred method for disposal. For example: utilizing a shredder or disposal in burn bags.</ATTRIBUTE_DATA>
+After completing the test, destroy all printed output using the site’s preferred method for disposal. For example: utilizing a shredder or disposal in burn bags.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
@@ -27997,11 +28792,7 @@ After completing the test, destroy all printed output using the site&#x2019;s pr
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28009,7 +28800,7 @@ After completing the test, destroy all printed output using the site&#x2019;s pr
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The application interface indicates its configured classification, and all exports are marked with the configured classification.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28022,13 +28813,17 @@ After completing the test, destroy all printed output using the site&#x2019;s pr
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222644r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222644r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28098,11 +28893,7 @@ If test plans, procedures, and results do not exist, or are not updated for each
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28110,7 +28901,7 @@ If test plans, procedures, and results do not exist, or are not updated for each
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Github workflows test functionality and access controls before release.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28123,13 +28914,17 @@ If test plans, procedures, and results do not exist, or are not updated for each
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222645r561278_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222645r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28155,19 +28950,19 @@ Prior to release of the application receiving an ATO/IATO for deployment into a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Ask the application representative to demonstrate their cryptographic hash validation process or provide process documentation. The validation process will vary based upon the operating system used as there are numerous clients available that will display a file&#x27;s cryptographic hash for validation purposes.
+          <ATTRIBUTE_DATA>Ask the application representative to demonstrate their cryptographic hash validation process or provide process documentation. The validation process will vary based upon the operating system used as there are numerous clients available that will display a file&apos;s cryptographic hash for validation purposes.
 
-Linux operating systems include the &#x22;sha256sum&#x22; utility. For Linux systems using sha256sum command syntax is:  sha256sum [OPTION]... [FILE]...
+Linux operating systems include the &quot;sha256sum&quot; utility. For Linux systems using sha256sum command syntax is: sha256sum [OPTION]... [FILE]...
 
-Recent Windows PowerShell versions include the &#x22;get-filehash&#x22; PowerShell cmdlet. The default algorithm value used is SHA256.
+Recent Windows PowerShell versions include the &quot;get-filehash&quot; PowerShell cmdlet. The default algorithm value used is SHA256.
 
 Syntax is: 
 Get-FileHash
-   [-Path] &#x3C;String[]&#x3E;
-   [-Algorithm &#x3C;String&#x3E;]
-   [&#x3C;CommonParameters&#x3E;] 
+[-Path] &lt;String[]&gt;
+[-Algorithm &lt;String&gt;]
+[&lt;CommonParameters&gt;] 
 
-A validation process involves obtaining the application files&#x2019; cryptographic hash value from the programs author or other authoritative source such as the application&#x27;s website. A utility like the &#x22;sha256sum&#x22; utility is then run using the downloaded application file name as the argument. The output is the files&#x27; hash value. The two hash values are compared and if they match, then file integrity is ensured.
+A validation process involves obtaining the application files’ cryptographic hash value from the programs author or other authoritative source such as the application&apos;s website. A utility like the &quot;sha256sum&quot; utility is then run using the downloaded application file name as the argument. The output is the files&apos; hash value. The two hash values are compared and if they match, then file integrity is ensured.
 
 If the application being reviewed is a COTS product and the vendor used a SHA1 or MD5 algorithm to generate a hash value, this is not a finding.
 
@@ -28219,19 +29014,15 @@ Application Admins validate cryptographic hashes prior to deploying the applicat
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000698</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The application is offered as containerized API/Web Client builds that are signed using Docker Content Trust.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The application is offered as containerized API/Web Client builds that are signed using Docker Content Trust. Signed containers are also available on Iron Bank.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28244,13 +29035,17 @@ Application Admins validate cryptographic hashes prior to deploying the applicat
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222646r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222646r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28322,11 +29117,7 @@ If the organization has not designated personnel to conduct security testing, th
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28334,7 +29125,7 @@ If the organization has not designated personnel to conduct security testing, th
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Automated feature and access control tests are run against every commit to the release branch. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Policy for more information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28347,13 +29138,17 @@ If the organization has not designated personnel to conduct security testing, th
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222647r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222647r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28425,11 +29220,7 @@ If annual testing procedures do not exist, or if administrators are unable to pr
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28437,7 +29228,7 @@ If annual testing procedures do not exist, or if administrators are unable to pr
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28450,13 +29241,17 @@ If annual testing procedures do not exist, or if administrators are unable to pr
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222648r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222648r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28562,11 +29357,7 @@ If the organization does not conduct code reviews on the application that attemp
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28574,7 +29365,7 @@ If the organization does not conduct code reviews on the application that attemp
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>SonarCloud scans, including OWASP tests and code reviews, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Policy for more information.  Application source code is publicly available, and may be scanned at any time by any organization.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28587,13 +29378,17 @@ If the organization does not conduct code reviews on the application that attemp
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222649r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222649r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28673,11 +29468,7 @@ If these code coverage statistics do not exist, this is a finding.</ATTRIBUTE_DA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28685,7 +29476,7 @@ If these code coverage statistics do not exist, this is a finding.</ATTRIBUTE_DA
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Code coverage assessed for development using Node.js c8 and newman tests. Reports available upon request.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28698,13 +29489,17 @@ If these code coverage statistics do not exist, this is a finding.</ATTRIBUTE_DA
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222650r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222650r918120_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28776,19 +29571,15 @@ If there is no configuration management repository or the code review flaws are
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-003197</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>CCI-003161</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>All known code defects are tracked as Issues on the project&#x27;s GitHub site, or developer&#x27;s SonarCloud management page.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>All known code defects are tracked as Issues on the project&apos;s GitHub site, or developer&apos;s SonarCloud management page.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28801,13 +29592,17 @@ If there is no configuration management repository or the code review flaws are
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222651r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222651r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28877,11 +29672,7 @@ If IA impact analysis is not performed, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28889,7 +29680,7 @@ If IA impact analysis is not performed, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28902,13 +29693,17 @@ If IA impact analysis is not performed, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222652r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222652r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28982,11 +29777,7 @@ If security flaws are not addressed in the project plan or there is no process t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28994,7 +29785,7 @@ If security flaws are not addressed in the project plan or there is no process t
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Policy page on GitHub for more info.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29007,13 +29798,17 @@ If security flaws are not addressed in the project plan or there is no process t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222653r561281_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222653r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29052,15 +29847,15 @@ Introducing coding standards can help increase the consistency, reliability, and
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>This requirement is meant to apply to developers or organizations that are doing application development work. If the organization operating the application under review is not doing the development or managing the development of the application, the requirement is not applicable.
 
-Ask the application representative about their coding standards.  Ask for a coding standards document, review the document and ask the developers if they are aware of and if they use the coding standards.  Make a determination if the application developers follow the coding standard. 
+Ask the application representative about their coding standards. Ask for a coding standards document, review the document and ask the developers if they are aware of and if they use the coding standards. Make a determination if the application developers follow the coding standard. 
 
 If the developers do not follow a coding standard, or if a coding standard document does not exist, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Create and maintain a coding standard process and documentation for developers to follow.  
+          <ATTRIBUTE_DATA>Create and maintain a coding standard process and documentation for developers to follow. 
 
-Include programming best practices based on the languages being used for application development.  Include items that should be standardized across the team that that deal with how developers write their application code.</ATTRIBUTE_DATA>
+Include programming best practices based on the languages being used for application development. Include items that should be standardized across the team that deals with how developers write their application code.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -29100,19 +29895,16 @@ Include programming best practices based on the languages being used for applica
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-003233</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>SonarCloud scans, including OWASP tests, and tests for coding standards, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Policy page on GitHub for more info.</FINDING_DETAILS>
-        <COMMENTS/>
+        <STATUS>NotAFinding</STATUS>
+        <FINDING_DETAILS>SonarCloud scans, OWASP tests, and tests for coding standards, are run regularly to identify vulnerabilities.  Manual testing also performed. 
+ SonarLint and SonarCloud quality gates are also used.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29125,13 +29917,17 @@ Include programming best practices based on the languages being used for applica
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222654r561284_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222654r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29227,11 +30023,7 @@ If the design document is incomplete, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -29239,7 +30031,7 @@ If the design document is incomplete, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Requires organizational compliance, project documentation, and project Security Policy.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29252,13 +30044,17 @@ If the design document is incomplete, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222655r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222655r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29358,11 +30154,7 @@ If the described threat model documentation does not exist, this is a finding.</
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -29370,7 +30162,7 @@ If the described threat model documentation does not exist, this is a finding.</
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Requires organizational compliance, project documentation, and project Security Policy.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29383,13 +30175,17 @@ If the described threat model documentation does not exist, this is a finding.</
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222656r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222656r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29465,11 +30261,7 @@ If no test results are available for review, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -29477,7 +30269,7 @@ If no test results are available for review, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Automated feature and access control tests are run against every commit to the release branch. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Policy for more information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29490,13 +30282,17 @@ If no test results are available for review, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222657r561287_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222657r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29526,7 +30322,7 @@ This requirement is meant to be applied when reviewing an application with the d
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>If the application is a COTS application and the development team is not accessible to interview this requirement is not applicable.
 
-Interview the application development team members.  Request and review the application incident response plan. 
+Interview the application development team members. Request and review the application incident response plan. 
 
 Ensure the plan includes an implemented process that:
 
@@ -29584,19 +30380,15 @@ If the application incident response plan does not exist and at a minimum does n
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-003289</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>See project documentation and Security Policy.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>See project documentation and Security Policy attached to the project repository on GitHub.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29609,13 +30401,17 @@ If the application incident response plan does not exist and at a minimum does n
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222658r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222658r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29693,11 +30489,7 @@ If any of the software components are not supported by a COTS vendor or a GOTS o
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -29705,7 +30497,7 @@ If any of the software components are not supported by a COTS vendor or a GOTS o
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application is currently being actively maintained and supported.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29718,13 +30510,17 @@ If any of the software components are not supported by a COTS vendor or a GOTS o
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222659r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222659r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29792,11 +30588,7 @@ If the application or any of the application components are not being maintained
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -29804,7 +30596,7 @@ If the application or any of the application components are not being maintained
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application is currently being actively maintained and supported.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29817,13 +30609,17 @@ If the application or any of the application components are not being maintained
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222660r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222660r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29891,11 +30687,7 @@ If provisions are not in place to notify users when an application is decommissi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -29903,7 +30695,7 @@ If provisions are not in place to notify users when an application is decommissi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29916,13 +30708,17 @@ If provisions are not in place to notify users when an application is decommissi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222661r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222661r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29998,11 +30794,7 @@ If these accounts are not necessary to run the application, or if the accounts a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30010,7 +30802,7 @@ If these accounts are not necessary to run the application, or if the accounts a
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application has no built-in user accounts.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30023,13 +30815,17 @@ If these accounts are not necessary to run the application, or if the accounts a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222662r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222662r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30049,7 +30845,7 @@ If these accounts are not necessary to run the application, or if the accounts a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Identify the application name and version and do an Internet search for the product name and the string &#x22;default password&#x22;.
+          <ATTRIBUTE_DATA>Identify the application name and version and do an Internet search for the product name and the string &quot;default password&quot;.
 
 If default passwords are found, attempt to authenticate with the published default passwords.
 
@@ -30097,11 +30893,7 @@ If authentication is successful, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30109,7 +30901,7 @@ If authentication is successful, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application has no default passwords.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30122,13 +30914,17 @@ If authentication is successful, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222663r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222663r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30248,11 +31044,7 @@ Verify the application configuration guide is distributed along  with the applic
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30260,7 +31052,7 @@ Verify the application configuration guide is distributed along  with the applic
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Project Documentation is provided.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30273,13 +31065,17 @@ Verify the application configuration guide is distributed along  with the applic
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222664r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222664r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30369,11 +31165,7 @@ If the security classification guide does not exist, or does not contain applica
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30381,7 +31173,7 @@ If the security classification guide does not exist, or does not contain applica
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30394,13 +31186,17 @@ If the security classification guide does not exist, or does not contain applica
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222665r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222665r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30502,11 +31298,7 @@ If uncategorized mobile code types are found, ask the application administrator
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30514,7 +31306,7 @@ If uncategorized mobile code types are found, ask the application administrator
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application uses only Category 3 mobile code. (Javascript that runs client side in a web browser)</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30527,13 +31319,17 @@ If uncategorized mobile code types are found, ask the application administrator
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222666r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222666r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30605,11 +31401,7 @@ If any database exports include sensitive data and that data is not sanitized or
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30617,7 +31409,7 @@ If any database exports include sensitive data and that data is not sanitized or
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30630,13 +31422,17 @@ If any database exports include sensitive data and that data is not sanitized or
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222667r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222667r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30708,11 +31504,7 @@ If mitigations for DoS attacks are identified in the threat model but are not im
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30720,7 +31512,7 @@ If mitigations for DoS attacks are identified in the threat model but are not im
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Threat model dependent on organizational requirements. The project expects to be deployed in a Container Platform that resists DoS attacks.  DoS mitigations expected to be implemented at Container Platform Ingress layer or otherwise fulfilled by specific deployment configurations.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30733,13 +31525,17 @@ If mitigations for DoS attacks are identified in the threat model but are not im
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222668r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222668r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30807,11 +31603,7 @@ If this monitoring capability does not exist, this is a finding.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30819,7 +31611,7 @@ If this monitoring capability does not exist, this is a finding.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that monitors resource conditions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30832,13 +31624,17 @@ If this monitoring capability does not exist, this is a finding.</ATTRIBUTE_DATA
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222669r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222669r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30908,11 +31704,7 @@ If no deployment personnel are registered to receive the alerts, this is a findi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30920,7 +31712,7 @@ If no deployment personnel are registered to receive the alerts, this is a findi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organization compliance.  Update notifications are available by subscription on GitHub project page.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30933,13 +31725,17 @@ If no deployment personnel are registered to receive the alerts, this is a findi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222670r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222670r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -31019,11 +31815,7 @@ Include a description of the issue, a summary of risk as well as potential mitig
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -31031,7 +31823,7 @@ Include a description of the issue, a summary of risk as well as potential mitig
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Update notifications are available by subscription on GitHub project page.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -31044,13 +31836,17 @@ Include a description of the issue, a summary of risk as well as potential mitig
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222671r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222671r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -31116,11 +31912,7 @@ If the application is publicly accessible and traffic is not being routed throug
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -31128,7 +31920,7 @@ If the application is publicly accessible and traffic is not being routed throug
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -31141,13 +31933,17 @@ If the application is publicly accessible and traffic is not being routed throug
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000506</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222672r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222672r879877_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -31221,7 +32017,7 @@ If the application does not create an audit record when concurrent logons occur
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -31229,7 +32025,7 @@ If the application does not create an audit record when concurrent logons occur
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that include the original source IP address.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -31242,13 +32038,17 @@ If the application does not create an audit record when concurrent logons occur
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222673r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222673r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -31335,11 +32135,7 @@ If there is no evidence of security training, this is a finding.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -31347,7 +32143,154 @@ If there is no evidence of security training, this is a finding.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The current developers are subject to annual security training requirements.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
+        <SEVERITY_OVERRIDE/>
+        <SEVERITY_JUSTIFICATION/>
+      </VULN>
+      <VULN>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>V-254803</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>APSC-DV-002010</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>SV-254803r865217_rule</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>APSC-DV-002010</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>The application must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect classified data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.
+ 
+Advanced Encryption Standard (AES)
+Symmetric block cipher used for information protection
+FIPS Pub 197
+Use 256 bit keys to protect up to TOP SECRET
+
+Elliptic Curve Diffie-Hellman (ECDH) Key Exchange
+Asymmetric algorithm used for key establishment
+NIST SP 800-56A
+Use Curve P-384 to protect up to TOP SECRET.
+
+Elliptic Curve Digital Signature Algorithm (ECDSA)
+Asymmetric algorithm used for digital signatures
+FIPS Pub 186-4
+Use Curve P-384 to protect up to TOP SECRET.
+
+Secure Hash Algorithm (SHA)
+Algorithm used for computing a condensed representation of information
+FIPS Pub 180-4
+
+Use SHA-384 to protect up to TOP SECRET.
+ 
+Diffie-Hellman (DH) Key Exchange
+Asymmetric algorithm used for key establishment
+IETF RFC 3526 
+Minimum 3072-bit modulus to protect up to TOP SECRET
+
+RSA
+Asymmetric algorithm used for key establishment
+NIST SP 800-56B rev 1
+Minimum 3072-bit modulus to protect up to TOP SECRET
+
+RSA 
+Asymmetric algorithm used for digital signatures
+FIPS PUB 186-4
+Minimum 3072 bit-modulus to protect up to TOP SECRET.</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>Review the application documentation, system security plan and interview the application administrator to determine if the application processes classified data.
+
+If the application does not process classified data, this requirement is not applicable.
+
+Identify the data classifications and the cryptographic protections established to protect the application data.
+
+Verify the application is configured to utilize the appropriate encryption based upon data classification, cryptographic tasks that need to be performed (information protection, hashing, signing) and information protection requirements.
+
+NIST-certified cryptography must be used to store classified non-Sources and Methods Intelligence (SAMI) information if required by the information owner.
+
+NSA-validated type-1 encryption must be used for all SAMI data stored in the enclave.
+
+If the application is not configured to utilize the NSA-approved cryptographic modules in accordance with data protection requirements specified in the security plan, this is a finding.</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>Configure application to encrypt stored classified information; Ensure encryption is performed using NIST FIPS 140-2-validated encryption.
+
+Encrypt stored, non-SAMI classified information using NIST FIPS 140-2-validated encryption.
+
+Implement NSA-validated type-1 encryption of all SAMI data stored in the enclave.</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STATUS>Not_Reviewed</STATUS>
+        <FINDING_DETAILS>The project expects other layers to provide appropriate data protection via compliant cryptography. It supports interactions with the Data Storage layer via TLS. The project containers are read-only, stateless builds.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>