diff --git a/.readthedocs.yml b/.readthedocs.yml
index c9d96fe02..9f037f63f 100644
--- a/.readthedocs.yml
+++ b/.readthedocs.yml
@@ -5,6 +5,13 @@
 # Required
 version: 2
 
+# Set the OS, Python version and other tools you might need
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.12"
+
+    
 # Build documentation in the docs/ directory with Sphinx
 sphinx:
    configuration: docs/conf.py
diff --git a/api/source/controllers/Metrics.js b/api/source/controllers/Metrics.js
index 9a6cff5d6..ca6d8b76b 100644
--- a/api/source/controllers/Metrics.js
+++ b/api/source/controllers/Metrics.js
@@ -37,6 +37,35 @@ async function getCollectionMetrics (req, res, next, {style, aggregation, firstR
   }
 }
 
+async function getMetaMetrics (req, res, next, {style, aggregation, firstRowOnly = false}) {
+  try {
+    const returnType = req.query.format || 'json'
+    const inPredicates = {
+      collectionIds: req.query.collectionId,
+      benchmarkIds: req.query.benchmarkId,
+      revisionIds: req.query.revisionId
+    }
+    const rows = await MetricsService.queryMetaMetrics({
+      inPredicates,
+      userId: req.userObject.userId,
+      style,
+      aggregation,
+      returnType 
+    })
+    if (returnType === 'csv') {
+      res.type('text/csv')
+      res.send(csvStringify(rows, {header: true}))
+    }
+    else {
+      res.json(firstRowOnly ? rows[0] : rows)
+    }
+  }
+  catch (e) {
+    next(e)
+  }
+}
+
+
 module.exports.getMetricsDetailByCollection = async function (req, res, next) {
   await getCollectionMetrics(req, res, next, {style: 'detail', aggregation: 'unagg'})
 }
@@ -67,3 +96,21 @@ module.exports.getMetricsSummaryByCollectionAggLabel = async function (req, res,
 module.exports.getMetricsSummaryByCollectionAggStig = async function (req, res, next) {
   await getCollectionMetrics(req, res, next, {style: 'summary', aggregation: 'stig'})
 }
+module.exports.getMetricsDetailByMeta = async function (req, res, next) {
+  await getMetaMetrics(req, res, next, {style: 'detail', aggregation: 'meta', firstRowOnly: true})
+}
+module.exports.getMetricsDetailByMetaAggCollection = async function (req, res, next) {
+  await getMetaMetrics(req, res, next, {style: 'detail', aggregation: 'collection'})
+}
+module.exports.getMetricsDetailByMetaAggStig = async function (req, res, next) {
+  await getMetaMetrics(req, res, next, {style: 'detail', aggregation: 'metaStig'})
+}
+module.exports.getMetricsSummaryByMeta = async function (req, res, next) {
+  await getMetaMetrics(req, res, next, {style: 'summary', aggregation: 'meta', firstRowOnly: true})
+}
+module.exports.getMetricsSummaryByMetaAggCollection = async function (req, res, next) {
+  await getMetaMetrics(req, res, next, {style: 'summary', aggregation: 'collection'})
+}
+module.exports.getMetricsSummaryByMetaAggStig = async function (req, res, next) {
+  await getMetaMetrics(req, res, next, {style: 'summary', aggregation: 'metaStig'})
+}
\ No newline at end of file
diff --git a/api/source/package-lock.json b/api/source/package-lock.json
index 8d020a500..8c20f7b18 100644
--- a/api/source/package-lock.json
+++ b/api/source/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "stig-management-api",
-  "version": "1.4.1",
+  "version": "1.4.2",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "stig-management-api",
-      "version": "1.4.1",
+      "version": "1.4.2",
       "license": "MIT",
       "dependencies": {
         "archiver": "^5.3.1",
diff --git a/api/source/package.json b/api/source/package.json
index f9944e7f4..2dbc1d63c 100644
--- a/api/source/package.json
+++ b/api/source/package.json
@@ -1,6 +1,6 @@
 {
   "name": "stig-management-api",
-  "version": "1.4.1",
+  "version": "1.4.2",
   "description": "An API for managing evaluations of Security Technical Implementation Guide (STIG) assessments.",
   "main": "index.js",
   "scripts": {
diff --git a/api/source/service/AssetService.js b/api/source/service/AssetService.js
index 729793279..89e163efc 100644
--- a/api/source/service/AssetService.js
+++ b/api/source/service/AssetService.js
@@ -520,8 +520,8 @@ exports.queryChecklist = async function (inProjection, inPredicates, elevate, us
     }
     if (inPredicates.revisionStr !== 'latest') {
       joins.splice(0, 1, 'revision rev')
-      const results = /V(\d+)R(\d+(\.\d+)?)/.exec(inPredicates.revisionStr)
-      const revId =  `${inPredicates.benchmarkId}-${results[1]}-${results[2]}`
+      const {version, release} = dbUtils.parseRevisionStr(inPredicates.revisionStr)
+      const revId =  `${inPredicates.benchmarkId}-${version}-${release}`
       predicates.statements.push('rev.revId = :revId')
       predicates.binds.revId = revId
     }
@@ -776,8 +776,8 @@ exports.cklFromAssetStigs = async function cklFromAssetStigs (assetId, stigs, el
         revisionStrResolved = `V${resultGetBenchmarkId[0].version}R${resultGetBenchmarkId[0].release}`
       }
       else {
-        let revParse = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
-        revId =  `${benchmarkId}-${revParse[1]}-${revParse[2]}`
+        const {version, release} = dbUtils.parseRevisionStr(revisionStr)
+        revId =  `${benchmarkId}-${version}-${release}`
         ;[resultGetBenchmarkId] = await connection.execute(sqlGetBenchmarkId, [revId])
       }
   
@@ -1021,8 +1021,8 @@ exports.cklbFromAssetStigs = async function cklbFromAssetStigs (assetId, stigs)
         revisionStrResolved = `V${resultGetBenchmarkId[0].version}R${resultGetBenchmarkId[0].release}`
       }
       else {
-        let revParse = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
-        revId =  `${benchmarkId}-${revParse[1]}-${revParse[2]}`
+        const {version, release} = dbUtils.parseRevisionStr(revisionStr)
+        revId =  `${benchmarkId}-${version}-${release}`
         ;[resultGetBenchmarkId] = await connection.execute(sqlGetBenchmarkId, [revId])
       }
   
@@ -1181,8 +1181,8 @@ exports.xccdfFromAssetStig = async function (assetId, benchmarkId, revisionStr =
       revisionStrResolved = `V${result[0].version}R${result[0].release}`
     }
     else {
-      let revParse = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
-      revId = `${benchmarkId}-${revParse[1]}-${revParse[2]}`
+      const {version, release} = dbUtils.parseRevisionStr(revisionStr)
+      revId = `${benchmarkId}-${version}-${release}`
       ;[result] = await connection.query(sqlGetRevision, [revId])
       revisionStrResolved = revisionStr
     }
diff --git a/api/source/service/CollectionService.js b/api/source/service/CollectionService.js
index 8f0a9d8c3..0017e2d2d 100644
--- a/api/source/service/CollectionService.js
+++ b/api/source/service/CollectionService.js
@@ -756,11 +756,11 @@ exports.getChecklistByCollectionStig = async function (collectionId, benchmarkId
     // Non-current revision
     if (revisionStr !== 'latest') {
       joins.splice(2, 1, 'left join revision rev on sa.benchmarkId=rev.benchmarkId')
-      const results = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
+      const {version, release} = dbUtils.parseRevisionStr(revisionStr)
       predicates.statements.push('rev.version = :version')
       predicates.statements.push('rev.release = :release')
-      predicates.binds.version = results[1]
-      predicates.binds.release = results[2]
+      predicates.binds.version = version
+      predicates.binds.release = release
     }
 
     // Access control
@@ -1670,9 +1670,7 @@ exports.writeStigPropsByCollectionStig = async function ({collectionId, benchmar
     let version, release
     if (defaultRevisionStr) {
       if (defaultRevisionStr !== 'latest') {
-        const revisionParts = /V(\d+)R(\d+(\.\d+)?)/.exec(defaultRevisionStr)
-        version = revisionParts[1]
-        release = revisionParts[2]
+        ;({version, release} = dbUtils.parseRevisionStr(defaultRevisionStr))
       }
     }
     connection = await dbUtils.pool.getConnection()
diff --git a/api/source/service/MetricsService.js b/api/source/service/MetricsService.js
index b70f68362..0fa0a43bc 100644
--- a/api/source/service/MetricsService.js
+++ b/api/source/service/MetricsService.js
@@ -2,7 +2,6 @@ const dbUtils = require('./utils')
 
 module.exports.queryMetrics = async function ({
   inPredicates = {},
-  inProjections = [],
   userId,
   aggregation = 'unagg',
   style = 'detail',
@@ -15,6 +14,7 @@ module.exports.queryMetrics = async function ({
   }
 
   // CTE processing
+  // This CTE retreives the granted Asset/STIG pairs for a single collection
   const cteProps = {
     columns: [
       'distinct c.collectionId',
@@ -173,6 +173,132 @@ module.exports.queryMetrics = async function ({
   return (rows || [])
 }
 
+module.exports.queryMetaMetrics = async function ({
+  inPredicates = {},
+  userId,
+  aggregation = 'meta',
+  style = 'detail',
+  returnType = 'json'
+}) {
+  const predicates = {
+    statements: [],
+    binds: []
+  }
+  // CTE processing
+  // This CTE retreives the granted Asset/STIG pairs across all collections (or the requested ones)
+  const cteProps = {
+    columns: [
+      'distinct c.collectionId',
+      'sa.benchmarkId',
+      'a.assetId',
+      'sa.saId'
+    ],
+    joins: [
+      'collection c',
+      'left join collection_grant cg on c.collectionId = cg.collectionId',
+      'inner join asset a on c.collectionId = a.collectionId and a.state = "enabled"',
+      'left join stig_asset_map sa on a.assetId = sa.assetId',
+      'left join user_stig_asset_map usa on sa.saId = usa.saId'
+    ],
+    predicates: {
+      statements: [
+        '(cg.userId = ? AND CASE WHEN cg.accessLevel = 1 THEN usa.userId = cg.userId ELSE TRUE END)',
+        'c.state = "enabled"'
+      ],
+      binds: [
+        userId
+      ]
+    }
+  }
+  if (inPredicates.benchmarkIds) {
+    cteProps.predicates.statements.push(
+      'sa.benchmarkId IN ?'
+    )
+    cteProps.predicates.binds.push([inPredicates.benchmarkIds])
+  }
+  if (inPredicates.collectionIds) {
+    cteProps.predicates.statements.push(
+      'c.collectionId IN ?'
+    )
+    cteProps.predicates.binds.push([inPredicates.collectionIds])
+  }
+  if (inPredicates.revisionIds) {
+    cteProps.joins.push(
+      'left join default_rev dr on c.collectionId = dr.collectionId and sa.benchmarkId = dr.benchmarkId',
+      'left join revision rev on dr.revId = rev.revId'
+    )
+    cteProps.predicates.statements.push(
+      'rev.revId IN ?'
+    )
+    cteProps.predicates.binds.push([inPredicates.revisionIds])
+  }
+  const cteQuery = dbUtils.makeQueryString({
+    columns: cteProps.columns,
+    joins: cteProps.joins,
+    predicates: cteProps.predicates
+  })
+  const ctes = [
+    `granted as (${cteQuery})`
+  ]
+  // Main query
+  const columns = returnType === 'csv' ? [...baseColsFlat[aggregation]] : [...baseCols[aggregation]]
+  const joins = [
+    'granted',
+    'left join asset a on granted.assetId = a.assetId',
+    'left join stig_asset_map sa on granted.saId = sa.saId',
+    'left join default_rev dr on granted.collectionId = dr.collectionId and sa.benchmarkId = dr.benchmarkId',
+    'left join revision rev on dr.revId = rev.revId',
+    'left join stig on rev.benchmarkId = stig.benchmarkId'
+  ]
+  const groupBy = []
+  const orderBy = []
+  switch (aggregation) {
+    case 'meta':
+      predicates.statements.push('sa.benchmarkId IS NOT NULL')
+      break
+    case 'collection':
+      joins.push('left join collection c on granted.collectionId = c.collectionId')
+      groupBy.push('c.collectionId')
+      orderBy.push('c.name')
+      break
+    case 'metaStig':
+      predicates.statements.push('sa.benchmarkId IS NOT NULL')
+      groupBy.push('rev.revId')
+      orderBy.push('rev.benchmarkId')
+      break
+  }
+  if (style === 'detail') {
+    if (returnType === 'csv') {
+      columns.push(...colsMetricsDetailAgg)
+    }
+    else {
+      columns.push(sqlMetricsDetailAgg)
+    }
+  }
+  else { //style: 'summary'
+    if (returnType === 'csv') {
+      columns.push(...colsMetricsSummaryAgg)
+    }
+    else {
+      columns.push(sqlMetricsSummaryAgg)
+    }
+  }
+  const query = dbUtils.makeQueryString({
+    ctes,
+    columns,
+    joins,
+    predicates,
+    groupBy,
+    orderBy
+  })
+
+  let [rows, fields] = await dbUtils.pool.query(
+    query, 
+    [...cteProps.predicates.binds, ...predicates.binds]
+  )
+  return (rows || [])
+}
+
 const sqlMetricsDetail = `json_object(
   'assessments', rev.ruleCount,
   'assessmentsBySeverity', json_object(
@@ -463,6 +589,20 @@ const baseCols = {
     'cl.color',
     'cl.description',
     'count(distinct a.assetId) as assets'
+  ],
+  meta: [
+    'count(distinct granted.collectionId) as collections',
+    'count(distinct a.assetId) as assets',
+    'count(distinct sa.benchmarkId) as stigs',
+    'count(sa.saId) as checklists'
+  ],
+  metaStig: [
+    'rev.benchmarkId',
+    'stig.title',
+    'rev.revisionStr',
+    'count(distinct granted.collectionId) as collections',
+    'count(distinct a.assetId) as assets',
+    'rev.ruleCount'
   ]
 }
 const baseColsFlat = {
@@ -499,5 +639,19 @@ const baseColsFlat = {
     'BIN_TO_UUID(cl.uuid,1) as labelId',
     'cl.name',
     'count(distinct a.assetId) as assets'
+  ],
+  meta: [
+    'count(distinct granted.collectionId) as collections',
+    'count(distinct a.assetId) as assets',
+    'count(distinct sa.benchmarkId) as stigs',
+    'count(sa.saId) as checklists'
+  ],
+  metaStig: [
+    'rev.benchmarkId',
+    'stig.title',
+    'rev.revisionStr',
+    'count(distinct granted.collectionId) as collections',
+    'count(distinct a.assetId) as assets',
+    'rev.ruleCount'
   ]
 }
\ No newline at end of file
diff --git a/api/source/service/OperationService.js b/api/source/service/OperationService.js
index 27ded3d90..63cdac207 100644
--- a/api/source/service/OperationService.js
+++ b/api/source/service/OperationService.js
@@ -338,7 +338,7 @@ exports.replaceAppData = async function (importOpts, appData, userObject, res )
       }
         for (const pin of c.stigs ?? []) {
           if (pin.revisionPinned){
-            let [input, version, release] = /V(\d+)R(\d+(\.\d+)?)/.exec(pin.revisionStr)
+            const {version, release} = dbUtils.parseRevisionStr(pin.revisionStr)
             dml.collectionPins.insertBinds.push([
               parseInt(c.collectionId),
               pin.benchmarkId,
diff --git a/api/source/service/STIGService.js b/api/source/service/STIGService.js
index 250456f6e..9140c93a8 100644
--- a/api/source/service/STIGService.js
+++ b/api/source/service/STIGService.js
@@ -148,7 +148,7 @@ exports.queryGroups = async function ( inProjection, inPredicates ) {
   
   if (inPredicates.revisionStr != 'latest') {
     joins = ['revision r']
-    let [results, version, release] = /V(\d+)R(\d+(\.\d+)?)/.exec(inPredicates.revisionStr)
+    const {version, release} = dbUtils.parseRevisionStr(inPredicates.revisionStr)
     predicates.statements.push('r.version = ?')
     predicates.binds.push(version)
     predicates.statements.push('r.release = ?')
@@ -232,7 +232,7 @@ exports.queryBenchmarkRules = async function ( benchmarkId, revisionStr, inProje
   
   if (revisionStr != 'latest') {
     joins = ['revision rev']
-    let [input, version, release] = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
+    const {version, release} = dbUtils.parseRevisionStr(revisionStr)
     predicates.statements.push('rev.version = ?')
     predicates.binds.push(version)
     predicates.statements.push('rev.release = ?')
@@ -907,7 +907,7 @@ exports.deleteRevisionByString = async function(benchmarkId, revisionStr, svcSta
 
   let connection;
   try {
-    let [input, version, release] = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
+    const {version, release} = dbUtils.parseRevisionStr(revisionStr)
     let binds = {
       benchmarkId: benchmarkId,
       version: version,
@@ -1161,7 +1161,7 @@ exports.getCcisByRevision = async function(benchmarkId, revisionStr, userObject)
   if (revisionStr != 'latest') {
     joins = ['revision r']
 
-    let [results, version, release] = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
+    const {version, release} = dbUtils.parseRevisionStr(revisionStr)
     predicates.statements.push('r.version = ?')
     predicates.binds.push(version)
     predicates.statements.push('r.release = ?')
diff --git a/api/source/service/utils.js b/api/source/service/utils.js
index 2223138a0..9dd1c61d9 100644
--- a/api/source/service/utils.js
+++ b/api/source/service/utils.js
@@ -141,9 +141,9 @@ module.exports.initializeDatabase = async function () {
 }
 
 module.exports.parseRevisionStr = function (revisionStr) {
-  let ro = {}
+  const ro = {}
   if (revisionStr !== 'latest') {
-    let results = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
+    const results = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
     ro.version = results[1]
     ro.release = results[2]
     ro.table = 'revision'
diff --git a/api/source/specification/stig-manager.yaml b/api/source/specification/stig-manager.yaml
index 979484236..50c9d8cc2 100644
--- a/api/source/specification/stig-manager.yaml
+++ b/api/source/specification/stig-manager.yaml
@@ -2358,6 +2358,7 @@ paths:
       security:
         - oauth:
             - 'stig-manager:collection:read'
+
   '/collections/{collectionId}/poam':
     get:
       tags:
@@ -2752,6 +2753,192 @@ paths:
       security:
         - oauth:
             - 'stig-manager:collection:read'
+
+  '/collections/meta/metrics/detail':
+    parameters:
+      - $ref: '#/components/parameters/CollectionIdArrayQuery'
+      - $ref: '#/components/parameters/BenchmarkIdArrayQuery'
+      - $ref: '#/components/parameters/MetricsFormatQuery'
+    get:
+      tags:
+        - Metrics
+      summary: Return fully aggregated meta-metrics
+      operationId: getMetricsDetailByMeta
+      responses:
+        '200':
+          description: Metrics response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/MetricsDetailAggMeta'
+            text/csv:
+              schema:
+                type: string
+        default:
+          description: unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+      security:
+        - oauth:
+            - 'stig-manager:collection:read'
+  '/collections/meta/metrics/detail/collection':
+    parameters:
+      - $ref: '#/components/parameters/CollectionIdArrayQuery'
+      - $ref: '#/components/parameters/BenchmarkIdArrayQuery'
+      - $ref: '#/components/parameters/RevisionIdArrayQuery'
+      - $ref: '#/components/parameters/MetricsFormatQuery'
+    get:
+      tags:
+        - Metrics
+      summary: Return meta-metrics aggregated by Collection
+      operationId: getMetricsDetailByMetaAggCollection
+      responses:
+        '200':
+          description: Metrics response
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/MetricsDetailAggCollection'
+            text/csv:
+              schema:
+                type: string
+        default:
+          description: unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+      security:
+        - oauth:
+            - 'stig-manager:collection:read'
+  '/collections/meta/metrics/detail/stig':
+    parameters:
+      - $ref: '#/components/parameters/CollectionIdArrayQuery'
+      - $ref: '#/components/parameters/BenchmarkIdArrayQuery'
+      - $ref: '#/components/parameters/MetricsFormatQuery'
+    get:
+      tags:
+        - Metrics
+      summary: Return meta-metrics aggregated by STIG
+      operationId: getMetricsDetailByMetaAggStig
+      responses:
+        '200':
+          description: Metrics response
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/MetricsDetailAggStig'
+            text/csv:
+              schema:
+                type: string
+        default:
+          description: unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+      security:
+        - oauth:
+            - 'stig-manager:collection:read'
+  '/collections/meta/metrics/summary':
+    parameters:
+      - $ref: '#/components/parameters/CollectionIdArrayQuery'
+      - $ref: '#/components/parameters/BenchmarkIdArrayQuery'
+      - $ref: '#/components/parameters/MetricsFormatQuery'
+    get:
+      tags:
+        - Metrics
+      summary: Return fully aggregated meta-metrics
+      operationId: getMetricsSummaryByMeta
+      responses:
+        '200':
+          description: Metrics response
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/MetricsSummaryAggMeta'
+            text/csv:
+              schema:
+                type: string
+        default:
+          description: unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+      security:
+        - oauth:
+            - 'stig-manager:collection:read'
+  '/collections/meta/metrics/summary/collection':
+    parameters:
+      - $ref: '#/components/parameters/CollectionIdArrayQuery'
+      - $ref: '#/components/parameters/BenchmarkIdArrayQuery'
+      - $ref: '#/components/parameters/RevisionIdArrayQuery'
+      - $ref: '#/components/parameters/MetricsFormatQuery'
+    get:
+      tags:
+        - Metrics
+      summary: Return meta-metrics aggregated by Collection
+      operationId: getMetricsSummaryByMetaAggCollection
+      responses:
+        '200':
+          description: Metrics response
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/MetricsSummaryAggCollection'
+            text/csv:
+              schema:
+                type: string
+        default:
+          description: unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+      security:
+        - oauth:
+            - 'stig-manager:collection:read'
+  '/collections/meta/metrics/summary/stig':
+    parameters:
+      - $ref: '#/components/parameters/CollectionIdArrayQuery'
+      - $ref: '#/components/parameters/BenchmarkIdArrayQuery'
+      - $ref: '#/components/parameters/MetricsFormatQuery'
+    get:
+      tags:
+        - Metrics
+      summary: Return meta-metrics aggregated by STIG
+      operationId: getMetricsSummaryByMetaAggStig
+      responses:
+        '200':
+          description: Metrics response
+          content:
+            application/json:
+              schema:
+                type: array
+                items:
+                  $ref: '#/components/schemas/MetricsSummaryAggStig'
+            text/csv:
+              schema:
+                type: string
+        default:
+          description: unexpected error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
+      security:
+        - oauth:
+            - 'stig-manager:collection:read'
+
   /op/appdata:
     get:
       tags:
@@ -5190,7 +5377,6 @@ components:
         - title
         - assets
         - revisionStr
-        - revisionPinned
         - ruleCount
       properties:
         benchmarkId:
@@ -5201,6 +5387,8 @@ components:
           $ref: '#/components/schemas/RevisionStrRaw'
         revisionPinned:
           type: boolean
+        collections:
+          type: integer
         assets:
           type: integer
         ruleCount:
@@ -5213,6 +5401,30 @@ components:
       allOf:
         - $ref: '#/components/schemas/MetricsAggStig'
         - $ref: '#/components/schemas/MetricsSummary'
+    MetricsAggMeta:
+      type: object
+      required:
+        - collections
+        - assets
+        - stigs
+        - checklists
+      properties:
+        collections:
+          type: integer
+        assets:
+          type: integer
+        stigs:
+          type: integer
+        checklists:
+          type: integer
+    MetricsDetailAggMeta:
+      allOf:
+        - $ref: '#/components/schemas/MetricsAggMeta'
+        - $ref: '#/components/schemas/MetricsDetail'
+    MetricsSummaryAggMeta:
+      allOf:
+        - $ref: '#/components/schemas/MetricsAggMeta'
+        - $ref: '#/components/schemas/MetricsSummary'
     MetricsDetail:
       type: object
       required:
@@ -6662,7 +6874,7 @@ components:
     AssetIdArrayQuery:
       name: assetId
       in: query
-      description: A query parameter that identifies an Asset
+      description: A query parameter that identifies a list of Assets
       schema:
         type: array
         uniqueItems: true
@@ -6701,7 +6913,7 @@ components:
     BenchmarkIdArrayQuery:
       name: benchmarkId
       in: query
-      description: A query parameter that identifies a STIG
+      description: Filter by one or more benchmarkIds
       schema:
         type: array
         uniqueItems: true
@@ -6795,7 +7007,7 @@ components:
       name: collectionId
       required: false
       in: query
-      description: A query parameter that identifies a Collection
+      description: Filter by one or more collectionIds
       schema:
         type: array
         uniqueItems: true
@@ -7111,6 +7323,16 @@ components:
       in: query
       schema:
         $ref: '#/components/schemas/ReviewStatusLabel'
+    RevisionIdArrayQuery:
+      name: revisionId
+      in: query
+      description: Filter by one or more revisionIds (benchmarkId-version-release)  If Revision specified is not the default rev for at least one Collection, response will be empty.
+      schema:
+        type: array
+        uniqueItems: true
+        minLength: 1
+        items:
+          type: string
     RevisionStrPath:
       name: revisionStr
       in: path
diff --git a/client/README.md b/client/README.md
new file mode 100644
index 000000000..ad33d7b42
--- /dev/null
+++ b/client/README.md
@@ -0,0 +1,17 @@
+# STIG Manager Reference UI
+
+The reference UI client provided by the project is implemented as a Single Page Application (SPA) using ExtJS 3.4.  It exercises most, but not all of the API endpoints. 
+
+## Setting Up the Client for Development
+
+- From the `/client/src/js/third-party/` directory, run `npm ci` to install the required dependencies.
+- For development, in most cases the API configuration should specify the following envvar and value: `STIGMAN_CLIENT_DIRECTORY: "../../client/src"`.
+
+
+## Building the Client for Distribution
+
+Requires:
+- nodejs
+- uglify-js
+
+From the `/client` directory, run the `build.sh` bash script.  The output will be in the `/client/dist` directory.
\ No newline at end of file
diff --git a/client/build.sh b/client/build.sh
index 15e59c5d7..0ddc7c8ed 100755
--- a/client/build.sh
+++ b/client/build.sh
@@ -133,6 +133,7 @@ uglifyjs \
 'SM/CollectionAsset.js' \
 'SM/CollectionGrant.js' \
 'SM/CollectionPanel.js' \
+'SM/MetaPanel.js' \
 'SM/ColumnFilters.js' \
 'SM/FindingsPanel.js' \
 'SM/Assignments.js' \
diff --git a/client/src/css/stigman.css b/client/src/css/stigman.css
index 72261ccfc..1a2a34f65 100644
--- a/client/src/css/stigman.css
+++ b/client/src/css/stigman.css
@@ -13,6 +13,9 @@
   --metrics-status-chart-rejected-dark: hsl(5deg 90% 25%)
 }
 
+.x-tree-node-collapsed .x-tree-node-icon, .x-tree-node-expanded .x-tree-node-icon, .x-tree-node-leaf .x-tree-node-icon {
+	width: 22px;
+}
 .sm-grid-cell-with-toolbar {
 	position: relative;
 }
@@ -40,7 +43,7 @@
 }
 
 .x-grid3-row-over .sm-grid-cell-with-toolbar .sm-static-width:hover {
-	scale: 125%;
+	scale: 110%;
 	filter: brightness(100%);
 }
 
@@ -2006,6 +2009,16 @@ td.x-grid3-hd-over .x-grid3-hd-inner {
   font-size: 10px;
   line-height: 16px;
 }
+.x-tool.x-tool-collection {
+  background-image: url(../img/collection.svg);
+  background-repeat: no-repeat;
+  background-size: 12px 16px;
+  color: grey;
+  width: auto;
+  padding-left: 15px;
+  font-size: 10px;
+  line-height: 16px;
+}
 .x-tool.x-tool-manage {
   background-image: url(../img/gear.svg);
   background-repeat: no-repeat;
diff --git a/client/src/ext/adapter/ext/ext-base-debug - Copy.js b/client/src/ext/adapter/ext/ext-base-debug - Copy.js
deleted file mode 100644
index bb9d91305..000000000
--- a/client/src/ext/adapter/ext/ext-base-debug - Copy.js	
+++ /dev/null
@@ -1,3352 +0,0 @@
-/*
-This file is part of Ext JS 3.4
-
-Copyright (c) 2011-2013 Sencha Inc
-
-Contact:  http://www.sencha.com/contact
-
-GNU General Public License Usage
-This file may be used under the terms of the GNU General Public License version 3.0 as
-published by the Free Software Foundation and appearing in the file LICENSE included in the
-packaging of this file.
-
-Please review the following information to ensure the GNU General Public License version 3.0
-requirements will be met: http://www.gnu.org/copyleft/gpl.html.
-
-If you are unsure which license is appropriate for your use, please contact the sales department
-at http://www.sencha.com/contact.
-
-Build date: 2013-04-03 15:07:25
-*/
-// for old browsers
-window.undefined = window.undefined;
-
-/**
- * @class Ext
- * Ext core utilities and functions.
- * @singleton
- */
-
-Ext = {
-    /**
-     * The version of the framework
-     * @type String
-     */
-    version : '3.4.1.1',
-    versionDetail : {
-        major : 3,
-        minor : 4,
-        patch : 1.1
-    }
-};
-
-/**
- * Copies all the properties of config to obj.
- * @param {Object} obj The receiver of the properties
- * @param {Object} config The source of the properties
- * @param {Object} defaults A different object that will also be applied for default values
- * @return {Object} returns obj
- * @member Ext apply
- */
-Ext.apply = function(o, c, defaults){
-    // no "this" reference for friendly out of scope calls
-    if(defaults){
-        Ext.apply(o, defaults);
-    }
-    if(o && c && typeof c == 'object'){
-        for(var p in c){
-            o[p] = c[p];
-        }
-    }
-    return o;
-};
-
-(function(){
-    var idSeed = 0,
-        toString = Object.prototype.toString,
-        ua = navigator.userAgent.toLowerCase(),
-        check = function(r){
-            return r.test(ua);
-        },
-        DOC = document,
-        docMode = DOC.documentMode,
-        isStrict = DOC.compatMode == "CSS1Compat",
-        isOpera = check(/opera/),
-        isChrome = check(/\bchrome\b/),
-        isWebKit = check(/webkit/),
-        isSafari = !isChrome && check(/safari/),
-        isSafari2 = isSafari && check(/applewebkit\/4/), // unique to Safari 2
-        isSafari3 = isSafari && check(/version\/3/),
-        isSafari4 = isSafari && check(/version\/4/),
-        isIE = !isOpera && check(/msie/),
-        isIE7 = isIE && ((check(/msie 7/) && docMode != 8 && docMode != 9 && docMode != 10) || docMode == 7),
-        isIE8 = isIE && ((check(/msie 8/) && docMode != 7 && docMode != 9 && docMode != 10) || docMode == 8),
-        isIE9 = isIE && ((check(/msie 9/) && docMode != 7 && docMode != 8 && docMode != 10) || docMode == 9),
-        isIE10 = isIE && ((check(/msie 10/) && docMode != 7 && docMode != 8 && docMode != 9) || docMode == 10),
-        isIE6 = isIE && check(/msie 6/),
-        isIE9m = isIE && (isIE6 || isIE7 || isIE8 || isIE9),
-        isGecko = !isWebKit && check(/gecko/),
-        isGecko2 = isGecko && check(/rv:1\.8/),
-        isGecko3 = isGecko && check(/rv:1\.9/),
-        isBorderBox = isIE9m && !isStrict,
-        isWindows = check(/windows|win32/),
-        isMac = check(/macintosh|mac os x/),
-        isAir = check(/adobeair/),
-        isLinux = check(/linux/),
-        isSecure = /^https/i.test(window.location.protocol),
-        noArgs = [],
-        nonEnumerables = [],
-        emptyFn = Ext.emptyFn,
-        t = Ext.apply({}, {
-            constructor: emptyFn,
-            toString: emptyFn,
-            valueOf: emptyFn
-        }),
-        callOverrideParent = function () {
-            var method = callOverrideParent.caller.caller; // skip callParent (our caller)
-            return method.$owner.prototype[method.$name].apply(this, arguments);
-        };
-
-    if (t.constructor !== emptyFn) {
-        nonEnumerables.push('constructor');
-    }
-    if (t.toString !== emptyFn) {
-        nonEnumerables.push('toString');
-    }
-    if (t.valueOf !== emptyFn) {
-        nonEnumerables.push('valueOf');
-    }
-    if (!nonEnumerables.length) {
-        nonEnumerables = null;
-    }
-
-    // Create the abstract Base class to provide an empty constructor and callParent implementations
-    function Base () {
-        //
-    }
-
-    Ext.apply(Base, {
-        $isClass: true,
-
-        callParent: function (args) {
-            var method;
-
-            // This code is intentionally inlined for the least number of debugger stepping
-            return (method = this.callParent.caller) && (method.$previous ||
-                ((method = method.$owner ? method : method.caller) &&
-                        method.$owner.superclass.self[method.$name])).apply(this, args || noArgs);
-        }
-    });
-
-    Base.prototype = {
-        constructor: function() {
-        },
-        callParent: function(args) {
-            // NOTE: this code is deliberately as few expressions (and no function calls)
-            // as possible so that a debugger can skip over this noise with the minimum number
-            // of steps. Basically, just hit Step Into until you are where you really wanted
-            // to be.
-            var method,
-                superMethod = (method = this.callParent.caller) && (method.$previous ||
-                        ((method = method.$owner ? method : method.caller) &&
-                                method.$owner.superclass[method.$name]));
-
-            return superMethod.apply(this, args || noArgs);
-        }
-    };
-
-    // remove css image flicker
-    if(isIE6){
-        try{
-            DOC.execCommand("BackgroundImageCache", false, true);
-        }catch(e){}
-    }
-
-    Ext.apply(Ext, {
-        /**
-         * URL to a blank file used by Ext when in secure mode for iframe src and onReady src to prevent
-         * the IE insecure content warning (<tt>'about:blank'</tt>, except for IE in secure mode, which is <tt>'javascript:""'</tt>).
-         * @type String
-         */
-        SSL_SECURE_URL : isSecure && isIE ? 'javascript:""' : 'about:blank',
-        /**
-         * True if the browser is in strict (standards-compliant) mode, as opposed to quirks mode
-         * @type Boolean
-         */
-        isStrict : isStrict,
-        /**
-         * True if the page is running over SSL
-         * @type Boolean
-         */
-        isSecure : isSecure,
-        /**
-         * True when the document is fully initialized and ready for action
-         * @type Boolean
-         */
-        isReady : false,
-
-        /**
-         * True if the {@link Ext.Fx} Class is available
-         * @type Boolean
-         * @property enableFx
-         */
-
-        /**
-         * HIGHLY EXPERIMENTAL
-         * True to force css based border-box model override and turning off javascript based adjustments. This is a
-         * runtime configuration and must be set before onReady.
-         * @type Boolean
-         */
-        enableForcedBoxModel : false,
-
-        /**
-         * True to automatically uncache orphaned Ext.Elements periodically (defaults to true)
-         * @type Boolean
-         */
-        enableGarbageCollector : true,
-
-        /**
-         * True to automatically purge event listeners during garbageCollection (defaults to false).
-         * @type Boolean
-         */
-        enableListenerCollection : false,
-
-        /**
-         * EXPERIMENTAL - True to cascade listener removal to child elements when an element is removed.
-         * Currently not optimized for performance.
-         * @type Boolean
-         */
-        enableNestedListenerRemoval : false,
-
-        /**
-         * Indicates whether to use native browser parsing for JSON methods.
-         * This option is ignored if the browser does not support native JSON methods.
-         * <b>Note: Native JSON methods will not work with objects that have functions.
-         * Also, property names must be quoted, otherwise the data will not parse.</b> (Defaults to false)
-         * @type Boolean
-         */
-        USE_NATIVE_JSON : false,
-
-        /**
-         * Copies all the properties of config to obj if they don't already exist.
-         * @param {Object} obj The receiver of the properties
-         * @param {Object} config The source of the properties
-         * @return {Object} returns obj
-         */
-        applyIf : function(o, c){
-            if(o){
-                for(var p in c){
-                    if(!Ext.isDefined(o[p])){
-                        o[p] = c[p];
-                    }
-                }
-            }
-            return o;
-        },
-
-        /**
-         * Generates unique ids. If the element already has an id, it is unchanged
-         * @param {Mixed} el (optional) The element to generate an id for
-         * @param {String} prefix (optional) Id prefix (defaults "ext-gen")
-         * @return {String} The generated Id.
-         */
-        id : function(el, prefix){
-            el = Ext.getDom(el, true) || {};
-            if (!el.id) {
-                el.id = (prefix || "ext-gen") + (++idSeed);
-            }
-            return el.id;
-        },
-
-        /**
-         * <p>Extends one class to create a subclass and optionally overrides members with the passed literal. This method
-         * also adds the function "override()" to the subclass that can be used to override members of the class.</p>
-         * For example, to create a subclass of Ext GridPanel:
-         * <pre><code>
-MyGridPanel = Ext.extend(Ext.grid.GridPanel, {
-    constructor: function(config) {
-
-//      Create configuration for this Grid.
-        var store = new Ext.data.Store({...});
-        var colModel = new Ext.grid.ColumnModel({...});
-
-//      Create a new config object containing our computed properties
-//      *plus* whatever was in the config parameter.
-        config = Ext.apply({
-            store: store,
-            colModel: colModel
-        }, config);
-
-        MyGridPanel.superclass.constructor.call(this, config);
-
-//      Your postprocessing here
-    },
-
-    yourMethod: function() {
-        // etc.
-    }
-});
-</code></pre>
-         *
-         * <p>This function also supports a 3-argument call in which the subclass's constructor is
-         * passed as an argument. In this form, the parameters are as follows:</p>
-         * <div class="mdetail-params"><ul>
-         * <li><code>subclass</code> : Function <div class="sub-desc">The subclass constructor.</div></li>
-         * <li><code>superclass</code> : Function <div class="sub-desc">The constructor of class being extended</div></li>
-         * <li><code>overrides</code> : Object <div class="sub-desc">A literal with members which are copied into the subclass's
-         * prototype, and are therefore shared among all instances of the new class.</div></li>
-         * </ul></div>
-         *
-         * @param {Function} superclass The constructor of class being extended.
-         * @param {Object} overrides <p>A literal with members which are copied into the subclass's
-         * prototype, and are therefore shared between all instances of the new class.</p>
-         * <p>This may contain a special member named <tt><b>constructor</b></tt>. This is used
-         * to define the constructor of the new class, and is returned. If this property is
-         * <i>not</i> specified, a constructor is generated and returned which just calls the
-         * superclass's constructor passing on its parameters.</p>
-         * <p><b>It is essential that you call the superclass constructor in any provided constructor. See example code.</b></p>
-         * @return {Function} The subclass constructor from the <code>overrides</code> parameter, or a generated one if not provided.
-         */
-        extend : function(){
-            // inline overrides
-            var io = function(o){
-                for(var m in o){
-                    this[m] = o[m];
-                }
-            };
-            var oc = Object.prototype.constructor;
-
-            return function(sb, sp, overrides){
-                if(typeof sp == 'object'){
-                    overrides = sp;
-                    sp = sb;
-                    sb = overrides.constructor != oc ? overrides.constructor : function(){sp.apply(this, arguments);};
-                }
-                var F = function(){},
-                    sbp,
-                    spp = sp.prototype;
-
-                F.prototype = spp;
-                sbp = sb.prototype = new F();
-                sbp.constructor=sb;
-                sb.superclass=spp;
-                if(spp.constructor == oc){
-                    spp.constructor=sp;
-                }
-                sb.override = function(o){
-                    Ext.override(sb, o);
-                };
-                sbp.superclass = sbp.supr = (function(){
-                    return spp;
-                });
-                sbp.override = io;
-                Ext.override(sb, overrides);
-                sb.extend = function(o){return Ext.extend(sb, o);};
-                return sb;
-            };
-        }(),
-
-        global: (function () {
-            return this;
-        })(),
-
-        Base: Base,
-
-        namespaceCache: {},
-
-        createNamespace: function (namespaceOrClass, isClass) {
-            var cache = Ext.namespaceCache,
-                namespace = isClass ? namespaceOrClass.substring(0, namespaceOrClass.lastIndexOf('.'))
-                            : namespaceOrClass,
-                ns = cache[namespace],
-                i, n, part, parts, partials;
-
-            if (!ns) {
-                ns = Ext.global;
-                if (namespace) {
-                    partials = [];
-                    parts = namespace.split('.');
-
-                    for (i = 0, n = parts.length; i < n; ++i) {
-                        part = parts[i];
-
-                        ns = ns[part] || (ns[part] = {});
-                        partials.push(part);
-
-                        cache[partials.join('.')] = ns; // build up prefixes as we go
-                    }
-                }
-            }
-
-            return ns;
-        },
-
-        getClassByName: function (className) {
-            var parts = className.split('.'),
-                cls = Ext.global,
-                n = parts.length,
-                i;
-
-            for (i = 0; cls && i < n; ++i) {
-                cls = cls[parts[i]];
-            }
-
-            return cls || null;
-        },
-
-        addMembers: function (cls, target, members, handleNonEnumerables) {
-            var i, name, member;
-
-            for (name in members) {
-                if (members.hasOwnProperty(name)) {
-                    member = members[name];
-                    if (typeof member == 'function') {
-                        member.$owner = cls;
-                        member.$name = name;
-                    }
-
-                    target[name] = member;
-                }
-            }
-
-            if (handleNonEnumerables && nonEnumerables) {
-                for (i = nonEnumerables.length; i-- > 0; ) {
-                    name = nonEnumerables[i];
-                    if (members.hasOwnProperty(name)) {
-                        member = members[name];
-                        if (typeof member == 'function') {
-                            member.$owner = cls;
-                            member.$name = name;
-                        }
-
-                        target[name] = member;
-                    }
-                }
-            }
-        },
-
-        /**
-         * @method
-         * Defines a class or override. A basic class is defined like this:
-         *
-         *      Ext.define('My.awesome.Class', {
-         *          someProperty: 'something',
-         *
-         *          someMethod: function(s) {
-         *              alert(s + this.someProperty);
-         *          }
-         *
-         *          ...
-         *      });
-         *
-         *      var obj = new My.awesome.Class();
-         *
-         *      obj.someMethod('Say '); // alerts 'Say something'
-         *
-         * To create an anonymous class, pass `null` for the `className`:
-         * 
-         *      Ext.define(null, {
-         *          constructor: function () {
-         *              // ...
-         *          }
-         *      });
-         *
-         * In some cases, it is helpful to create a nested scope to contain some private
-         * properties. The best way to do this is to pass a function instead of an object
-         * as the second parameter. This function will be called to produce the class
-         * body:
-         * 
-         *      Ext.define('MyApp.foo.Bar', function () {
-         *          var id = 0;
-         *          
-         *          return {
-         *              nextId: function () {
-         *                  return ++id;
-         *              }
-         *          };
-         *      });
-         * 
-         * When using this form of `Ext.define`, the function is passed a reference to its
-         * class. This can be used as an efficient way to access any static properties you
-         * may have:
-         * 
-         *      Ext.define('MyApp.foo.Bar', function (Bar) {
-         *          return {
-         *              statics: {
-         *                  staticMethod: function () {
-         *                      // ...
-         *                  }
-         *              },
-         *              
-         *              method: function () {
-         *                  return Bar.staticMethod();
-         *              }
-         *          };
-         *      });
-         *
-         * To define an override, include the `override` property. The content of an
-         * override is aggregated with the specified class in order to extend or modify
-         * that class. This can be as simple as setting default property values or it can
-         * extend and/or replace methods. This can also extend the statics of the class.
-         *
-         * One use for an override is to break a large class into manageable pieces.
-         *
-         *      // File: /src/app/Panel.js
-         *
-         *      Ext.define('My.app.Panel', {
-         *          extend: 'Ext.panel.Panel',
-         *
-         *          constructor: function (config) {
-         *              this.callParent(arguments); // calls Ext.panel.Panel's constructor
-         *              //...
-         *          },
-         *
-         *          statics: {
-         *              method: function () {
-         *                  return 'abc';
-         *              }
-         *          }
-         *      });
-         *
-         *      // File: /src/app/PanelPart2.js
-         *      Ext.define('My.app.PanelPart2', {
-         *          override: 'My.app.Panel',
-         *
-         *          constructor: function (config) {
-         *              this.callParent(arguments); // calls My.app.Panel's constructor
-         *              //...
-         *          }
-         *      });
-         *
-         * Another use of overrides is to provide optional parts of classes that can be
-         * independently required. In this case, the class may even be unaware of the
-         * override altogether.
-         *
-         *      Ext.define('My.ux.CoolTip', {
-         *          override: 'Ext.tip.ToolTip',
-         *
-         *          constructor: function (config) {
-         *              this.callParent(arguments); // calls Ext.tip.ToolTip's constructor
-         *              //...
-         *          }
-         *      });
-         *
-         * Overrides can also contain statics:
-         *
-         *      Ext.define('My.app.BarMod', {
-         *          override: 'Ext.foo.Bar',
-         *
-         *          statics: {
-         *              method: function (x) {
-         *                  return this.callParent([x * 2]); // call Ext.foo.Bar.method
-         *              }
-         *          }
-         *      });
-         *
-         * @param {String} className The class name to create in string dot-namespaced format, for example:
-         * 'My.very.awesome.Class', 'FeedViewer.plugin.CoolPager'
-         * It is highly recommended to follow this simple convention:
-         *  - The root and the class name are 'CamelCased'
-         *  - Everything else is lower-cased
-         * Pass `null` to create an anonymous class.
-         * @param {Object} data The key - value pairs of properties to apply to this class. Property names can be of any valid
-         * strings, except those in the reserved listed below:
-         *  - `mixins`
-         *  - `statics`
-         *  - `config`
-         *  - `alias`
-         *  - `self`
-         *  - `singleton`
-         *  - `alternateClassName`
-         *  - `override`
-         *
-         * @param {Function} createdFn Optional callback to execute after the class is created, the execution scope of which
-         * (`this`) will be the newly created class itself.
-         * @return {Ext.Base}
-         * @markdown
-         * @member Ext
-         * @method define
-         */
-        define: function (className, body, createdFn) {
-            var override = body.override,
-                cls, extend, name, namespace;
-
-            if (override) {
-                delete body.override;
-                cls = Ext.getClassByName(override);
-                Ext.override(cls, body);
-            } else {
-                if (className) {
-                    namespace = Ext.createNamespace(className, true);
-                    name = className.substring(className.lastIndexOf('.')+1);
-                }
-
-                cls = function ctor () {
-                    this.constructor.apply(this, arguments);
-                }
-
-                if (className) {
-                    cls.displayName = className;
-                }
-                cls.$isClass = true;
-                cls.callParent = Ext.Base.callParent;
-
-                if (typeof body == 'function') {
-                    body = body(cls);
-                }
-
-                extend = body.extend;
-                if (extend) {
-                    delete body.extend;
-                    if (typeof extend == 'string') {
-                        extend = Ext.getClassByName(extend);
-                    }
-                } else {
-                    extend = Base;
-                }
-
-                Ext.extend(cls, extend, body);
-                if (cls.prototype.constructor === cls) {
-                    delete cls.prototype.constructor;
-                }
-
-                // Not extending a class which derives from Base...
-                if (!cls.prototype.$isClass) {
-                    Ext.applyIf(cls.prototype, Base.prototype);
-                }
-                cls.prototype.self = cls;
-                
-                if (body.xtype) {
-                    Ext.reg(body.xtype, cls);
-                }
-                cls = body.singleton ? new cls() : cls;
-                if (className) {
-                    namespace[name] = cls;
-                }
-            }
-
-            if (createdFn) {
-                createdFn.call(cls);
-            }
-
-            return cls;
-        },
-
-        /**
-         * Overrides members of the specified `target` with the given values.
-         *
-         * If the `target` is a function, it is assumed to be a constructor and the contents
-         * of `overrides` are applied to its `prototype` using {@link Ext#apply Ext.apply}.
-         * 
-         * If the `target` is an instance of a class created using {@link #define},
-         * the `overrides` are applied to only that instance. In this case, methods are
-         * specially processed to allow them to use {@link Ext.Base#callParent}.
-         * 
-         *      var panel = new Ext.Panel({ ... });
-         *      
-         *      Ext.override(panel, {
-         *          initComponent: function () {
-         *              // extra processing...
-         *              
-         *              this.callParent();
-         *          }
-         *      });
-         *
-         * If the `target` is none of these, the `overrides` are applied to the `target`
-         * using {@link Ext#apply Ext.apply}.
-         *
-         * Please refer to {@link Ext#define Ext.define} for further details.
-         *
-         * @param {Object} target The target to override.
-         * @param {Object} overrides The properties to add or replace on `target`. 
-         * @method override
-         */
-        override: function (target, overrides) {
-            var proto, statics;
-
-            if (overrides) {
-                if (target.$isClass) {
-                    statics = overrides.statics;
-                    if (statics) {
-                        delete overrides.statics;
-                    }
-
-                    Ext.addMembers(target, target.prototype, overrides, true);
-                    if (statics) {
-                        Ext.addMembers(target, target, statics);
-                    }
-                } else if (typeof target == 'function') {
-                    proto = target.prototype;
-                    Ext.apply(proto, overrides);
-                    if(Ext.isIE && overrides.hasOwnProperty('toString')){
-                        proto.toString = overrides.toString;
-                    }
-                } else {
-                    var owner = target.self,
-                        name, value;
-
-                    if (owner && owner.$isClass) {
-                        for (name in overrides) {
-                            if (overrides.hasOwnProperty(name)) {
-                                value = overrides[name];
-
-                                if (typeof value == 'function') {
-                                    //<debug>
-                                    if (owner.$className) {
-                                        value.displayName = owner.$className + '#' + name;
-                                    }
-                                    //</debug>
-
-                                    value.$name = name;
-                                    value.$owner = owner;
-                                    value.$previous = target.hasOwnProperty(name)
-                                        ? target[name] // already hooked, so call previous hook
-                                        : callOverrideParent; // calls by name on prototype
-                                }
-
-                                target[name] = value;
-                            }
-                        }
-                    } else {
-                        Ext.apply(target, overrides);
-
-                        if (!target.constructor.$isClass) {
-                            target.constructor.prototype.callParent = Base.prototype.callParent;
-                            target.constructor.callParent = Base.callParent;
-                        }
-                    }
-                }
-            }
-        },
-
-        /**
-         * Creates namespaces to be used for scoping variables and classes so that they are not global.
-         * Specifying the last node of a namespace implicitly creates all other nodes. Usage:
-         * <pre><code>
-Ext.namespace('Company', 'Company.data');
-Ext.namespace('Company.data'); // equivalent and preferable to above syntax
-Company.Widget = function() { ... }
-Company.data.CustomStore = function(config) { ... }
-</code></pre>
-         * @param {String} namespace1
-         * @param {String} namespace2
-         * @param {String} etc
-         * @return {Object} The namespace object. (If multiple arguments are passed, this will be the last namespace created)
-         * @method namespace
-         */
-        namespace : function(){
-            var len1 = arguments.length,
-                i = 0,
-                len2,
-                j,
-                main,
-                ns,
-                sub,
-                current;
-
-            for(; i < len1; ++i) {
-                main = arguments[i];
-                ns = arguments[i].split('.');
-                current = window[ns[0]];
-                if (current === undefined) {
-                    current = window[ns[0]] = {};
-                }
-                sub = ns.slice(1);
-                len2 = sub.length;
-                for(j = 0; j < len2; ++j) {
-                    current = current[sub[j]] = current[sub[j]] || {};
-                }
-            }
-            return current;
-        },
-
-        /**
-         * Takes an object and converts it to an encoded URL. e.g. Ext.urlEncode({foo: 1, bar: 2}); would return "foo=1&bar=2".  Optionally, property values can be arrays, instead of keys and the resulting string that's returned will contain a name/value pair for each array value.
-         * @param {Object} o
-         * @param {String} pre (optional) A prefix to add to the url encoded string
-         * @return {String}
-         */
-        urlEncode : function(o, pre){
-            var empty,
-                buf = [],
-                e = encodeURIComponent;
-
-            Ext.iterate(o, function(key, item){
-                empty = Ext.isEmpty(item);
-                Ext.each(empty ? key : item, function(val){
-                    buf.push('&', e(key), '=', (!Ext.isEmpty(val) && (val != key || !empty)) ? (Ext.isDate(val) ? Ext.encode(val).replace(/"/g, '') : e(val)) : '');
-                });
-            });
-            if(!pre){
-                buf.shift();
-                pre = '';
-            }
-            return pre + buf.join('');
-        },
-
-        /**
-         * Takes an encoded URL and and converts it to an object. Example: <pre><code>
-Ext.urlDecode("foo=1&bar=2"); // returns {foo: "1", bar: "2"}
-Ext.urlDecode("foo=1&bar=2&bar=3&bar=4", false); // returns {foo: "1", bar: ["2", "3", "4"]}
-</code></pre>
-         * @param {String} string
-         * @param {Boolean} overwrite (optional) Items of the same name will overwrite previous values instead of creating an an array (Defaults to false).
-         * @return {Object} A literal with members
-         */
-        urlDecode : function(string, overwrite){
-            if(Ext.isEmpty(string)){
-                return {};
-            }
-            var obj = {},
-                pairs = string.split('&'),
-                d = decodeURIComponent,
-                name,
-                value;
-            Ext.each(pairs, function(pair) {
-                pair = pair.split('=');
-                name = d(pair[0]);
-                value = d(pair[1]);
-                obj[name] = overwrite || !obj[name] ? value :
-                            [].concat(obj[name]).concat(value);
-            });
-            return obj;
-        },
-
-        /**
-         * Appends content to the query string of a URL, handling logic for whether to place
-         * a question mark or ampersand.
-         * @param {String} url The URL to append to.
-         * @param {String} s The content to append to the URL.
-         * @return (String) The resulting URL
-         */
-        urlAppend : function(url, s){
-            if(!Ext.isEmpty(s)){
-                return url + (url.indexOf('?') === -1 ? '?' : '&') + s;
-            }
-            return url;
-        },
-
-        /**
-         * Converts any iterable (numeric indices and a length property) into a true array
-         * Don't use this on strings. IE doesn't support "abc"[0] which this implementation depends on.
-         * For strings, use this instead: "abc".match(/./g) => [a,b,c];
-         * @param {Iterable} the iterable object to be turned into a true Array.
-         * @return (Array) array
-         */
-         toArray : function(){
-             return isIE ?
-                 function(a, i, j, res){
-                     res = [];
-                     for(var x = 0, len = a.length; x < len; x++) {
-                         res.push(a[x]);
-                     }
-                     return res.slice(i || 0, j || res.length);
-                 } :
-                 function(a, i, j){
-                     return Array.prototype.slice.call(a, i || 0, j || a.length);
-                 };
-         }(),
-
-        isIterable : function(v){
-            //check for array or arguments
-            if(Ext.isArray(v) || v.callee){
-                return true;
-            }
-            //check for node list type
-            if(/NodeList|HTMLCollection/.test(toString.call(v))){
-                return true;
-            }
-            //NodeList has an item and length property
-            //IXMLDOMNodeList has nextNode method, needs to be checked first.
-            return ((typeof v.nextNode != 'undefined' || v.item) && Ext.isNumber(v.length));
-        },
-
-        /**
-         * Iterates an array calling the supplied function.
-         * @param {Array/NodeList/Mixed} array The array to be iterated. If this
-         * argument is not really an array, the supplied function is called once.
-         * @param {Function} fn The function to be called with each item. If the
-         * supplied function returns false, iteration stops and this method returns
-         * the current <code>index</code>. This function is called with
-         * the following arguments:
-         * <div class="mdetail-params"><ul>
-         * <li><code>item</code> : <i>Mixed</i>
-         * <div class="sub-desc">The item at the current <code>index</code>
-         * in the passed <code>array</code></div></li>
-         * <li><code>index</code> : <i>Number</i>
-         * <div class="sub-desc">The current index within the array</div></li>
-         * <li><code>allItems</code> : <i>Array</i>
-         * <div class="sub-desc">The <code>array</code> passed as the first
-         * argument to <code>Ext.each</code>.</div></li>
-         * </ul></div>
-         * @param {Object} scope The scope (<code>this</code> reference) in which the specified function is executed.
-         * Defaults to the <code>item</code> at the current <code>index</code>
-         * within the passed <code>array</code>.
-         * @return See description for the fn parameter.
-         */
-        each : function(array, fn, scope){
-            if(Ext.isEmpty(array, true)){
-                return;
-            }
-            if(!Ext.isIterable(array) || Ext.isPrimitive(array)){
-                array = [array];
-            }
-            for(var i = 0, len = array.length; i < len; i++){
-                if(fn.call(scope || array[i], array[i], i, array) === false){
-                    return i;
-                };
-            }
-        },
-
-        /**
-         * Iterates either the elements in an array, or each of the properties in an object.
-         * <b>Note</b>: If you are only iterating arrays, it is better to call {@link #each}.
-         * @param {Object/Array} object The object or array to be iterated
-         * @param {Function} fn The function to be called for each iteration.
-         * The iteration will stop if the supplied function returns false, or
-         * all array elements / object properties have been covered. The signature
-         * varies depending on the type of object being interated:
-         * <div class="mdetail-params"><ul>
-         * <li>Arrays : <tt>(Object item, Number index, Array allItems)</tt>
-         * <div class="sub-desc">
-         * When iterating an array, the supplied function is called with each item.</div></li>
-         * <li>Objects : <tt>(String key, Object value, Object)</tt>
-         * <div class="sub-desc">
-         * When iterating an object, the supplied function is called with each key-value pair in
-         * the object, and the iterated object</div></li>
-         * </ul></div>
-         * @param {Object} scope The scope (<code>this</code> reference) in which the specified function is executed. Defaults to
-         * the <code>object</code> being iterated.
-         */
-        iterate : function(obj, fn, scope){
-            if(Ext.isEmpty(obj)){
-                return;
-            }
-            if(Ext.isIterable(obj)){
-                Ext.each(obj, fn, scope);
-                return;
-            }else if(typeof obj == 'object'){
-                for(var prop in obj){
-                    if(obj.hasOwnProperty(prop)){
-                        if(fn.call(scope || obj, prop, obj[prop], obj) === false){
-                            return;
-                        };
-                    }
-                }
-            }
-        },
-
-        /**
-         * Return the dom node for the passed String (id), dom node, or Ext.Element.
-         * Optional 'strict' flag is needed for IE since it can return 'name' and
-         * 'id' elements by using getElementById.
-         * Here are some examples:
-         * <pre><code>
-// gets dom node based on id
-var elDom = Ext.getDom('elId');
-// gets dom node based on the dom node
-var elDom1 = Ext.getDom(elDom);
-
-// If we don&#39;t know if we are working with an
-// Ext.Element or a dom node use Ext.getDom
-function(el){
-    var dom = Ext.getDom(el);
-    // do something with the dom node
-}
-         * </code></pre>
-         * <b>Note</b>: the dom node to be found actually needs to exist (be rendered, etc)
-         * when this method is called to be successful.
-         * @param {Mixed} el
-         * @return HTMLElement
-         */
-        getDom : function(el, strict){
-            if(!el || !DOC){
-                return null;
-            }
-            if (el.dom){
-                return el.dom;
-            } else {
-                if (typeof el == 'string') {
-                    var e = DOC.getElementById(el);
-                    // IE returns elements with the 'name' and 'id' attribute.
-                    // we do a strict check to return the element with only the id attribute
-                    if (e && isIE && strict) {
-                        if (el == e.getAttribute('id')) {
-                            return e;
-                        } else {
-                            return null;
-                        }
-                    }
-                    return e;
-                } else {
-                    return el;
-                }
-            }
-        },
-
-        /**
-         * Returns the current document body as an {@link Ext.Element}.
-         * @return Ext.Element The document body
-         */
-        getBody : function(){
-            return Ext.get(DOC.body || DOC.documentElement);
-        },
-
-        /**
-         * Returns the current document body as an {@link Ext.Element}.
-         * @return Ext.Element The document body
-         * @method
-         */
-        getHead : function() {
-            var head;
-
-            return function() {
-                if (head == undefined) {
-                    head = Ext.get(DOC.getElementsByTagName("head")[0]);
-                }
-
-                return head;
-            };
-        }(),
-
-        /**
-         * <p>Removes this element from the document, removes all DOM event listeners, and deletes the cache reference.
-         * All DOM event listeners are removed from this element. If {@link Ext#enableNestedListenerRemoval} is
-         * <code>true</code>, then DOM event listeners are also removed from all child nodes. The body node
-         * will be ignored if passed in.</p>
-         * @param {HTMLElement} node The node to remove
-         * @method
-         */
-        removeNode : isIE && !isIE8 ? function(){
-            var d;
-            return function(n){
-                if(n && n.tagName != 'BODY'){
-                    (Ext.enableNestedListenerRemoval) ? Ext.EventManager.purgeElement(n, true) : Ext.EventManager.removeAll(n);
-                    d = d || DOC.createElement('div');
-                    d.appendChild(n);
-                    d.innerHTML = '';
-                    delete Ext.elCache[n.id];
-                }
-            };
-        }() : function(n){
-            if(n && n.parentNode && n.tagName != 'BODY'){
-                (Ext.enableNestedListenerRemoval) ? Ext.EventManager.purgeElement(n, true) : Ext.EventManager.removeAll(n);
-                n.parentNode.removeChild(n);
-                delete Ext.elCache[n.id];
-            }
-        },
-
-        /**
-         * <p>Returns true if the passed value is empty.</p>
-         * <p>The value is deemed to be empty if it is<div class="mdetail-params"><ul>
-         * <li>null</li>
-         * <li>undefined</li>
-         * <li>an empty array</li>
-         * <li>a zero length string (Unless the <tt>allowBlank</tt> parameter is <tt>true</tt>)</li>
-         * </ul></div>
-         * @param {Mixed} value The value to test
-         * @param {Boolean} allowBlank (optional) true to allow empty strings (defaults to false)
-         * @return {Boolean}
-         */
-        isEmpty : function(v, allowBlank){
-            return v === null || v === undefined || ((Ext.isArray(v) && !v.length)) || (!allowBlank ? v === '' : false);
-        },
-
-        /**
-         * Returns true if the passed value is a JavaScript array, otherwise false.
-         * @param {Mixed} value The value to test
-         * @return {Boolean}
-         */
-        isArray : function(v){
-            return toString.apply(v) === '[object Array]';
-        },
-
-        /**
-         * Returns true if the passed object is a JavaScript date object, otherwise false.
-         * @param {Object} object The object to test
-         * @return {Boolean}
-         */
-        isDate : function(v){
-            return toString.apply(v) === '[object Date]';
-        },
-
-        /**
-         * Returns true if the passed value is a JavaScript Object, otherwise false.
-         * @param {Mixed} value The value to test
-         * @return {Boolean}
-         */
-        isObject : function(v){
-            return !!v && Object.prototype.toString.call(v) === '[object Object]';
-        },
-
-        /**
-         * Returns true if the passed value is a JavaScript 'primitive', a string, number or boolean.
-         * @param {Mixed} value The value to test
-         * @return {Boolean}
-         */
-        isPrimitive : function(v){
-            return Ext.isString(v) || Ext.isNumber(v) || Ext.isBoolean(v);
-        },
-
-        /**
-         * Returns true if the passed value is a JavaScript Function, otherwise false.
-         * @param {Mixed} value The value to test
-         * @return {Boolean}
-         */
-        isFunction : function(v){
-            return toString.apply(v) === '[object Function]';
-        },
-
-        /**
-         * Returns true if the passed value is a number. Returns false for non-finite numbers.
-         * @param {Mixed} value The value to test
-         * @return {Boolean}
-         */
-        isNumber : function(v){
-            return typeof v === 'number' && isFinite(v);
-        },
-
-        /**
-         * Returns true if the passed value is a string.
-         * @param {Mixed} value The value to test
-         * @return {Boolean}
-         */
-        isString : function(v){
-            return typeof v === 'string';
-        },
-
-        /**
-         * Returns true if the passed value is a boolean.
-         * @param {Mixed} value The value to test
-         * @return {Boolean}
-         */
-        isBoolean : function(v){
-            return typeof v === 'boolean';
-        },
-
-        /**
-         * Returns true if the passed value is an HTMLElement
-         * @param {Mixed} value The value to test
-         * @return {Boolean}
-         */
-        isElement : function(v) {
-            return v ? !!v.tagName : false;
-        },
-
-        /**
-         * Returns true if the passed value is not undefined.
-         * @param {Mixed} value The value to test
-         * @return {Boolean}
-         */
-        isDefined : function(v){
-            return typeof v !== 'undefined';
-        },
-
-        /**
-         * True if the detected browser is Opera.
-         * @type Boolean
-         */
-        isOpera : isOpera,
-        /**
-         * True if the detected browser uses WebKit.
-         * @type Boolean
-         */
-        isWebKit : isWebKit,
-        /**
-         * True if the detected browser is Chrome.
-         * @type Boolean
-         */
-        isChrome : isChrome,
-        /**
-         * True if the detected browser is Safari.
-         * @type Boolean
-         */
-        isSafari : isSafari,
-        /**
-         * True if the detected browser is Safari 3.x.
-         * @type Boolean
-         */
-        isSafari3 : isSafari3,
-        /**
-         * True if the detected browser is Safari 4.x.
-         * @type Boolean
-         */
-        isSafari4 : isSafari4,
-        /**
-         * True if the detected browser is Safari 2.x.
-         * @type Boolean
-         */
-        isSafari2 : isSafari2,
-        /**
-         * True if the detected browser is Internet Explorer.
-         * @type Boolean
-         */
-        isIE : isIE,
-        /**
-         * True if the detected browser is Internet Explorer 6.x.
-         * @type Boolean
-         */
-        isIE6 : isIE6,
-        /**
-         * True if the detected browser is Internet Explorer 7.x.
-         * @type Boolean
-         */
-        isIE7 : isIE7,
-        /**
-         * True if the detected browser is Internet Explorer 8.x.
-         * @type Boolean
-         */
-        isIE8 : isIE8,
-        /**
-         * True if the detected browser is Internet Explorer 9.x.
-         * @type Boolean
-         */
-        isIE9 : isIE9,
-        
-        /**
-         * True if the detected browser is Internet Explorer 10.x
-         * @type Boolean
-         */
-        isIE10 : isIE10,
-        
-        /**
-         * True if the detected browser is Internet Explorer 9.x or lower
-         * @type Boolean
-         */
-        isIE9m : isIE9m,
-        
-        /**
-         * True if the detected browser is Internet Explorer 10.x or higher
-         * @type Boolean
-         */ 
-        isIE10p : isIE && !(isIE6 || isIE7 || isIE8 || isIE9),
-        
-        // IE10 quirks behaves like Gecko/WebKit quirks, so don't include it here
-        // Used internally
-        isIEQuirks: isIE && (!isStrict && (isIE6 || isIE7 || isIE8 || isIE9)),
-                
-        /**
-         * True if the detected browser uses the Gecko layout engine (e.g. Mozilla, Firefox).
-         * @type Boolean
-         */
-        isGecko : isGecko,
-        /**
-         * True if the detected browser uses a pre-Gecko 1.9 layout engine (e.g. Firefox 2.x).
-         * @type Boolean
-         */
-        isGecko2 : isGecko2,
-        /**
-         * True if the detected browser uses a Gecko 1.9+ layout engine (e.g. Firefox 3.x).
-         * @type Boolean
-         */
-        isGecko3 : isGecko3,
-        /**
-         * True if the detected browser is Internet Explorer running in non-strict mode.
-         * @type Boolean
-         */
-        isBorderBox : isBorderBox,
-        /**
-         * True if the detected platform is Linux.
-         * @type Boolean
-         */
-        isLinux : isLinux,
-        /**
-         * True if the detected platform is Windows.
-         * @type Boolean
-         */
-        isWindows : isWindows,
-        /**
-         * True if the detected platform is Mac OS.
-         * @type Boolean
-         */
-        isMac : isMac,
-        /**
-         * True if the detected platform is Adobe Air.
-         * @type Boolean
-         */
-        isAir : isAir
-    });
-
-    /**
-     * Creates namespaces to be used for scoping variables and classes so that they are not global.
-     * Specifying the last node of a namespace implicitly creates all other nodes. Usage:
-     * <pre><code>
-Ext.namespace('Company', 'Company.data');
-Ext.namespace('Company.data'); // equivalent and preferable to above syntax
-Company.Widget = function() { ... }
-Company.data.CustomStore = function(config) { ... }
-</code></pre>
-     * @param {String} namespace1
-     * @param {String} namespace2
-     * @param {String} etc
-     * @return {Object} The namespace object. (If multiple arguments are passed, this will be the last namespace created)
-     * @method ns
-     */
-    Ext.ns = Ext.namespace;
-})();
-
-Ext.ns('Ext.util', 'Ext.lib', 'Ext.data', 'Ext.supports');
-
-Ext.elCache = {};
-
-/**
- * @class Function
- * These functions are available on every Function object (any JavaScript function).
- */
-Ext.apply(Function.prototype, {
-     /**
-     * Creates an interceptor function. The passed function is called before the original one. If it returns false,
-     * the original one is not called. The resulting function returns the results of the original function.
-     * The passed function is called with the parameters of the original function. Example usage:
-     * <pre><code>
-var sayHi = function(name){
-    alert('Hi, ' + name);
-}
-
-sayHi('Fred'); // alerts "Hi, Fred"
-
-// create a new function that validates input without
-// directly modifying the original function:
-var sayHiToFriend = sayHi.createInterceptor(function(name){
-    return name == 'Brian';
-});
-
-sayHiToFriend('Fred');  // no alert
-sayHiToFriend('Brian'); // alerts "Hi, Brian"
-</code></pre>
-     * @param {Function} fcn The function to call before the original
-     * @param {Object} scope (optional) The scope (<code><b>this</b></code> reference) in which the passed function is executed.
-     * <b>If omitted, defaults to the scope in which the original function is called or the browser window.</b>
-     * @return {Function} The new function
-     */
-    createInterceptor : function(fcn, scope){
-        var method = this;
-        return !Ext.isFunction(fcn) ?
-                this :
-                function() {
-                    var me = this,
-                        args = arguments;
-                    fcn.target = me;
-                    fcn.method = method;
-                    return (fcn.apply(scope || me || window, args) !== false) ?
-                            method.apply(me || window, args) :
-                            null;
-                };
-    },
-
-     /**
-     * Creates a callback that passes arguments[0], arguments[1], arguments[2], ...
-     * Call directly on any function. Example: <code>myFunction.createCallback(arg1, arg2)</code>
-     * Will create a function that is bound to those 2 args. <b>If a specific scope is required in the
-     * callback, use {@link #createDelegate} instead.</b> The function returned by createCallback always
-     * executes in the window scope.
-     * <p>This method is required when you want to pass arguments to a callback function.  If no arguments
-     * are needed, you can simply pass a reference to the function as a callback (e.g., callback: myFn).
-     * However, if you tried to pass a function with arguments (e.g., callback: myFn(arg1, arg2)) the function
-     * would simply execute immediately when the code is parsed. Example usage:
-     * <pre><code>
-var sayHi = function(name){
-    alert('Hi, ' + name);
-}
-
-// clicking the button alerts "Hi, Fred"
-new Ext.Button({
-    text: 'Say Hi',
-    renderTo: Ext.getBody(),
-    handler: sayHi.createCallback('Fred')
-});
-</code></pre>
-     * @return {Function} The new function
-    */
-    createCallback : function(/*args...*/){
-        // make args available, in function below
-        var args = arguments,
-            method = this;
-        return function() {
-            return method.apply(window, args);
-        };
-    },
-
-    /**
-     * Creates a delegate (callback) that sets the scope to obj.
-     * Call directly on any function. Example: <code>this.myFunction.createDelegate(this, [arg1, arg2])</code>
-     * Will create a function that is automatically scoped to obj so that the <tt>this</tt> variable inside the
-     * callback points to obj. Example usage:
-     * <pre><code>
-var sayHi = function(name){
-    // Note this use of "this.text" here.  This function expects to
-    // execute within a scope that contains a text property.  In this
-    // example, the "this" variable is pointing to the btn object that
-    // was passed in createDelegate below.
-    alert('Hi, ' + name + '. You clicked the "' + this.text + '" button.');
-}
-
-var btn = new Ext.Button({
-    text: 'Say Hi',
-    renderTo: Ext.getBody()
-});
-
-// This callback will execute in the scope of the
-// button instance. Clicking the button alerts
-// "Hi, Fred. You clicked the "Say Hi" button."
-btn.on('click', sayHi.createDelegate(btn, ['Fred']));
-</code></pre>
-     * @param {Object} scope (optional) The scope (<code><b>this</b></code> reference) in which the function is executed.
-     * <b>If omitted, defaults to the browser window.</b>
-     * @param {Array} args (optional) Overrides arguments for the call. (Defaults to the arguments passed by the caller)
-     * @param {Boolean/Number} appendArgs (optional) if True args are appended to call args instead of overriding,
-     * if a number the args are inserted at the specified position
-     * @return {Function} The new function
-     */
-    createDelegate : function(obj, args, appendArgs){
-        var method = this;
-        return function() {
-            var callArgs = args || arguments;
-            if (appendArgs === true){
-                callArgs = Array.prototype.slice.call(arguments, 0);
-                callArgs = callArgs.concat(args);
-            }else if (Ext.isNumber(appendArgs)){
-                callArgs = Array.prototype.slice.call(arguments, 0); // copy arguments first
-                var applyArgs = [appendArgs, 0].concat(args); // create method call params
-                Array.prototype.splice.apply(callArgs, applyArgs); // splice them in
-            }
-            return method.apply(obj || window, callArgs);
-        };
-    },
-
-    /**
-     * Calls this function after the number of millseconds specified, optionally in a specific scope. Example usage:
-     * <pre><code>
-var sayHi = function(name){
-    alert('Hi, ' + name);
-}
-
-// executes immediately:
-sayHi('Fred');
-
-// executes after 2 seconds:
-sayHi.defer(2000, this, ['Fred']);
-
-// this syntax is sometimes useful for deferring
-// execution of an anonymous function:
-(function(){
-    alert('Anonymous');
-}).defer(100);
-</code></pre>
-     * @param {Number} millis The number of milliseconds for the setTimeout call (if less than or equal to 0 the function is executed immediately)
-     * @param {Object} scope (optional) The scope (<code><b>this</b></code> reference) in which the function is executed.
-     * <b>If omitted, defaults to the browser window.</b>
-     * @param {Array} args (optional) Overrides arguments for the call. (Defaults to the arguments passed by the caller)
-     * @param {Boolean/Number} appendArgs (optional) if True args are appended to call args instead of overriding,
-     * if a number the args are inserted at the specified position
-     * @return {Number} The timeout id that can be used with clearTimeout
-     */
-    defer : function(millis, obj, args, appendArgs){
-        var fn = this.createDelegate(obj, args, appendArgs);
-        if(millis > 0){
-            return setTimeout(fn, millis);
-        }
-        fn();
-        return 0;
-    }
-});
-
-/**
- * @class String
- * These functions are available on every String object.
- */
-Ext.applyIf(String, {
-    /**
-     * Allows you to define a tokenized string and pass an arbitrary number of arguments to replace the tokens.  Each
-     * token must be unique, and must increment in the format {0}, {1}, etc.  Example usage:
-     * <pre><code>
-var cls = 'my-class', text = 'Some text';
-var s = String.format('&lt;div class="{0}">{1}&lt;/div>', cls, text);
-// s now contains the string: '&lt;div class="my-class">Some text&lt;/div>'
-     * </code></pre>
-     * @param {String} string The tokenized string to be formatted
-     * @param {String} value1 The value to replace token {0}
-     * @param {String} value2 Etc...
-     * @return {String} The formatted string
-     * @static
-     */
-    format : function(format){
-        var args = Ext.toArray(arguments, 1);
-        return format.replace(/\{(\d+)\}/g, function(m, i){
-            return args[i];
-        });
-    }
-});
-
-/**
- * @class Array
- */
-Ext.applyIf(Array.prototype, {
-    /**
-     * Checks whether or not the specified object exists in the array.
-     * @param {Object} o The object to check for
-     * @param {Number} from (Optional) The index at which to begin the search
-     * @return {Number} The index of o in the array (or -1 if it is not found)
-     */
-    indexOf : function(o, from){
-        var len = this.length;
-        from = from || 0;
-        from += (from < 0) ? len : 0;
-        for (; from < len; ++from){
-            if(this[from] === o){
-                return from;
-            }
-        }
-        return -1;
-    },
-
-    /**
-     * Removes the specified object from the array.  If the object is not found nothing happens.
-     * @param {Object} o The object to remove
-     * @return {Array} this array
-     */
-    remove : function(o){
-        var index = this.indexOf(o);
-        if(index != -1){
-            this.splice(index, 1);
-        }
-        return this;
-    }
-});
-/**
- * @class Ext.util.TaskRunner
- * Provides the ability to execute one or more arbitrary tasks in a multithreaded
- * manner.  Generally, you can use the singleton {@link Ext.TaskMgr} instead, but
- * if needed, you can create separate instances of TaskRunner.  Any number of
- * separate tasks can be started at any time and will run independently of each
- * other. Example usage:
- * <pre><code>
-// Start a simple clock task that updates a div once per second
-var updateClock = function(){
-    Ext.fly('clock').update(new Date().format('g:i:s A'));
-} 
-var task = {
-    run: updateClock,
-    interval: 1000 //1 second
-}
-var runner = new Ext.util.TaskRunner();
-runner.start(task);
-
-// equivalent using TaskMgr
-Ext.TaskMgr.start({
-    run: updateClock,
-    interval: 1000
-});
-
- * </code></pre>
- * <p>See the {@link #start} method for details about how to configure a task object.</p>
- * Also see {@link Ext.util.DelayedTask}. 
- * 
- * @constructor
- * @param {Number} interval (optional) The minimum precision in milliseconds supported by this TaskRunner instance
- * (defaults to 10)
- */
-Ext.util.TaskRunner = function(interval){
-    interval = interval || 10;
-    var tasks = [], 
-    	removeQueue = [],
-    	id = 0,
-    	running = false,
-
-    	// private
-    	stopThread = function(){
-	        running = false;
-	        clearInterval(id);
-	        id = 0;
-	    },
-
-    	// private
-    	startThread = function(){
-	        if(!running){
-	            running = true;
-	            id = setInterval(runTasks, interval);
-	        }
-	    },
-
-    	// private
-    	removeTask = function(t){
-	        removeQueue.push(t);
-	        if(t.onStop){
-	            t.onStop.apply(t.scope || t);
-	        }
-	    },
-	    
-    	// private
-    	runTasks = function(){
-	    	var rqLen = removeQueue.length,
-	    		now = new Date().getTime();	    			    		
-	    
-	        if(rqLen > 0){
-	            for(var i = 0; i < rqLen; i++){
-	                tasks.remove(removeQueue[i]);
-	            }
-	            removeQueue = [];
-	            if(tasks.length < 1){
-	                stopThread();
-	                return;
-	            }
-	        }	        
-	        for(var i = 0, t, itime, rt, len = tasks.length; i < len; ++i){
-	            t = tasks[i];
-	            itime = now - t.taskRunTime;
-	            if(t.interval <= itime){
-	                rt = t.run.apply(t.scope || t, t.args || [++t.taskRunCount]);
-	                t.taskRunTime = now;
-	                if(rt === false || t.taskRunCount === t.repeat){
-	                    removeTask(t);
-	                    return;
-	                }
-	            }
-	            if(t.duration && t.duration <= (now - t.taskStartTime)){
-	                removeTask(t);
-	            }
-	        }
-	    };
-
-    /**
-     * Starts a new task.
-     * @method start
-     * @param {Object} task <p>A config object that supports the following properties:<ul>
-     * <li><code>run</code> : Function<div class="sub-desc"><p>The function to execute each time the task is invoked. The
-     * function will be called at each interval and passed the <code>args</code> argument if specified, and the
-     * current invocation count if not.</p>
-     * <p>If a particular scope (<code>this</code> reference) is required, be sure to specify it using the <code>scope</code> argument.</p>
-     * <p>Return <code>false</code> from this function to terminate the task.</p></div></li>
-     * <li><code>interval</code> : Number<div class="sub-desc">The frequency in milliseconds with which the task
-     * should be invoked.</div></li>
-     * <li><code>args</code> : Array<div class="sub-desc">(optional) An array of arguments to be passed to the function
-     * specified by <code>run</code>. If not specified, the current invocation count is passed.</div></li>
-     * <li><code>scope</code> : Object<div class="sub-desc">(optional) The scope (<tt>this</tt> reference) in which to execute the
-     * <code>run</code> function. Defaults to the task config object.</div></li>
-     * <li><code>duration</code> : Number<div class="sub-desc">(optional) The length of time in milliseconds to invoke
-     * the task before stopping automatically (defaults to indefinite).</div></li>
-     * <li><code>repeat</code> : Number<div class="sub-desc">(optional) The number of times to invoke the task before
-     * stopping automatically (defaults to indefinite).</div></li>
-     * </ul></p>
-     * <p>Before each invocation, Ext injects the property <code>taskRunCount</code> into the task object so
-     * that calculations based on the repeat count can be performed.</p>
-     * @return {Object} The task
-     */
-    this.start = function(task){
-        tasks.push(task);
-        task.taskStartTime = new Date().getTime();
-        task.taskRunTime = 0;
-        task.taskRunCount = 0;
-        startThread();
-        return task;
-    };
-
-    /**
-     * Stops an existing running task.
-     * @method stop
-     * @param {Object} task The task to stop
-     * @return {Object} The task
-     */
-    this.stop = function(task){
-        removeTask(task);
-        return task;
-    };
-
-    /**
-     * Stops all tasks that are currently running.
-     * @method stopAll
-     */
-    this.stopAll = function(){
-        stopThread();
-        for(var i = 0, len = tasks.length; i < len; i++){
-            if(tasks[i].onStop){
-                tasks[i].onStop();
-            }
-        }
-        tasks = [];
-        removeQueue = [];
-    };
-};
-
-/**
- * @class Ext.TaskMgr
- * @extends Ext.util.TaskRunner
- * A static {@link Ext.util.TaskRunner} instance that can be used to start and stop arbitrary tasks.  See
- * {@link Ext.util.TaskRunner} for supported methods and task config properties.
- * <pre><code>
-// Start a simple clock task that updates a div once per second
-var task = {
-    run: function(){
-        Ext.fly('clock').update(new Date().format('g:i:s A'));
-    },
-    interval: 1000 //1 second
-}
-Ext.TaskMgr.start(task);
-</code></pre>
- * <p>See the {@link #start} method for details about how to configure a task object.</p>
- * @singleton
- */
-Ext.TaskMgr = new Ext.util.TaskRunner();(function(){
-	var libFlyweight;
-	
-	function fly(el) {
-        if (!libFlyweight) {
-            libFlyweight = new Ext.Element.Flyweight();
-        }
-        libFlyweight.dom = el;
-        return libFlyweight;
-    }
-    
-    (function(){
-	var doc = document,
-		isCSS1 = doc.compatMode == "CSS1Compat",
-		MAX = Math.max,		
-        ROUND = Math.round,
-		PARSEINT = parseInt;
-		
-	Ext.lib.Dom = {
-	    isAncestor : function(p, c) {
-		    var ret = false;
-			
-			p = Ext.getDom(p);
-			c = Ext.getDom(c);
-			if (p && c) {
-				if (p.contains) {
-					return p.contains(c);
-				} else if (p.compareDocumentPosition) {
-					return !!(p.compareDocumentPosition(c) & 16);
-				} else {
-					while (c = c.parentNode) {
-						ret = c == p || ret;	        			
-					}
-				}	            
-			}	
-			return ret;
-		},
-		
-        getViewWidth : function(full) {
-            return full ? this.getDocumentWidth() : this.getViewportWidth();
-        },
-
-        getViewHeight : function(full) {
-            return full ? this.getDocumentHeight() : this.getViewportHeight();
-        },
-
-        getDocumentHeight: function() {            
-            return MAX(!isCSS1 ? doc.body.scrollHeight : doc.documentElement.scrollHeight, this.getViewportHeight());
-        },
-
-        getDocumentWidth: function() {            
-            return MAX(!isCSS1 ? doc.body.scrollWidth : doc.documentElement.scrollWidth, this.getViewportWidth());
-        },
-
-        getViewportHeight: function(){
-	        return Ext.isIE9m ? 
-	        	   (Ext.isStrict ? doc.documentElement.clientHeight : doc.body.clientHeight) :
-	        	   self.innerHeight;
-        },
-
-        getViewportWidth : function() {
-	        return !Ext.isStrict && !Ext.isOpera ? doc.body.clientWidth :
-	        	   Ext.isIE9m ? doc.documentElement.clientWidth : self.innerWidth;
-        },
-        
-        getY : function(el) {
-            return this.getXY(el)[1];
-        },
-
-        getX : function(el) {
-            return this.getXY(el)[0];
-        },
-
-        getXY : function(el) {
-            var p, 
-            	pe, 
-            	b,
-            	bt, 
-            	bl,     
-            	dbd,       	
-            	x = 0,
-            	y = 0, 
-            	scroll,
-            	hasAbsolute, 
-            	bd = (doc.body || doc.documentElement),
-            	ret = [0,0];
-            	
-            el = Ext.getDom(el);
-
-            if(el != bd){
-	            if (el.getBoundingClientRect) {
-	                b = el.getBoundingClientRect();
-	                scroll = fly(document).getScroll();
-	                ret = [ROUND(b.left + scroll.left), ROUND(b.top + scroll.top)];
-	            } else {  
-		            p = el;		
-		            hasAbsolute = fly(el).isStyle("position", "absolute");
-		
-		            while (p) {
-			            pe = fly(p);		
-		                x += p.offsetLeft;
-		                y += p.offsetTop;
-		
-		                hasAbsolute = hasAbsolute || pe.isStyle("position", "absolute");
-		                		
-		                if (Ext.isGecko) {		                    
-		                    y += bt = PARSEINT(pe.getStyle("borderTopWidth"), 10) || 0;
-		                    x += bl = PARSEINT(pe.getStyle("borderLeftWidth"), 10) || 0;	
-		
-		                    if (p != el && !pe.isStyle('overflow','visible')) {
-		                        x += bl;
-		                        y += bt;
-		                    }
-		                }
-		                p = p.offsetParent;
-		            }
-		
-		            if (Ext.isSafari && hasAbsolute) {
-		                x -= bd.offsetLeft;
-		                y -= bd.offsetTop;
-		            }
-		
-		            if (Ext.isGecko && !hasAbsolute) {
-		                dbd = fly(bd);
-		                x += PARSEINT(dbd.getStyle("borderLeftWidth"), 10) || 0;
-		                y += PARSEINT(dbd.getStyle("borderTopWidth"), 10) || 0;
-		            }
-		
-		            p = el.parentNode;
-		            while (p && p != bd) {
-		                if (!Ext.isOpera || (p.tagName != 'TR' && !fly(p).isStyle("display", "inline"))) {
-		                    x -= p.scrollLeft;
-		                    y -= p.scrollTop;
-		                }
-		                p = p.parentNode;
-		            }
-		            ret = [x,y];
-	            }
-         	}
-            return ret;
-        },
-
-        setXY : function(el, xy) {
-            (el = Ext.fly(el, '_setXY')).position();
-            
-            var pts = el.translatePoints(xy),
-            	style = el.dom.style,
-            	pos;            	
-            
-            for (pos in pts) {	            
-	            if (!isNaN(pts[pos])) {
-	                style[pos] = pts[pos] + "px";
-                }
-            }
-        },
-
-        setX : function(el, x) {
-            this.setXY(el, [x, false]);
-        },
-
-        setY : function(el, y) {
-            this.setXY(el, [false, y]);
-        }
-    };
-})();Ext.lib.Event = function() {
-    var loadComplete = false,
-        unloadListeners = {},
-        retryCount = 0,
-        onAvailStack = [],
-        _interval,
-        locked = false,
-        win = window,
-        doc = document,
-
-        // constants
-        POLL_RETRYS = 200,
-        POLL_INTERVAL = 20,
-        TYPE = 0,
-        FN = 1,
-        OBJ = 2,
-        ADJ_SCOPE = 3,
-        SCROLLLEFT = 'scrollLeft',
-        SCROLLTOP = 'scrollTop',
-        UNLOAD = 'unload',
-        MOUSEOVER = 'mouseover',
-        MOUSEOUT = 'mouseout',
-        // private
-        doAdd = function() {
-            var ret;
-            if (win.addEventListener) {
-                ret = function(el, eventName, fn, capture) {
-                    if (eventName == 'mouseenter') {
-                        fn = fn.createInterceptor(checkRelatedTarget);
-                        el.addEventListener(MOUSEOVER, fn, (capture));
-                    } else if (eventName == 'mouseleave') {
-                        fn = fn.createInterceptor(checkRelatedTarget);
-                        el.addEventListener(MOUSEOUT, fn, (capture));
-                    } else {
-                        el.addEventListener(eventName, fn, (capture));
-                    }
-                    return fn;
-                };
-            } else if (win.attachEvent) {
-                ret = function(el, eventName, fn, capture) {
-                    el.attachEvent("on" + eventName, fn);
-                    return fn;
-                };
-            } else {
-                ret = function(){};
-            }
-            return ret;
-        }(),
-        // private
-        doRemove = function(){
-            var ret;
-            if (win.removeEventListener) {
-                ret = function (el, eventName, fn, capture) {
-                    if (eventName == 'mouseenter') {
-                        eventName = MOUSEOVER;
-                    } else if (eventName == 'mouseleave') {
-                        eventName = MOUSEOUT;
-                    }
-                    el.removeEventListener(eventName, fn, (capture));
-                };
-            } else if (win.detachEvent) {
-                ret = function (el, eventName, fn) {
-                    el.detachEvent("on" + eventName, fn);
-                };
-            } else {
-                ret = function(){};
-            }
-            return ret;
-        }();
-
-    function checkRelatedTarget(e) {
-        return !elContains(e.currentTarget, pub.getRelatedTarget(e));
-    }
-
-    function elContains(parent, child) {
-       if(parent && parent.firstChild){
-         while(child) {
-            if(child === parent) {
-                return true;
-            }
-            child = child.parentNode;
-            if(child && (child.nodeType != 1)) {
-                child = null;
-            }
-          }
-        }
-        return false;
-    }
-
-    // private
-    function _tryPreloadAttach() {
-        var ret = false,
-            notAvail = [],
-            element, i, v, override,
-            tryAgain = !loadComplete || (retryCount > 0);
-
-        if(!locked){
-            locked = true;
-            
-            for(i = 0; i < onAvailStack.length; ++i){
-                v = onAvailStack[i];
-                if(v && (element = doc.getElementById(v.id))){
-                    if(!v.checkReady || loadComplete || element.nextSibling || (doc && doc.body)) {
-                        override = v.override;
-                        element = override ? (override === true ? v.obj : override) : element;
-                        v.fn.call(element, v.obj);
-                        onAvailStack.remove(v);
-                        --i;
-                    }else{
-                        notAvail.push(v);
-                    }
-                }
-            }
-
-            retryCount = (notAvail.length === 0) ? 0 : retryCount - 1;
-
-            if (tryAgain) {
-                startInterval();
-            } else {
-                clearInterval(_interval);
-                _interval = null;
-            }
-            ret = !(locked = false);
-        }
-        return ret;
-    }
-
-    // private
-    function startInterval() {
-        if(!_interval){
-            var callback = function() {
-                _tryPreloadAttach();
-            };
-            _interval = setInterval(callback, POLL_INTERVAL);
-        }
-    }
-
-    // private
-    function getScroll() {
-        var dd = doc.documentElement,
-            db = doc.body;
-        if(dd && (dd[SCROLLTOP] || dd[SCROLLLEFT])){
-            return [dd[SCROLLLEFT], dd[SCROLLTOP]];
-        }else if(db){
-            return [db[SCROLLLEFT], db[SCROLLTOP]];
-        }else{
-            return [0, 0];
-        }
-    }
-
-    // private
-    function getPageCoord (ev, xy) {
-        ev = ev.browserEvent || ev;
-        var coord  = ev['page' + xy];
-        if (!coord && coord !== 0) {
-            coord = ev['client' + xy] || 0;
-
-            if (Ext.isIE) {
-                coord += getScroll()[xy == "X" ? 0 : 1];
-            }
-        }
-
-        return coord;
-    }
-
-    var pub =  {
-        extAdapter: true,
-        onAvailable : function(p_id, p_fn, p_obj, p_override) {
-            onAvailStack.push({
-                id:         p_id,
-                fn:         p_fn,
-                obj:        p_obj,
-                override:   p_override,
-                checkReady: false });
-
-            retryCount = POLL_RETRYS;
-            startInterval();
-        },
-
-        // This function should ALWAYS be called from Ext.EventManager
-        addListener: function(el, eventName, fn) {
-            el = Ext.getDom(el);
-            if (el && fn) {
-                if (eventName == UNLOAD) {
-                    if (unloadListeners[el.id] === undefined) {
-                        unloadListeners[el.id] = [];
-                    }
-                    unloadListeners[el.id].push([eventName, fn]);
-                    return fn;
-                }
-                return doAdd(el, eventName, fn, false);
-            }
-            return false;
-        },
-
-        // This function should ALWAYS be called from Ext.EventManager
-        removeListener: function(el, eventName, fn) {
-            el = Ext.getDom(el);
-            var i, len, li, lis;
-            if (el && fn) {
-                if(eventName == UNLOAD){
-                    if((lis = unloadListeners[el.id]) !== undefined){
-                        for(i = 0, len = lis.length; i < len; i++){
-                            if((li = lis[i]) && li[TYPE] == eventName && li[FN] == fn){
-                                unloadListeners[el.id].splice(i, 1);
-                            }
-                        }
-                    }
-                    return;
-                }
-                doRemove(el, eventName, fn, false);
-            }
-        },
-
-        getTarget : function(ev) {
-            ev = ev.browserEvent || ev;
-            return this.resolveTextNode(ev.target || ev.srcElement);
-        },
-
-        resolveTextNode : Ext.isGecko ? function(node){
-            if(!node){
-                return;
-            }
-            // work around firefox bug, https://bugzilla.mozilla.org/show_bug.cgi?id=101197
-            var s = HTMLElement.prototype.toString.call(node);
-            if(s == '[xpconnect wrapped native prototype]' || s == '[object XULElement]'){
-                return;
-            }
-            return node.nodeType == 3 ? node.parentNode : node;
-        } : function(node){
-            return node && node.nodeType == 3 ? node.parentNode : node;
-        },
-
-        getRelatedTarget : function(ev) {
-            ev = ev.browserEvent || ev;
-            return this.resolveTextNode(ev.relatedTarget ||
-                (/(mouseout|mouseleave)/.test(ev.type) ? ev.toElement :
-                 /(mouseover|mouseenter)/.test(ev.type) ? ev.fromElement : null));
-        },
-
-        getPageX : function(ev) {
-            return getPageCoord(ev, "X");
-        },
-
-        getPageY : function(ev) {
-            return getPageCoord(ev, "Y");
-        },
-
-
-        getXY : function(ev) {
-            return [this.getPageX(ev), this.getPageY(ev)];
-        },
-
-        stopEvent : function(ev) {
-            this.stopPropagation(ev);
-            this.preventDefault(ev);
-        },
-
-        stopPropagation : function(ev) {
-            ev = ev.browserEvent || ev;
-            if (ev.stopPropagation) {
-                ev.stopPropagation();
-            } else {
-                ev.cancelBubble = true;
-            }
-        },
-
-        preventDefault : function(ev) {
-            ev = ev.browserEvent || ev;
-            if (ev.preventDefault) {
-                ev.preventDefault();
-            } else {
-                if (ev.keyCode) {
-                    ev.keyCode = 0;
-                }
-                ev.returnValue = false;
-            }
-        },
-
-        getEvent : function(e) {
-            e = e || win.event;
-            if (!e) {
-                var c = this.getEvent.caller;
-                while (c) {
-                    e = c.arguments[0];
-                    if (e && Event == e.constructor) {
-                        break;
-                    }
-                    c = c.caller;
-                }
-            }
-            return e;
-        },
-
-        getCharCode : function(ev) {
-            ev = ev.browserEvent || ev;
-            return ev.charCode || ev.keyCode || 0;
-        },
-
-        //clearCache: function() {},
-        // deprecated, call from EventManager
-        getListeners : function(el, eventName) {
-            Ext.EventManager.getListeners(el, eventName);
-        },
-
-        // deprecated, call from EventManager
-        purgeElement : function(el, recurse, eventName) {
-            Ext.EventManager.purgeElement(el, recurse, eventName);
-        },
-
-        _load : function(e) {
-            loadComplete = true;
-            
-            if (Ext.isIE9m && e !== true) {
-                // IE8 complains that _load is null or not an object
-                // so lets remove self via arguments.callee
-                doRemove(win, "load", arguments.callee);
-            }
-        },
-
-        _unload : function(e) {
-             var EU = Ext.lib.Event,
-                i, v, ul, id, len, scope;
-
-            for (id in unloadListeners) {
-                ul = unloadListeners[id];
-                for (i = 0, len = ul.length; i < len; i++) {
-                    v = ul[i];
-                    if (v) {
-                        try{
-                            scope = v[ADJ_SCOPE] ? (v[ADJ_SCOPE] === true ? v[OBJ] : v[ADJ_SCOPE]) :  win;
-                            v[FN].call(scope, EU.getEvent(e), v[OBJ]);
-                        }catch(ex){}
-                    }
-                }
-            };
-
-            Ext.EventManager._unload();
-
-            doRemove(win, UNLOAD, EU._unload);
-        }
-    };
-
-    // Initialize stuff.
-    pub.on = pub.addListener;
-    pub.un = pub.removeListener;
-    if (doc && doc.body) {
-        pub._load(true);
-    } else {
-        doAdd(win, "load", pub._load);
-    }
-    doAdd(win, UNLOAD, pub._unload);
-    _tryPreloadAttach();
-
-    return pub;
-}();
-/*
-* Portions of this file are based on pieces of Yahoo User Interface Library
-* Copyright (c) 2007, Yahoo! Inc. All rights reserved.
-* YUI licensed under the BSD License:
-* http://developer.yahoo.net/yui/license.txt
-*/
-Ext.lib.Ajax = function() {
-    var activeX = ['Msxml2.XMLHTTP.3.0',
-                   'Msxml2.XMLHTTP'],
-        CONTENTTYPE = 'Content-Type';
-
-    // private
-    function setHeader(o) {
-        var conn = o.conn,
-            prop,
-            headers = {};
-
-        function setTheHeaders(conn, headers){
-            for (prop in headers) {
-                if (headers.hasOwnProperty(prop)) {
-                    conn.setRequestHeader(prop, headers[prop]);
-                }
-            }
-        }
-
-        Ext.apply(headers, pub.headers, pub.defaultHeaders);
-        setTheHeaders(conn, headers);
-        delete pub.headers;
-    }
-
-    // private
-    function createExceptionObject(tId, callbackArg, isAbort, isTimeout) {
-        return {
-            tId : tId,
-            status : isAbort ? -1 : 0,
-            statusText : isAbort ? 'transaction aborted' : 'communication failure',
-            isAbort: isAbort,
-            isTimeout: isTimeout,
-            argument : callbackArg
-        };
-    }
-
-    // private
-    function initHeader(label, value) {
-        (pub.headers = pub.headers || {})[label] = value;
-    }
-
-    // private
-    function createResponseObject(o, callbackArg) {
-        var headerObj = {},
-            headerStr,
-            conn = o.conn,
-            t,
-            s,
-            // see: https://prototype.lighthouseapp.com/projects/8886/tickets/129-ie-mangles-http-response-status-code-204-to-1223
-            isBrokenStatus = conn.status == 1223;
-
-        try {
-            headerStr = o.conn.getAllResponseHeaders();
-            Ext.each(headerStr.replace(/\r\n/g, '\n').split('\n'), function(v){
-                t = v.indexOf(':');
-                if(t >= 0){
-                    s = v.substr(0, t).toLowerCase();
-                    if(v.charAt(t + 1) == ' '){
-                        ++t;
-                    }
-                    headerObj[s] = v.substr(t + 1);
-                }
-            });
-        } catch(e) {}
-
-        return {
-            tId : o.tId,
-            // Normalize the status and statusText when IE returns 1223, see the above link.
-            status : isBrokenStatus ? 204 : conn.status,
-            statusText : isBrokenStatus ? 'No Content' : conn.statusText,
-            getResponseHeader : function(header){return headerObj[header.toLowerCase()];},
-            getAllResponseHeaders : function(){return headerStr;},
-            responseText : conn.responseText,
-            responseXML : conn.responseXML,
-            argument : callbackArg
-        };
-    }
-
-    // private
-    function releaseObject(o) {
-        if (o.tId) {
-            pub.conn[o.tId] = null;
-        }
-        o.conn = null;
-        o = null;
-    }
-
-    // private
-    function handleTransactionResponse(o, callback, isAbort, isTimeout) {
-        if (!callback) {
-            releaseObject(o);
-            return;
-        }
-
-        var httpStatus, responseObject;
-
-        try {
-            if (o.conn.status !== undefined && o.conn.status != 0) {
-                httpStatus = o.conn.status;
-            }
-            else {
-                httpStatus = 13030;
-            }
-        }
-        catch(e) {
-            httpStatus = 13030;
-        }
-
-        if ((httpStatus >= 200 && httpStatus < 300) || (Ext.isIE && httpStatus == 1223)) {
-            responseObject = createResponseObject(o, callback.argument);
-            if (callback.success) {
-                if (!callback.scope) {
-                    callback.success(responseObject);
-                }
-                else {
-                    callback.success.apply(callback.scope, [responseObject]);
-                }
-            }
-        }
-        else {
-            switch (httpStatus) {
-                case 12002:
-                case 12029:
-                case 12030:
-                case 12031:
-                case 12152:
-                case 13030:
-                    responseObject = createExceptionObject(o.tId, callback.argument, (isAbort ? isAbort : false), isTimeout);
-                    if (callback.failure) {
-                        if (!callback.scope) {
-                            callback.failure(responseObject);
-                        }
-                        else {
-                            callback.failure.apply(callback.scope, [responseObject]);
-                        }
-                    }
-                    break;
-                default:
-                    responseObject = createResponseObject(o, callback.argument);
-                    if (callback.failure) {
-                        if (!callback.scope) {
-                            callback.failure(responseObject);
-                        }
-                        else {
-                            callback.failure.apply(callback.scope, [responseObject]);
-                        }
-                    }
-            }
-        }
-
-        releaseObject(o);
-        responseObject = null;
-    }
-    
-    function checkResponse(o, callback, conn, tId, poll, cbTimeout){
-        if (conn && conn.readyState == 4) {
-            clearInterval(poll[tId]);
-            poll[tId] = null;
-
-            if (cbTimeout) {
-                clearTimeout(pub.timeout[tId]);
-                pub.timeout[tId] = null;
-            }
-            handleTransactionResponse(o, callback);
-        }
-    }
-    
-    function checkTimeout(o, callback){
-        pub.abort(o, callback, true);
-    }
-    
-
-    // private
-    function handleReadyState(o, callback){
-        callback = callback || {};
-        var conn = o.conn,
-            tId = o.tId,
-            poll = pub.poll,
-            cbTimeout = callback.timeout || null;
-
-        if (cbTimeout) {
-            pub.conn[tId] = conn;
-            pub.timeout[tId] = setTimeout(checkTimeout.createCallback(o, callback), cbTimeout);
-        }
-        poll[tId] = setInterval(checkResponse.createCallback(o, callback, conn, tId, poll, cbTimeout), pub.pollInterval);
-    }
-
-    // private
-    function asyncRequest(method, uri, callback, postData) {
-        var o = getConnectionObject() || null;
-
-        if (o) {
-            o.conn.open(method, uri, true);
-
-            if (pub.useDefaultXhrHeader) {
-                initHeader('X-Requested-With', pub.defaultXhrHeader);
-            }
-
-            if(postData && pub.useDefaultHeader && (!pub.headers || !pub.headers[CONTENTTYPE])){
-                initHeader(CONTENTTYPE, pub.defaultPostHeader);
-            }
-
-            if (pub.defaultHeaders || pub.headers) {
-                setHeader(o);
-            }
-
-            handleReadyState(o, callback);
-            o.conn.send(postData || null);
-        }
-        return o;
-    }
-
-    // private
-    function getConnectionObject() {
-        var o;
-
-        try {
-            if (o = createXhrObject(pub.transactionId)) {
-                pub.transactionId++;
-            }
-        } catch(e) {
-        } finally {
-            return o;
-        }
-    }
-
-    // private
-    function createXhrObject(transactionId) {
-        var http;
-
-        try {
-            http = new XMLHttpRequest();
-        } catch(e) {
-            for (var i = Ext.isIE6 ? 1 : 0; i < activeX.length; ++i) {
-                try {
-                    http = new ActiveXObject(activeX[i]);
-                    break;
-                } catch(e) {}
-            }
-        } finally {
-            return {conn : http, tId : transactionId};
-        }
-    }
-
-    var pub = {
-        request : function(method, uri, cb, data, options) {
-            if(options){
-                var me = this,
-                    xmlData = options.xmlData,
-                    jsonData = options.jsonData,
-                    hs;
-
-                Ext.applyIf(me, options);
-
-                if(xmlData || jsonData){
-                    hs = me.headers;
-                    if(!hs || !hs[CONTENTTYPE]){
-                        initHeader(CONTENTTYPE, xmlData ? 'text/xml' : 'application/json');
-                    }
-                    data = xmlData || (!Ext.isPrimitive(jsonData) ? Ext.encode(jsonData) : jsonData);
-                }
-            }
-            return asyncRequest(method || options.method || "POST", uri, cb, data);
-        },
-
-        serializeForm : function(form) {
-            var fElements = form.elements || (document.forms[form] || Ext.getDom(form)).elements, 
-                hasSubmit = false, 
-                encoder = encodeURIComponent, 
-                name, 
-                data = '', 
-                type, 
-                hasValue;
-    
-            Ext.each(fElements, function(element){
-                name = element.name;
-                type = element.type;
-        
-                if (!element.disabled && name) {
-                    if (/select-(one|multiple)/i.test(type)) {
-                        Ext.each(element.options, function(opt){
-                            if (opt.selected) {
-                                hasValue = opt.hasAttribute ? opt.hasAttribute('value') : opt.getAttributeNode('value').specified;
-                                data += String.format("{0}={1}&", encoder(name), encoder(hasValue ? opt.value : opt.text));
-                            }
-                        });
-                    } else if (!(/file|undefined|reset|button/i.test(type))) {
-                        if (!(/radio|checkbox/i.test(type) && !element.checked) && !(type == 'submit' && hasSubmit)) {
-                            data += encoder(name) + '=' + encoder(element.value) + '&';
-                            hasSubmit = /submit/i.test(type);
-                        }
-                    }
-                }
-            });
-            return data.substr(0, data.length - 1);
-        },
-
-        useDefaultHeader : true,
-        defaultPostHeader : 'application/x-www-form-urlencoded; charset=UTF-8',
-        useDefaultXhrHeader : true,
-        defaultXhrHeader : 'XMLHttpRequest',
-        poll : {},
-        timeout : {},
-        conn: {},
-        pollInterval : 50,
-        transactionId : 0,
-
-//  This is never called - Is it worth exposing this?
-//          setProgId : function(id) {
-//              activeX.unshift(id);
-//          },
-
-//  This is never called - Is it worth exposing this?
-//          setDefaultPostHeader : function(b) {
-//              this.useDefaultHeader = b;
-//          },
-
-//  This is never called - Is it worth exposing this?
-//          setDefaultXhrHeader : function(b) {
-//              this.useDefaultXhrHeader = b;
-//          },
-
-//  This is never called - Is it worth exposing this?
-//          setPollingInterval : function(i) {
-//              if (typeof i == 'number' && isFinite(i)) {
-//                  this.pollInterval = i;
-//              }
-//          },
-
-//  This is never called - Is it worth exposing this?
-//          resetDefaultHeaders : function() {
-//              this.defaultHeaders = null;
-//          },
-
-        abort : function(o, callback, isTimeout) {
-            var me = this,
-                tId = o.tId,
-                isAbort = false;
-
-            if (me.isCallInProgress(o)) {
-                o.conn.abort();
-                clearInterval(me.poll[tId]);
-                me.poll[tId] = null;
-                clearTimeout(pub.timeout[tId]);
-                me.timeout[tId] = null;
-
-                handleTransactionResponse(o, callback, (isAbort = true), isTimeout);
-            }
-            return isAbort;
-        },
-
-        isCallInProgress : function(o) {
-            // if there is a connection and readyState is not 0 or 4
-            return o.conn && !{0:true,4:true}[o.conn.readyState];
-        }
-    };
-    return pub;
-}();(function(){
-    var EXTLIB = Ext.lib,
-        noNegatives = /width|height|opacity|padding/i,
-        offsetAttribute = /^((width|height)|(top|left))$/,
-        defaultUnit = /width|height|top$|bottom$|left$|right$/i,
-        offsetUnit =  /\d+(em|%|en|ex|pt|in|cm|mm|pc)$/i,
-        isset = function(v){
-            return typeof v !== 'undefined';
-        },
-        now = function(){
-            return new Date();
-        };
-
-    EXTLIB.Anim = {
-        motion : function(el, args, duration, easing, cb, scope) {
-            return this.run(el, args, duration, easing, cb, scope, Ext.lib.Motion);
-        },
-
-        run : function(el, args, duration, easing, cb, scope, type) {
-            type = type || Ext.lib.AnimBase;
-            if (typeof easing == "string") {
-                easing = Ext.lib.Easing[easing];
-            }
-            var anim = new type(el, args, duration, easing);
-            anim.animateX(function() {
-                if(Ext.isFunction(cb)){
-                    cb.call(scope);
-                }
-            });
-            return anim;
-        }
-    };
-
-    EXTLIB.AnimBase = function(el, attributes, duration, method) {
-        if (el) {
-            this.init(el, attributes, duration, method);
-        }
-    };
-
-    EXTLIB.AnimBase.prototype = {
-        doMethod: function(attr, start, end) {
-            var me = this;
-            return me.method(me.curFrame, start, end - start, me.totalFrames);
-        },
-
-
-        setAttr: function(attr, val, unit) {
-            if (noNegatives.test(attr) && val < 0) {
-                val = 0;
-            }
-            Ext.fly(this.el, '_anim').setStyle(attr, val + unit);
-        },
-
-
-        getAttr: function(attr) {
-            var el = Ext.fly(this.el),
-                val = el.getStyle(attr),
-                a = offsetAttribute.exec(attr) || [];
-
-            if (val !== 'auto' && !offsetUnit.test(val)) {
-                return parseFloat(val);
-            }
-
-            return (!!(a[2]) || (el.getStyle('position') == 'absolute' && !!(a[3]))) ? el.dom['offset' + a[0].charAt(0).toUpperCase() + a[0].substr(1)] : 0;
-        },
-
-
-        getDefaultUnit: function(attr) {
-            return defaultUnit.test(attr) ? 'px' : '';
-        },
-
-        animateX : function(callback, scope) {
-            var me = this,
-                f = function() {
-                me.onComplete.removeListener(f);
-                if (Ext.isFunction(callback)) {
-                    callback.call(scope || me, me);
-                }
-            };
-            me.onComplete.addListener(f, me);
-            me.animate();
-        },
-
-
-        setRunAttr: function(attr) {
-            var me = this,
-                a = this.attributes[attr],
-                to = a.to,
-                by = a.by,
-                from = a.from,
-                unit = a.unit,
-                ra = (this.runAttrs[attr] = {}),
-                end;
-
-            if (!isset(to) && !isset(by)){
-                return false;
-            }
-
-            var start = isset(from) ? from : me.getAttr(attr);
-            if (isset(to)) {
-                end = to;
-            }else if(isset(by)) {
-                if (Ext.isArray(start)){
-                    end = [];
-                    for(var i=0,len=start.length; i<len; i++) {
-                        end[i] = start[i] + by[i];
-                    }
-                }else{
-                    end = start + by;
-                }
-            }
-
-            Ext.apply(ra, {
-                start: start,
-                end: end,
-                unit: isset(unit) ? unit : me.getDefaultUnit(attr)
-            });
-        },
-
-
-        init: function(el, attributes, duration, method) {
-            var me = this,
-                actualFrames = 0,
-                mgr = EXTLIB.AnimMgr;
-
-            Ext.apply(me, {
-                isAnimated: false,
-                startTime: null,
-                el: Ext.getDom(el),
-                attributes: attributes || {},
-                duration: duration || 1,
-                method: method || EXTLIB.Easing.easeNone,
-                useSec: true,
-                curFrame: 0,
-                totalFrames: mgr.fps,
-                runAttrs: {},
-                animate: function(){
-                    var me = this,
-                        d = me.duration;
-
-                    if(me.isAnimated){
-                        return false;
-                    }
-
-                    me.curFrame = 0;
-                    me.totalFrames = me.useSec ? Math.ceil(mgr.fps * d) : d;
-                    mgr.registerElement(me);
-                },
-
-                stop: function(finish){
-                    var me = this;
-
-                    if(finish){
-                        me.curFrame = me.totalFrames;
-                        me._onTween.fire();
-                    }
-                    mgr.stop(me);
-                }
-            });
-
-            var onStart = function(){
-                var me = this,
-                    attr;
-
-                me.onStart.fire();
-                me.runAttrs = {};
-                for(attr in this.attributes){
-                    this.setRunAttr(attr);
-                }
-
-                me.isAnimated = true;
-                me.startTime = now();
-                actualFrames = 0;
-            };
-
-
-            var onTween = function(){
-                var me = this;
-
-                me.onTween.fire({
-                    duration: now() - me.startTime,
-                    curFrame: me.curFrame
-                });
-
-                var ra = me.runAttrs;
-                for (var attr in ra) {
-                    this.setAttr(attr, me.doMethod(attr, ra[attr].start, ra[attr].end), ra[attr].unit);
-                }
-
-                ++actualFrames;
-            };
-
-            var onComplete = function() {
-                var me = this,
-                    actual = (now() - me.startTime) / 1000,
-                    data = {
-                        duration: actual,
-                        frames: actualFrames,
-                        fps: actualFrames / actual
-                    };
-
-                me.isAnimated = false;
-                actualFrames = 0;
-                me.onComplete.fire(data);
-            };
-
-            me.onStart = new Ext.util.Event(me);
-            me.onTween = new Ext.util.Event(me);
-            me.onComplete = new Ext.util.Event(me);
-            (me._onStart = new Ext.util.Event(me)).addListener(onStart);
-            (me._onTween = new Ext.util.Event(me)).addListener(onTween);
-            (me._onComplete = new Ext.util.Event(me)).addListener(onComplete);
-        }
-    };
-
-
-    Ext.lib.AnimMgr = new function() {
-        var me = this,
-            thread = null,
-            queue = [],
-            tweenCount = 0;
-
-
-        Ext.apply(me, {
-            fps: 1000,
-            delay: 1,
-            registerElement: function(tween){
-                queue.push(tween);
-                ++tweenCount;
-                tween._onStart.fire();
-                me.start();
-            },
-
-            unRegister: function(tween, index){
-                tween._onComplete.fire();
-                index = index || getIndex(tween);
-                if (index != -1) {
-                    queue.splice(index, 1);
-                }
-
-                if (--tweenCount <= 0) {
-                    me.stop();
-                }
-            },
-
-            start: function(){
-                if(thread === null){
-                    thread = setInterval(me.run, me.delay);
-                }
-            },
-
-            stop: function(tween){
-                if(!tween){
-                    clearInterval(thread);
-                    for(var i = 0, len = queue.length; i < len; ++i){
-                        if(queue[0].isAnimated){
-                            me.unRegister(queue[0], 0);
-                        }
-                    }
-
-                    queue = [];
-                    thread = null;
-                    tweenCount = 0;
-                }else{
-                    me.unRegister(tween);
-                }
-            },
-
-            run: function(){
-                var tf, i, len, tween;
-                for(i = 0, len = queue.length; i<len; i++) {
-                    tween = queue[i];
-                    if(tween && tween.isAnimated){
-                        tf = tween.totalFrames;
-                        if(tween.curFrame < tf || tf === null){
-                            ++tween.curFrame;
-                            if(tween.useSec){
-                                correctFrame(tween);
-                            }
-                            tween._onTween.fire();
-                        }else{
-                            me.stop(tween);
-                        }
-                    }
-                }
-            }
-        });
-
-        var getIndex = function(anim) {
-            var i, len;
-            for(i = 0, len = queue.length; i<len; i++) {
-                if(queue[i] === anim) {
-                    return i;
-                }
-            }
-            return -1;
-        };
-
-        var correctFrame = function(tween) {
-            var frames = tween.totalFrames,
-                frame = tween.curFrame,
-                duration = tween.duration,
-                expected = (frame * duration * 1000 / frames),
-                elapsed = (now() - tween.startTime),
-                tweak = 0;
-
-            if(elapsed < duration * 1000){
-                tweak = Math.round((elapsed / expected - 1) * frame);
-            }else{
-                tweak = frames - (frame + 1);
-            }
-            if(tweak > 0 && isFinite(tweak)){
-                if(tween.curFrame + tweak >= frames){
-                    tweak = frames - (frame + 1);
-                }
-                tween.curFrame += tweak;
-            }
-        };
-    };
-
-    EXTLIB.Bezier = new function() {
-
-        this.getPosition = function(points, t) {
-            var n = points.length,
-                tmp = [],
-                c = 1 - t,
-                i,
-                j;
-
-            for (i = 0; i < n; ++i) {
-                tmp[i] = [points[i][0], points[i][1]];
-            }
-
-            for (j = 1; j < n; ++j) {
-                for (i = 0; i < n - j; ++i) {
-                    tmp[i][0] = c * tmp[i][0] + t * tmp[parseInt(i + 1, 10)][0];
-                    tmp[i][1] = c * tmp[i][1] + t * tmp[parseInt(i + 1, 10)][1];
-                }
-            }
-
-            return [ tmp[0][0], tmp[0][1] ];
-
-        };
-    };
-
-
-    EXTLIB.Easing = {
-        easeNone: function (t, b, c, d) {
-            return c * t / d + b;
-        },
-
-
-        easeIn: function (t, b, c, d) {
-            return c * (t /= d) * t + b;
-        },
-
-
-        easeOut: function (t, b, c, d) {
-            return -c * (t /= d) * (t - 2) + b;
-        }
-    };
-
-    (function() {
-        EXTLIB.Motion = function(el, attributes, duration, method) {
-            if (el) {
-                EXTLIB.Motion.superclass.constructor.call(this, el, attributes, duration, method);
-            }
-        };
-
-        Ext.extend(EXTLIB.Motion, Ext.lib.AnimBase);
-
-        var superclass = EXTLIB.Motion.superclass,
-            pointsRe = /^points$/i;
-
-        Ext.apply(EXTLIB.Motion.prototype, {
-            setAttr: function(attr, val, unit){
-                var me = this,
-                    setAttr = superclass.setAttr;
-
-                if (pointsRe.test(attr)) {
-                    unit = unit || 'px';
-                    setAttr.call(me, 'left', val[0], unit);
-                    setAttr.call(me, 'top', val[1], unit);
-                } else {
-                    setAttr.call(me, attr, val, unit);
-                }
-            },
-
-            getAttr: function(attr){
-                var me = this,
-                    getAttr = superclass.getAttr;
-
-                return pointsRe.test(attr) ? [getAttr.call(me, 'left'), getAttr.call(me, 'top')] : getAttr.call(me, attr);
-            },
-
-            doMethod: function(attr, start, end){
-                var me = this;
-
-                return pointsRe.test(attr)
-                        ? EXTLIB.Bezier.getPosition(me.runAttrs[attr], me.method(me.curFrame, 0, 100, me.totalFrames) / 100)
-                        : superclass.doMethod.call(me, attr, start, end);
-            },
-
-            setRunAttr: function(attr){
-                if(pointsRe.test(attr)){
-
-                    var me = this,
-                        el = this.el,
-                        points = this.attributes.points,
-                        control = points.control || [],
-                        from = points.from,
-                        to = points.to,
-                        by = points.by,
-                        DOM = EXTLIB.Dom,
-                        start,
-                        i,
-                        end,
-                        len,
-                        ra;
-
-
-                    if(control.length > 0 && !Ext.isArray(control[0])){
-                        control = [control];
-                    }else{
-                        /*
-                        var tmp = [];
-                        for (i = 0,len = control.length; i < len; ++i) {
-                            tmp[i] = control[i];
-                        }
-                        control = tmp;
-                        */
-                    }
-
-                    Ext.fly(el, '_anim').position();
-                    DOM.setXY(el, isset(from) ? from : DOM.getXY(el));
-                    start = me.getAttr('points');
-
-
-                    if(isset(to)){
-                        end = translateValues.call(me, to, start);
-                        for (i = 0,len = control.length; i < len; ++i) {
-                            control[i] = translateValues.call(me, control[i], start);
-                        }
-                    } else if (isset(by)) {
-                        end = [start[0] + by[0], start[1] + by[1]];
-
-                        for (i = 0,len = control.length; i < len; ++i) {
-                            control[i] = [ start[0] + control[i][0], start[1] + control[i][1] ];
-                        }
-                    }
-
-                    ra = this.runAttrs[attr] = [start];
-                    if (control.length > 0) {
-                        ra = ra.concat(control);
-                    }
-
-                    ra[ra.length] = end;
-                }else{
-                    superclass.setRunAttr.call(this, attr);
-                }
-            }
-        });
-
-        var translateValues = function(val, start) {
-            var pageXY = EXTLIB.Dom.getXY(this.el);
-            return [val[0] - pageXY[0] + start[0], val[1] - pageXY[1] + start[1]];
-        };
-    })();
-})();// Easing functions
-(function(){
-    // shortcuts to aid compression
-    var abs = Math.abs,
-        pi = Math.PI,
-        asin = Math.asin,
-        pow = Math.pow,
-        sin = Math.sin,
-        EXTLIB = Ext.lib;
-
-    Ext.apply(EXTLIB.Easing, {
-
-        easeBoth: function (t, b, c, d) {
-            return ((t /= d / 2) < 1)  ?  c / 2 * t * t + b  :  -c / 2 * ((--t) * (t - 2) - 1) + b;
-        },
-
-        easeInStrong: function (t, b, c, d) {
-            return c * (t /= d) * t * t * t + b;
-        },
-
-        easeOutStrong: function (t, b, c, d) {
-            return -c * ((t = t / d - 1) * t * t * t - 1) + b;
-        },
-
-        easeBothStrong: function (t, b, c, d) {
-            return ((t /= d / 2) < 1)  ?  c / 2 * t * t * t * t + b  :  -c / 2 * ((t -= 2) * t * t * t - 2) + b;
-        },
-
-        elasticIn: function (t, b, c, d, a, p) {
-            if (t == 0 || (t /= d) == 1) {
-                return t == 0 ? b : b + c;
-            }
-            p = p || (d * .3);
-
-            var s;
-            if (a >= abs(c)) {
-                s = p / (2 * pi) * asin(c / a);
-            } else {
-                a = c;
-                s = p / 4;
-            }
-
-            return -(a * pow(2, 10 * (t -= 1)) * sin((t * d - s) * (2 * pi) / p)) + b;
-
-        },
-
-        elasticOut: function (t, b, c, d, a, p) {
-            if (t == 0 || (t /= d) == 1) {
-                return t == 0 ? b : b + c;
-            }
-            p = p || (d * .3);
-
-            var s;
-            if (a >= abs(c)) {
-                s = p / (2 * pi) * asin(c / a);
-            } else {
-                a = c;
-                s = p / 4;
-            }
-
-            return a * pow(2, -10 * t) * sin((t * d - s) * (2 * pi) / p) + c + b;
-        },
-
-        elasticBoth: function (t, b, c, d, a, p) {
-            if (t == 0 || (t /= d / 2) == 2) {
-                return t == 0 ? b : b + c;
-            }
-
-            p = p || (d * (.3 * 1.5));
-
-            var s;
-            if (a >= abs(c)) {
-                s = p / (2 * pi) * asin(c / a);
-            } else {
-                a = c;
-                s = p / 4;
-            }
-
-            return t < 1 ?
-                    -.5 * (a * pow(2, 10 * (t -= 1)) * sin((t * d - s) * (2 * pi) / p)) + b :
-                    a * pow(2, -10 * (t -= 1)) * sin((t * d - s) * (2 * pi) / p) * .5 + c + b;
-        },
-
-        backIn: function (t, b, c, d, s) {
-            s = s ||  1.70158;
-            return c * (t /= d) * t * ((s + 1) * t - s) + b;
-        },
-
-
-        backOut: function (t, b, c, d, s) {
-            if (!s) {
-                s = 1.70158;
-            }
-            return c * ((t = t / d - 1) * t * ((s + 1) * t + s) + 1) + b;
-        },
-
-
-        backBoth: function (t, b, c, d, s) {
-            s = s || 1.70158;
-
-            return ((t /= d / 2 ) < 1) ?
-                    c / 2 * (t * t * (((s *= (1.525)) + 1) * t - s)) + b :
-                    c / 2 * ((t -= 2) * t * (((s *= (1.525)) + 1) * t + s) + 2) + b;
-        },
-
-
-        bounceIn: function (t, b, c, d) {
-            return c - EXTLIB.Easing.bounceOut(d - t, 0, c, d) + b;
-        },
-
-
-        bounceOut: function (t, b, c, d) {
-        if ((t /= d) < (1 / 2.75)) {
-                return c * (7.5625 * t * t) + b;
-            } else if (t < (2 / 2.75)) {
-                return c * (7.5625 * (t -= (1.5 / 2.75)) * t + .75) + b;
-            } else if (t < (2.5 / 2.75)) {
-                return c * (7.5625 * (t -= (2.25 / 2.75)) * t + .9375) + b;
-            }
-            return c * (7.5625 * (t -= (2.625 / 2.75)) * t + .984375) + b;
-        },
-
-
-        bounceBoth: function (t, b, c, d) {
-            return (t < d / 2) ?
-                    EXTLIB.Easing.bounceIn(t * 2, 0, c, d) * .5 + b :
-                    EXTLIB.Easing.bounceOut(t * 2 - d, 0, c, d) * .5 + c * .5 + b;
-        }
-    });
-})();
-
-(function() {
-    var EXTLIB = Ext.lib;
-    // Color Animation
-    EXTLIB.Anim.color = function(el, args, duration, easing, cb, scope) {
-        return EXTLIB.Anim.run(el, args, duration, easing, cb, scope, EXTLIB.ColorAnim);
-    };
-
-    EXTLIB.ColorAnim = function(el, attributes, duration, method) {
-        EXTLIB.ColorAnim.superclass.constructor.call(this, el, attributes, duration, method);
-    };
-
-    Ext.extend(EXTLIB.ColorAnim, EXTLIB.AnimBase);
-
-    var superclass = EXTLIB.ColorAnim.superclass,
-        colorRE = /color$/i,
-        transparentRE = /^transparent|rgba\(0, 0, 0, 0\)$/,
-        rgbRE = /^rgb\(([0-9]+)\s*,\s*([0-9]+)\s*,\s*([0-9]+)\)$/i,
-        hexRE= /^#?([0-9A-F]{2})([0-9A-F]{2})([0-9A-F]{2})$/i,
-        hex3RE = /^#?([0-9A-F]{1})([0-9A-F]{1})([0-9A-F]{1})$/i,
-        isset = function(v){
-            return typeof v !== 'undefined';
-        };
-
-    // private
-    function parseColor(s) {
-        var pi = parseInt,
-            base,
-            out = null,
-            c;
-
-        if (s.length == 3) {
-            return s;
-        }
-
-        Ext.each([hexRE, rgbRE, hex3RE], function(re, idx){
-            base = (idx % 2 == 0) ? 16 : 10;
-            c = re.exec(s);
-            if(c && c.length == 4){
-                out = [pi(c[1], base), pi(c[2], base), pi(c[3], base)];
-                return false;
-            }
-        });
-        return out;
-    }
-
-    Ext.apply(EXTLIB.ColorAnim.prototype, {
-        getAttr : function(attr) {
-            var me = this,
-                el = me.el,
-                val;
-            if(colorRE.test(attr)){
-                while(el && transparentRE.test(val = Ext.fly(el).getStyle(attr))){
-                    el = el.parentNode;
-                    val = "fff";
-                }
-            }else{
-                val = superclass.getAttr.call(me, attr);
-            }
-            return val;
-        },
-
-        doMethod : function(attr, start, end) {
-            var me = this,
-                val,
-                floor = Math.floor,
-                i,
-                len,
-                v;
-
-            if(colorRE.test(attr)){
-                val = [];
-                end = end || [];
-
-                for(i = 0, len = start.length; i < len; i++) {
-                    v = start[i];
-                    val[i] = superclass.doMethod.call(me, attr, v, end[i]);
-                }
-                val = 'rgb(' + floor(val[0]) + ',' + floor(val[1]) + ',' + floor(val[2]) + ')';
-            }else{
-                val = superclass.doMethod.call(me, attr, start, end);
-            }
-            return val;
-        },
-
-        setRunAttr : function(attr) {
-            var me = this,
-                a = me.attributes[attr],
-                to = a.to,
-                by = a.by,
-                ra;
-
-            superclass.setRunAttr.call(me, attr);
-            ra = me.runAttrs[attr];
-            if(colorRE.test(attr)){
-                var start = parseColor(ra.start),
-                    end = parseColor(ra.end);
-
-                if(!isset(to) && isset(by)){
-                    end = parseColor(by);
-                    for(var i=0,len=start.length; i<len; i++) {
-                        end[i] = start[i] + end[i];
-                    }
-                }
-                ra.start = start;
-                ra.end = end;
-            }
-        }
-    });
-})();
-
-
-(function() {
-    // Scroll Animation
-    var EXTLIB = Ext.lib;
-    EXTLIB.Anim.scroll = function(el, args, duration, easing, cb, scope) {
-        return EXTLIB.Anim.run(el, args, duration, easing, cb, scope, EXTLIB.Scroll);
-    };
-
-    EXTLIB.Scroll = function(el, attributes, duration, method) {
-        if(el){
-            EXTLIB.Scroll.superclass.constructor.call(this, el, attributes, duration, method);
-        }
-    };
-
-    Ext.extend(EXTLIB.Scroll, EXTLIB.ColorAnim);
-
-    var superclass = EXTLIB.Scroll.superclass,
-        SCROLL = 'scroll';
-
-    Ext.apply(EXTLIB.Scroll.prototype, {
-
-        doMethod : function(attr, start, end) {
-            var val,
-                me = this,
-                curFrame = me.curFrame,
-                totalFrames = me.totalFrames;
-
-            if(attr == SCROLL){
-                val = [me.method(curFrame, start[0], end[0] - start[0], totalFrames),
-                       me.method(curFrame, start[1], end[1] - start[1], totalFrames)];
-            }else{
-                val = superclass.doMethod.call(me, attr, start, end);
-            }
-            return val;
-        },
-
-        getAttr : function(attr) {
-            var me = this;
-
-            if (attr == SCROLL) {
-                return [me.el.scrollLeft, me.el.scrollTop];
-            }else{
-                return superclass.getAttr.call(me, attr);
-            }
-        },
-
-        setAttr : function(attr, val, unit) {
-            var me = this;
-
-            if(attr == SCROLL){
-                me.el.scrollLeft = val[0];
-                me.el.scrollTop = val[1];
-            }else{
-                superclass.setAttr.call(me, attr, val, unit);
-            }
-        }
-    });
-})();	
-	if (Ext.isIE9m) {
-        function fnCleanUp() {
-            var p = Function.prototype;
-            delete p.createSequence;
-            delete p.defer;
-            delete p.createDelegate;
-            delete p.createCallback;
-            delete p.createInterceptor;
-
-            window.detachEvent("onunload", fnCleanUp);
-        }
-        window.attachEvent("onunload", fnCleanUp);
-    }
-})();
\ No newline at end of file
diff --git a/client/src/img/collection-color.svg b/client/src/img/collection-color.svg
index 766fa0fc0..1a27b63dc 100644
--- a/client/src/img/collection-color.svg
+++ b/client/src/img/collection-color.svg
@@ -1,12 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
    height="16"
    width="16"
    fill="#000000"
@@ -16,7 +9,14 @@
    viewBox="0 0 5.3333333 5.3333333"
    id="svg6"
    sodipodi:docname="collection-color.svg"
-   inkscape:version="1.0.2 (1.0.2+r75+1)">
+   inkscape:version="1.3.2 (091e20ef0f, 2023-11-25, custom)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:dc="http://purl.org/dc/elements/1.1/">
   <metadata
      id="metadata12">
     <rdf:RDF>
@@ -25,7 +25,6 @@
         <dc:format>image/svg+xml</dc:format>
         <dc:type
            rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title></dc:title>
       </cc:Work>
     </rdf:RDF>
   </metadata>
@@ -40,48 +39,51 @@
      guidetolerance="10"
      inkscape:pageopacity="0"
      inkscape:pageshadow="2"
-     inkscape:window-width="1920"
-     inkscape:window-height="1023"
+     inkscape:window-width="3432"
+     inkscape:window-height="1364"
      id="namedview8"
      showgrid="false"
      inkscape:zoom="45.013332"
-     inkscape:cx="13.819255"
-     inkscape:cy="8.1783898"
+     inkscape:cx="13.840344"
+     inkscape:cy="8.1975713"
      inkscape:window-x="0"
      inkscape:window-y="0"
      inkscape:window-maximized="1"
      inkscape:current-layer="svg6"
-     inkscape:document-rotation="0" />
+     inkscape:document-rotation="0"
+     inkscape:showpageshadow="2"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1" />
   <rect
-     style="fill:#008000;fill-opacity:1;stroke:none;stroke-width:0;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     style="fill:#44ab5e;fill-opacity:1;stroke:none;stroke-width:0;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
      id="rect837"
-     width="2"
-     height="2"
-     x="0.33333334"
-     y="0.33333334"
+     width="2.4615383"
+     height="2.4615383"
+     x="0"
+     y="0"
      ry="0" />
   <rect
-     style="fill:#008000;fill-opacity:1;stroke:none;stroke-width:0;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     style="fill:#44ab5e;fill-opacity:1;stroke:none;stroke-width:0;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
      id="rect951"
-     width="2"
-     height="2"
-     x="2.6666667"
-     y="0.33333334"
+     width="2.4615383"
+     height="2.4615383"
+     x="2.8717949"
+     y="0"
      ry="0" />
   <rect
-     style="fill:#008000;fill-opacity:1;stroke:none;stroke-width:0;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     style="fill:#44ab5e;fill-opacity:1;stroke:none;stroke-width:0;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
      id="rect953"
-     width="2"
-     height="2"
-     x="0.33333334"
-     y="2.6666667"
+     width="2.4615383"
+     height="2.4615383"
+     x="0"
+     y="2.8717949"
      ry="0" />
   <rect
-     style="fill:#008000;fill-opacity:1;stroke:none;stroke-width:0;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
+     style="fill:#44ab5e;fill-opacity:1;stroke:none;stroke-width:0;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
      id="rect955"
-     width="2"
-     height="2"
-     x="2.6666667"
-     y="2.6666667"
+     width="2.4615383"
+     height="2.4615383"
+     x="2.8717949"
+     y="2.8717949"
      ry="0" />
 </svg>
diff --git a/client/src/img/collection.svg b/client/src/img/collection.svg
index 66f75a6f1..c903e21d9 100644
--- a/client/src/img/collection.svg
+++ b/client/src/img/collection.svg
@@ -1,12 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
    height="16"
    width="16"
    fill="#000000"
@@ -16,7 +9,14 @@
    viewBox="0 0 5.3333333 5.3333333"
    id="svg6"
    sodipodi:docname="collection.svg"
-   inkscape:version="1.0.1 (3bc2e813f5, 2020-09-07)">
+   inkscape:version="1.3.2 (091e20ef0f, 2023-11-25, custom)"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:dc="http://purl.org/dc/elements/1.1/">
   <metadata
      id="metadata12">
     <rdf:RDF>
@@ -25,7 +25,6 @@
         <dc:format>image/svg+xml</dc:format>
         <dc:type
            rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
-        <dc:title />
       </cc:Work>
     </rdf:RDF>
   </metadata>
@@ -40,48 +39,52 @@
      guidetolerance="10"
      inkscape:pageopacity="0"
      inkscape:pageshadow="2"
-     inkscape:window-width="1920"
-     inkscape:window-height="1027"
+     inkscape:window-width="3432"
+     inkscape:window-height="1364"
      id="namedview8"
      showgrid="false"
      inkscape:zoom="45.013332"
-     inkscape:cx="13.819255"
-     inkscape:cy="8.1783898"
-     inkscape:window-x="3840"
+     inkscape:cx="13.840344"
+     inkscape:cy="8.1975713"
+     inkscape:window-x="0"
      inkscape:window-y="0"
      inkscape:window-maximized="1"
      inkscape:current-layer="svg6"
-     inkscape:document-rotation="0" />
+     inkscape:document-rotation="0"
+     inkscape:showpageshadow="2"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1"
+     inkscape:lockguides="false" />
   <rect
      style="fill:#808080;fill-opacity:1;stroke:none;stroke-width:0;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
      id="rect837"
-     width="2"
-     height="2"
-     x="0.33333334"
-     y="0.33333334"
+     width="2.4615383"
+     height="2.4615383"
+     x="0"
+     y="0"
      ry="0" />
   <rect
      style="fill:#808080;fill-opacity:1;stroke:none;stroke-width:0;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
      id="rect951"
-     width="2"
-     height="2"
-     x="2.6666667"
-     y="0.33333334"
+     width="2.4615383"
+     height="2.4615383"
+     x="2.8717949"
+     y="0"
      ry="0" />
   <rect
      style="fill:#808080;fill-opacity:1;stroke:none;stroke-width:0;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
      id="rect953"
-     width="2"
-     height="2"
-     x="0.33333334"
-     y="2.6666667"
+     width="2.4615383"
+     height="2.4615383"
+     x="0"
+     y="2.8717949"
      ry="0" />
   <rect
      style="fill:#808080;fill-opacity:1;stroke:none;stroke-width:0;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
      id="rect955"
-     width="2"
-     height="2"
-     x="2.6666667"
-     y="2.6666667"
+     width="2.4615383"
+     height="2.4615383"
+     x="2.8717949"
+     y="2.8717949"
      ry="0" />
 </svg>
diff --git a/client/src/img/gear.svg b/client/src/img/gear.svg
index d43e5ffd3..13f191200 100644
--- a/client/src/img/gear.svg
+++ b/client/src/img/gear.svg
@@ -1,21 +1,22 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
    version="1.1"
    id="Capa_1"
    x="0px"
    y="0px"
-   viewBox="0 0 512.002 512.002"
-   style="enable-background:new 0 0 512.002 512.002;"
+   viewBox="0 0 16 16"
    xml:space="preserve"
    sodipodi:docname="gear.svg"
-   inkscape:version="1.0.1 (3bc2e813f5, 2020-09-07)"><metadata
+   inkscape:version="1.3.2 (091e20ef0f, 2023-11-25, custom)"
+   width="16"
+   height="16"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:dc="http://purl.org/dc/elements/1.1/"><metadata
    id="metadata39"><rdf:RDF><cc:Work
        rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
          rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><defs
@@ -28,64 +29,82 @@
    guidetolerance="10"
    inkscape:pageopacity="0"
    inkscape:pageshadow="2"
-   inkscape:window-width="1920"
-   inkscape:window-height="1029"
+   inkscape:window-width="3432"
+   inkscape:window-height="1364"
    id="namedview35"
    showgrid="false"
-   inkscape:zoom="1.1918569"
-   inkscape:cx="202.43939"
-   inkscape:cy="289.54524"
-   inkscape:window-x="1920"
+   inkscape:zoom="19.06971"
+   inkscape:cx="43.629399"
+   inkscape:cy="15.679315"
+   inkscape:window-x="0"
    inkscape:window-y="0"
    inkscape:window-maximized="1"
-   inkscape:current-layer="Capa_1" />
+   inkscape:current-layer="Capa_1"
+   inkscape:showpageshadow="2"
+   inkscape:pagecheckerboard="0"
+   inkscape:deskcolor="#d1d1d1" />
 <path
-   style="fill:#808080;fill-opacity:1"
-   d="M496.647,312.107l-47.061-36.8c1.459-12.844,1.459-25.812,0-38.656l47.104-36.821  c8.827-7.109,11.186-19.575,5.568-29.419l-48.96-84.629c-5.639-9.906-17.649-14.232-28.309-10.197l-55.467,22.315  c-10.423-7.562-21.588-14.045-33.323-19.349l-8.512-58.923c-1.535-11.312-11.24-19.72-22.656-19.627h-98.133  c-11.321-0.068-20.948,8.246-22.528,19.456l-8.533,59.093c-11.699,5.355-22.846,11.843-33.28,19.371L86.94,75.563  c-10.55-4.159-22.549,0.115-28.096,10.005L9.841,170.347c-5.769,9.86-3.394,22.463,5.568,29.547l47.061,36.8  c-1.473,12.843-1.473,25.813,0,38.656l-47.104,36.8c-8.842,7.099-11.212,19.572-5.589,29.419l48.939,84.651  c5.632,9.913,17.649,14.242,28.309,10.197l55.467-22.315c10.432,7.566,21.604,14.056,33.344,19.371l8.533,58.88  c1.502,11.282,11.147,19.694,22.528,19.648h98.133c11.342,0.091,21-8.226,22.592-19.456l8.533-59.093  c11.698-5.357,22.844-11.845,33.28-19.371l55.68,22.379c10.55,4.149,22.543-0.122,28.096-10.005l49.152-85.12  C507.866,331.505,505.447,319.139,496.647,312.107z M255.964,362.667c-58.91,0-106.667-47.756-106.667-106.667  s47.756-106.667,106.667-106.667s106.667,47.756,106.667,106.667C362.56,314.882,314.845,362.597,255.964,362.667z"
+   style="fill:#808080;fill-opacity:1;stroke-width:0.0316672"
+   d="M 15.722386,9.753309 14.21219,8.6033146 c 0.04682,-0.4013664 0.04682,-0.806622 0,-1.2079883 l 1.511575,-1.1506591 c 0.283261,-0.222154 0.358962,-0.6117173 0.178679,-0.9193359 L 14.331309,2.6806776 C 14.150352,2.3711144 13.764949,2.2359266 13.422868,2.362019 L 11.642922,3.0593609 C 11.308446,2.8230531 10.950159,2.620456 10.573581,2.4547083 L 10.30043,0.61336572 C 10.25117,0.2598763 9.9397362,-0.00288076 9.5733952,2.3846903e-5 H 6.4242899 C 6.0609976,-0.00243769 5.7520647,0.25771014 5.7013631,0.60802417 L 5.4275367,2.4546836 C 5.0521139,2.6220191 4.6944056,2.8247638 4.359576,3.0600132 L 2.5748167,2.3613297 C 2.2362653,2.2313604 1.8512152,2.3650221 1.6732112,2.6739822 L 0.10069625,5.3233252 C -0.084432,5.6314484 -0.00821822,6.0252948 0.27937428,6.2466733 L 1.7895701,7.3966678 c -0.047269,0.4013417 -0.047269,0.8066466 0,1.2079883 L 0.27799447,9.7546506 c -0.2837413,0.2218463 -0.35979509,0.6116314 -0.17935201,0.9193474 l 1.57046094,2.645343 c 0.180732,0.309773 0.5663596,0.445059 0.9084408,0.318647 l 1.7799457,-0.697342 c 0.3347655,0.236443 0.6932763,0.439249 1.0700148,0.605341 l 0.2738264,1.840001 c 0.048197,0.352567 0.3577083,0.615435 0.7229268,0.613995 h 3.1491053 c 0.3639668,0.0025 0.6738938,-0.257059 0.7249808,-0.608001 l 0.273825,-1.846647 c 0.375391,-0.167409 0.733068,-0.370154 1.067962,-0.605342 l 1.78678,0.699348 c 0.338552,0.12965 0.723409,-0.0037 0.901606,-0.312664 l 1.577296,-2.659989 C 16.082405,10.3595 16.00478,9.973063 15.722386,9.753309 Z m -7.7235594,1.58 c -1.8904321,0 -3.4229626,-1.4923691 -3.4229626,-3.3333301 0,-1.840961 1.5324985,-3.3333433 3.4229626,-3.3333433 1.890464,0 3.4229624,1.4923823 3.4229624,3.3333433 -0.0022,1.8400502 -1.5334608,3.3311401 -3.4229624,3.3333301 z"
    id="path2" />
 <g
-   id="g4">
+   id="g4"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g6">
+   id="g6"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g8">
+   id="g8"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g10">
+   id="g10"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g12">
+   id="g12"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g14">
+   id="g14"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g16">
+   id="g16"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g18">
+   id="g18"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g20">
+   id="g20"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g22">
+   id="g22"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g24">
+   id="g24"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g26">
+   id="g26"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g28">
+   id="g28"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g30">
+   id="g30"
+   transform="translate(-1.5,-1.5)">
 </g>
 <g
-   id="g32">
+   id="g32"
+   transform="translate(-1.5,-1.5)">
 </g>
 </svg>
diff --git a/client/src/img/grid.svg b/client/src/img/grid.svg
index 42838ba9c..33f3ad86b 100644
--- a/client/src/img/grid.svg
+++ b/client/src/img/grid.svg
@@ -1,21 +1,22 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
    version="1.1"
    id="Capa_1"
    x="0px"
    y="0px"
-   viewBox="0 0 512 512"
-   style="enable-background:new 0 0 512 512;"
+   viewBox="0 0 16 16"
    xml:space="preserve"
    sodipodi:docname="grid.svg"
-   inkscape:version="1.0.1 (3bc2e813f5, 2020-09-07)"><metadata
+   inkscape:version="1.3.2 (091e20ef0f, 2023-11-25, custom)"
+   width="16"
+   height="16"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:dc="http://purl.org/dc/elements/1.1/"><metadata
    id="metadata44"><rdf:RDF><cc:Work
        rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
          rdf:resource="http://purl.org/dc/dcmitype/StillImage" /></cc:Work></rdf:RDF></metadata><defs
@@ -28,18 +29,22 @@
    guidetolerance="10"
    inkscape:pageopacity="0"
    inkscape:pageshadow="2"
-   inkscape:window-width="1920"
-   inkscape:window-height="1027"
+   inkscape:window-width="3432"
+   inkscape:window-height="1364"
    id="namedview40"
    showgrid="false"
-   inkscape:zoom="0.82421875"
-   inkscape:cx="117.89253"
-   inkscape:cy="264.67042"
-   inkscape:window-x="3840"
+   inkscape:zoom="37.299883"
+   inkscape:cx="9.0348809"
+   inkscape:cy="12.332478"
+   inkscape:window-x="0"
    inkscape:window-y="0"
    inkscape:window-maximized="1"
    inkscape:current-layer="Capa_1"
-   inkscape:document-rotation="0" />
+   inkscape:document-rotation="0"
+   inkscape:showpageshadow="2"
+   inkscape:pagecheckerboard="0"
+   inkscape:deskcolor="#d1d1d1"
+   showguides="true" />
 <linearGradient
    id="SVGID_1_"
    gradientUnits="userSpaceOnUse"
@@ -47,7 +52,7 @@
    y1="464"
    x2="256"
    y2="52"
-   gradientTransform="matrix(1 0 0 -1 0 514)">
+   gradientTransform="matrix(1,0,0,-1,0,514)">
 	<stop
    offset="0"
    style="stop-color:#067b44;stop-opacity:1"
@@ -57,76 +62,78 @@
    style="stop-color:#9f7f00;stop-opacity:1"
    id="stop4" />
 </linearGradient>
-<rect
-   style="fill:#808080;fill-opacity:1;stroke-width:0.586339"
-   id="rect848"
-   width="158.65096"
-   height="364.32095"
-   x="-181.30275"
-   y="74.425896"
-   ry="51.094398"
-   transform="rotate(-90)" /><path
-   style="fill:#808080;fill-opacity:1"
-   d="m 50,60 v 392 c 0,33.084 26.916,60 60,60 h 292 c 33.084,0 60,-26.916 60,-60 V 60 C 462,26.916 435.084,0 402,0 H 110 C 76.916,0 50,26.916 50,60 Z m 60,-20 h 62 V 155 H 90 V 60 C 90,48.972 98.972,40 110,40 Z M 300,316 H 212 V 195 h 88 z m 40,-121 h 82 V 316 H 340 Z M 300,356 V 472 H 212 V 356 Z M 172,316 H 90 V 195 h 82 z M 212,155 V 40 h 88 V 155 Z M 90,452 v -96 h 82 v 116 h -62 c -11.028,0 -20,-8.972 -20,-20 z m 312,20 H 340 V 356 h 82 v 96 c 0,11.028 -8.972,20 -20,20 z M 422,60 v 95 H 340 V 40 h 62 c 11.028,0 20,8.972 20,20 z"
-   id="path7" />
+<g
+   id="g1"
+   transform="scale(0.03125)"><rect
+     style="fill:#808080;fill-opacity:1;stroke-width:0.653635"
+     id="rect848"
+     width="158.65096"
+     height="452.74838"
+     x="-181.30275"
+     y="30.354509"
+     ry="63.495949"
+     transform="rotate(-90)" /><path
+     style="fill:#808080;fill-opacity:1;stroke-width:1.11477"
+     d="m 0,60 v 392 c 0,33.084 33.449009,60 74.563102,60 H 437.4369 C 478.55099,512 512,485.084 512,452 V 60 C 512,26.916 478.55099,0 437.4369,0 H 74.563102 C 33.449009,0 0,26.916 0,60 Z M 74.563102,40 H 151.61164 V 155 H 49.708737 V 60 c 0,-11.028 11.14967,-20 24.854365,-20 z M 310.6796,316 H 201.32039 V 195 H 310.6796 Z M 360.38835,195 H 462.29126 V 316 H 360.38835 Z M 310.6796,356 V 472 H 201.32039 V 356 Z M 151.61164,316 H 49.708737 V 195 H 151.61164 Z M 201.32039,155 V 40 H 310.6796 V 155 Z M 49.708737,452 V 356 H 151.61164 V 472 H 74.563102 C 60.858407,472 49.708737,463.028 49.708737,452 Z M 437.4369,472 H 360.38835 V 356 h 101.90291 v 96 c 0,11.028 -11.14966,20 -24.85436,20 z M 462.29126,60 v 95 H 360.38835 V 40 h 77.04855 c 13.7047,0 24.85436,8.972 24.85436,20 z"
+     id="path7" /></g>
 <g
    id="g9"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g11"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g13"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g15"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g17"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g19"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g21"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g23"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g25"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g27"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g29"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g31"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g33"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g35"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 <g
    id="g37"
-   transform="rotate(-90,256,256)">
+   transform="matrix(0,-1.230769,1.5294994,0,-78.321121,628.30757)">
 </g>
 </svg>
diff --git a/client/src/img/library.svg b/client/src/img/library.svg
index f28a2923a..d2379c92b 100644
--- a/client/src/img/library.svg
+++ b/client/src/img/library.svg
@@ -1,19 +1,21 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <svg
-   xmlns:dc="http://purl.org/dc/elements/1.1/"
-   xmlns:cc="http://creativecommons.org/ns#"
-   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-   xmlns:svg="http://www.w3.org/2000/svg"
-   xmlns="http://www.w3.org/2000/svg"
-   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
    class="w-6 h-6"
    fill="currentColor"
-   viewBox="0 0 20 20"
+   viewBox="0 0 16 16"
    version="1.1"
    id="svg4"
    sodipodi:docname="library.svg"
-   inkscape:version="1.0.1 (1.0.1+r73)">
+   inkscape:version="1.3.2 (091e20ef0f, 2023-11-25, custom)"
+   width="16"
+   height="16"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:dc="http://purl.org/dc/elements/1.1/">
   <metadata
      id="metadata10">
     <rdf:RDF>
@@ -36,8 +38,8 @@
      guidetolerance="10"
      inkscape:pageopacity="0"
      inkscape:pageshadow="2"
-     inkscape:window-width="1920"
-     inkscape:window-height="1023"
+     inkscape:window-width="3432"
+     inkscape:window-height="1364"
      id="namedview6"
      showgrid="false"
      inkscape:zoom="42.6"
@@ -46,11 +48,15 @@
      inkscape:window-x="0"
      inkscape:window-y="0"
      inkscape:window-maximized="1"
-     inkscape:current-layer="svg4" />
+     inkscape:current-layer="svg4"
+     inkscape:showpageshadow="2"
+     inkscape:pagecheckerboard="0"
+     inkscape:deskcolor="#d1d1d1" />
   <path
      fill-rule="evenodd"
-     d="M10.496 2.132a1 1 0 00-.992 0l-7 4A1 1 0 003 8v7a1 1 0 100 2h14a1 1 0 100-2V8a1 1 0 00.496-1.868l-7-4zM6 9a1 1 0 00-1 1v3a1 1 0 102 0v-3a1 1 0 00-1-1zm3 1a1 1 0 012 0v3a1 1 0 11-2 0v-3zm5-1a1 1 0 00-1 1v3a1 1 0 102 0v-3a1 1 0 00-1-1z"
+     d="m 8.4959317,0.14045899 c -0.3073192,-0.18727865 -0.6845439,-0.18727865 -0.9918631,0 L 0.50503469,4.4072173 C -0.38445933,4.9500879 -0.02379612,6.3991768 1.0009662,6.3997934 v 7.4668276 c -1.3331487,0 -1.3331487,2.133379 0,2.133379 H 14.999034 c 1.333149,0 1.333149,-2.133379 0,-2.133379 V 6.3997934 c 1.024762,-6.166e-4 1.385425,-1.4497055 0.495931,-1.9925761 z M 4.0005522,7.4664829 c -0.5522085,0 -0.999862,0.4775733 -0.999862,1.0666896 v 3.2000695 c 0,1.422252 1.999724,1.422252 1.999724,0 V 8.5331725 c 0,-0.5891163 -0.4476535,-1.0666896 -0.999862,-1.0666896 z m 2.9995859,1.0666896 c 0,-1.4222522 1.999724,-1.4222522 1.999724,0 v 3.2000695 c 0,1.422252 -1.999724,1.422252 -1.999724,0 z M 11.999448,7.4664829 c -0.552209,0 -0.999862,0.4775733 -0.999862,1.0666896 v 3.2000695 c 0,1.422252 1.999724,1.422252 1.999724,0 V 8.5331725 c 0,-0.5891163 -0.447654,-1.0666896 -0.999862,-1.0666896 z"
      clip-rule="evenodd"
      id="path2"
-     style="fill:#808080;fill-opacity:1" />
+     style="fill:#808080;fill-opacity:1;stroke-width:1.03274"
+     sodipodi:nodetypes="cccccssccccsssssssssssssssss" />
 </svg>
diff --git a/client/src/img/whatsnew/2024-01-17-meta-collection-icon.png b/client/src/img/whatsnew/2024-01-17-meta-collection-icon.png
new file mode 100644
index 000000000..660cefd20
Binary files /dev/null and b/client/src/img/whatsnew/2024-01-17-meta-collection-icon.png differ
diff --git a/client/src/img/whatsnew/2024-01-17-meta-collection-panel-overview-filters.png b/client/src/img/whatsnew/2024-01-17-meta-collection-panel-overview-filters.png
new file mode 100644
index 000000000..162e17c8c
Binary files /dev/null and b/client/src/img/whatsnew/2024-01-17-meta-collection-panel-overview-filters.png differ
diff --git a/client/src/js/SM/MetaPanel.js b/client/src/js/SM/MetaPanel.js
new file mode 100644
index 000000000..7c24164bc
--- /dev/null
+++ b/client/src/js/SM/MetaPanel.js
@@ -0,0 +1,1886 @@
+Ext.ns('SM.MetaPanel')
+
+SM.MetaPanel.numberRenderer = new Intl.NumberFormat().format
+
+SM.MetaPanel.CommonColumns = [
+  {
+    header: "Checks",
+    width: 50,
+    dataIndex: 'assessments',
+    align: "center",
+    sortable: true,
+    renderer: SM.MetaPanel.numberRenderer
+  },
+  {
+    header: 'Oldest',
+    width: 50,
+    dataIndex: 'minTs',
+    align: 'center',
+    sortable: true,
+    renderer: renderDurationToNow
+  },
+  {
+    header: 'Newest',
+    width: 50,
+    dataIndex: 'maxTs',
+    align: 'center',
+    sortable: true,
+    renderer: renderDurationToNow
+  },
+  {
+    header: 'Updated',
+    width: 50,
+    dataIndex: 'maxTouchTs',
+    align: 'center',
+    sortable: true,
+    renderer: renderDurationToNow
+  },
+  {
+    header: "Assessed",
+    width: 75,
+    dataIndex: 'assessedPct',
+    // align: "center",
+    sortable: true,
+    renderer: renderPct
+  },
+  {
+    header: "Submitted",
+    width: 75,
+    dataIndex: 'submittedPct',
+    // align: "center",
+    sortable: true,
+    renderer: renderPct
+  },
+  {
+    header: "Accepted",
+    width: 75,
+    dataIndex: 'acceptedPct',
+    // align: "center",
+    sortable: true,
+    renderer: renderPct
+  },
+  {
+    header: "Rejected",
+    width: 75,
+    dataIndex: 'rejectedPct',
+    // align: "center",
+    sortable: true,
+    renderer: renderPctAllHigh
+  },
+  {
+    header: "CAT 3",
+    width: 50,
+    dataIndex: 'low',
+    align: "center",
+    sortable: true,
+    renderer: SM.CollectionPanel.Renderers.severityCount
+  },
+  {
+    header: "CAT 2",
+    width: 50,
+    dataIndex: 'medium',
+    align: "center",
+    sortable: true,
+    renderer: SM.CollectionPanel.Renderers.severityCount
+  },
+  {
+    header: "CAT 1",
+    width: 50,
+    dataIndex: 'high',
+    align: "center",
+    sortable: true,
+    renderer: SM.CollectionPanel.Renderers.severityCount
+  },
+]
+
+SM.MetaPanel.getRevisionId = function (benchmarkId, revisionStr) {
+  const [results, version, release] = /V(\d+)R(\d+(\.\d+)?)/.exec(revisionStr)
+  return `${benchmarkId}-${version}-${release}`
+}
+
+SM.MetaPanel.renderWithToolFactory = function (action) {
+  let imgSrc, tipTarget
+  switch (action) {
+    case 'dashboard':
+      imgSrc = "img/collection-color.svg"
+      tipTarget = 'dashboard'
+      break
+    case 'checklist':
+    default:
+      imgSrc = "img/shield-green-check.svg"
+      tipTarget = 'checklist'
+      break
+  }
+  return function (v) {
+    return `
+    <div class="sm-grid-cell-with-toolbar">
+      <div class="sm-dynamic-width">
+        <div class="sm-info">${v}</div>
+      </div>
+      <div class="sm-static-width"><img class="sm-grid-cell-toolbar-edit" sm:action="${action}" ext:qtip="Open ${tipTarget}" src="${imgSrc}" width="13" height="13"></div>
+    </div>`
+  }
+}
+
+SM.MetaPanel.AggGrid = Ext.extend(Ext.grid.GridPanel, {
+  initComponent: function () {
+    const _this = this
+
+    const sm = this.checkboxSelModel ? new Ext.grid.CheckboxSelectionModel({
+      singleSelect: false,
+      checkOnly: false,
+    }) : new Ext.grid.RowSelectionModel({
+      singleSelect: true
+    })
+    const fields = [...SM.CollectionPanel.CommonFields]
+    const columns = []
+    if (this.checkboxSelModel) {
+      columns.push(sm)
+    }
+    let idProperty, sortField = 'name', autoExpandColumn = Ext.id()
+    let rowdblclick = () => { }
+    let cellmousedown = () => { }
+
+    const rowCountCfg = {
+      noun: this.aggregation,
+      iconCls: `sm-${this.aggregation}-icon`
+    }
+    switch (this.aggregation) {
+      case 'asset':
+        fields.push(
+          { name: 'assetId', type: 'string' },
+          { name: 'name', type: 'string' },
+          { name: 'labelIds', type: 'string', convert: (v, r) => r.labels.map(l => l.labelId) },
+          'benchmarkIds',
+          { name: 'stigCount', convert: (v, r) => r.benchmarkIds.length }
+        )
+        columns.push(
+          {
+            header: "Asset",
+            width: 175,
+            id: autoExpandColumn,
+            dataIndex: 'name',
+            sortable: true,
+            filter: { type: 'string' }
+          },
+          {
+            header: "Labels",
+            width: 120,
+            dataIndex: 'labelIds',
+            sortable: false,
+            filter: {
+              type: 'values',
+              collectionId: _this.collectionId,
+              renderer: SM.ColumnFilters.Renderers.labels
+            },
+            renderer: function (value, metadata) {
+              const labels = []
+              for (const labelId of value) {
+                const label = SM.Cache.CollectionMap.get(_this.collectionId).labelMap.get(labelId)
+                if (label) labels.push(label)
+              }
+              labels.sort((a, b) => a.name.localeCompare(b.name))
+              metadata.attr = 'style="white-space:nowrap;text-overflow:clip;"'
+              return SM.styledEmptyRenderer(SM.Collection.LabelArrayTpl.apply(labels))
+            }
+          },
+          {
+            header: "STIGs",
+            width: 50,
+            dataIndex: 'stigCount',
+            align: "center",
+            tooltip: "Total STIGs Assigned",
+            sortable: true
+          }
+        )
+        idProperty = 'assetId'
+        break
+      case 'collection':
+        fields.push(
+          { name: 'collectionId', type: 'string' },
+          { name: 'name', type: 'string' },
+          { name: 'assets', type: 'integer' },
+          { name: 'stigs', type: 'integer' },
+          { name: 'checklists', type: 'integer' }
+        )
+        columns.push(
+          {
+            header: "Collection",
+            width: 175,
+            id: autoExpandColumn,
+            dataIndex: 'name',
+            sortable: true,
+            renderer: SM.MetaPanel.renderWithToolFactory(this.hideReviewTool ? 'dashboard' : 'checklist'),
+            filter: { type: 'string' },
+            listeners: {
+              mousedown: function (col, grid, index, e) {
+                if (e.target.className === "sm-grid-cell-toolbar-edit") {
+                  return false
+                }
+              }
+            }
+          },
+          {
+            header: "Assets",
+            width: 50,
+            dataIndex: 'assets',
+            align: "center",
+            tooltip: "Total Assets in the Collection",
+            sortable: true,
+            renderer: SM.MetaPanel.numberRenderer
+          }
+        )
+        if (this.region === 'north') {
+          columns.push(
+            {
+              header: "STIGs",
+              width: 50,
+              dataIndex: 'stigs',
+              align: "center",
+              tooltip: "Total STIGs in the Collection",
+              sortable: true
+            },
+            {
+              header: "Checklists",
+              width: 50,
+              dataIndex: 'checklists',
+              align: "center",
+              tooltip: "Total Asset/STIG in the Collection",
+              sortable: true,
+              renderer: SM.MetaPanel.numberRenderer
+            }  
+          )
+        }
+        idProperty = 'collectionId'
+        sortField = 'name'
+        rowdblclick = (grid, rowIndex) => {
+          const r = grid.getStore().getAt(rowIndex)
+          const leaf = {
+            collectionId: r.data.collectionId,
+            benchmarkId: grid.benchmarkId,
+            revisionStr: grid.revisionStr
+          }
+          addCollectionReview({ leaf })
+        }
+        cellmousedown = (grid, rowIndex, columnIndex, e) => {
+          if (e.target.className === "sm-grid-cell-toolbar-edit") {
+            const r = grid.getStore().getAt(rowIndex)
+            const action = e.target.getAttribute('sm:action')
+            if (action === 'dashboard') {
+              SM.CollectionPanel.showCollectionTab({
+                collectionId: r.data.collectionId,
+                collectionName: r.data.name,
+
+              })
+            }
+            else {
+              const leaf = {
+                collectionId: r.data.collectionId,
+                benchmarkId: grid.benchmarkId,
+                revisionStr: grid.revisionStr
+              }
+              addCollectionReview({ leaf }) 
+            }
+          }
+        }
+
+        break
+      case 'stig':
+        fields.push(
+          { name: 'benchmarkId', type: 'string' },
+          { name: 'title', type: 'string' },
+          { name: 'revisionStr', type: 'string' },
+          { name: 'revisionPinned' },
+          'collections',
+          'assets',
+          { name: 'revisionId', type: 'string', convert: (v, r) => SM.MetaPanel.getRevisionId(r.benchmarkId, r.revisionStr) }
+        )
+        idProperty = r => SM.MetaPanel.getRevisionId(r.benchmarkId, r.revisionStr)
+        columns.push(
+          {
+            header: "Benchmark",
+            width: 175,
+            id: autoExpandColumn,
+            dataIndex: 'benchmarkId',
+            sortable: true,
+            renderer: this.hideReviewTool ?  v => v : SM.MetaPanel.renderWithToolFactory('checklist'),
+            filter: { type: 'string' },
+            listeners: {
+              mousedown: function (col, grid, index, e) {
+                if (e.target.className === "sm-grid-cell-toolbar-edit") {
+                  return false
+                }
+              }
+            }
+          },
+          {
+            header: "Title",
+            width: 175,
+            dataIndex: 'title',
+            sortable: true,
+            filter: { type: 'string' },
+            hidden: true
+          },
+          {
+            header: "Revision",
+            width: 58,
+            dataIndex: 'revisionStr',
+            align: "left",
+            tooltip: "Default revision",
+            sortable: true,
+            renderer: function (v, md, r) {
+              return `${r.data.revisionStr}${r.data.revisionPinned ? '<img src="img/pin.svg" width="12" height="12" style="margin-left: 8px;">' : ''}`
+            }
+          }
+        )
+        if (this.region === 'north') {
+          columns.push(
+            {
+              header: "Collections",
+              width: 50,
+              dataIndex: 'collections',
+              align: "center",
+              tooltip: "Total Collections with this STIG assigned",
+              sortable: true
+            }
+          )
+        } 
+        columns.push(
+          {
+            header: "Assets",
+            width: 50,
+            dataIndex: 'assets',
+            align: "center",
+            tooltip: "Total Assets with this STIG assigned",
+            sortable: true,
+            renderer: SM.MetaPanel.numberRenderer
+          }
+        )
+        sortField = 'benchmarkId'
+        rowdblclick = (grid, rowIndex) => {
+          const r = grid.getStore().getAt(rowIndex)
+          const leaf = {
+            collectionId: grid.collectionId,
+            benchmarkId: r.data.benchmarkId,
+            revisionStr: r.data.revisionStr
+          }
+          addCollectionReview({ leaf })
+        }
+        cellmousedown = (grid, rowIndex, columnIndex, e) => {
+          if (e.target.className === "sm-grid-cell-toolbar-edit") {
+            const r = grid.getStore().getAt(rowIndex)
+            const leaf = {
+              collectionId: grid.collectionId,
+              benchmarkId: r.data.benchmarkId,
+              revisionStr: r.data.revisionStr
+            }
+            addCollectionReview({ leaf })
+          }
+        }
+        rowCountCfg.noun = 'STIG'
+        break
+    }
+    columns.push(...SM.MetaPanel.CommonColumns)
+
+    this.proxy = new Ext.data.HttpProxy({
+      restful: true,
+      url: `${STIGMAN.Env.apiBase}/collections/meta/metrics/summary/${this.aggregation}`,
+      headers: { 'Content-Type': 'application/json;charset=utf-8' }
+    })
+    const store = new Ext.data.JsonStore({
+      grid: this,
+      autoLoad: this.storeAutoLoad ?? false,
+      baseParams: this.baseParams,
+      smMaskDelay: 50,
+      proxy: this.proxy,
+      root: '',
+      fields,
+      idProperty,
+      sortInfo: {
+        field: sortField,
+        direction: 'ASC' // or 'DESC' (case sensitive for local sorting)
+      }
+    })
+    this.totalTextCmp = new SM.RowCountTextItem({
+      store,
+      ...rowCountCfg
+    })
+
+    const config = {
+      layout: 'fit',
+      store,
+      loadMask: { msg: '' },
+      sm,
+      cm: new Ext.grid.ColumnModel({
+        columns
+      }),
+      view: new SM.ColumnFilters.GridViewBuffered({
+        emptyText: this.emptyText || 'No records to display',
+        deferEmptyText: false,
+        forceFit: true,
+        cellSelectorDepth: 5,
+        // custom row height
+        rowHeight: 21,
+        borderHeight: 2,
+        // render rows as they come into viewable area.
+        scrollDelay: false,
+        autoExpandColumn,
+        listeners: {
+          filterschanged: function (view, item, value) {
+            store.filter(view.getFilterFns())
+          }
+        }
+      }),
+      bbar: new Ext.Toolbar({
+        items: [
+          {
+            xtype: 'sm-reload-store-button',
+            store,
+            handler: this.reloadBtnHandler
+          },
+          {
+            xtype: 'tbseparator'
+          }, {
+            xtype: 'exportbutton',
+            hasMenu: false,
+            grid: this,
+            gridBasename: this.exportName || this.title || 'aggregation',
+            iconCls: 'sm-export-icon',
+            text: 'CSV'
+          }, {
+            xtype: 'tbfill'
+          }, {
+            xtype: 'tbseparator'
+          },
+          this.totalTextCmp
+        ]
+      }),
+      listeners: {
+        rowdblclick,
+        cellmousedown
+      }
+    }
+    Ext.apply(this, Ext.apply(this.initialConfig, config))
+    this.superclass().initComponent.call(this)
+  }
+})
+
+SM.MetaPanel.UnaggGrid = Ext.extend(Ext.grid.GridPanel, {
+  initComponent: function () {
+    const _this = this
+    const fields = [
+      { name: 'assetId', type: 'string' },
+      { name: 'name', type: 'string' },
+      { name: 'labelIds', type: 'string', convert: (v, r) => r.labels.map(l => l.labelId) },
+      'benchmarkId',
+      'title',
+      'revisionStr',
+      'revisionPinned',
+      ...SM.CollectionPanel.CommonFields
+    ]
+    const columns = []
+    let sortField, autoExpandColumn = Ext.id()
+
+    switch (this.parentAggregation) {
+      case 'stig':
+        columns.push(
+          {
+            header: "Asset",
+            width: 175,
+            id: autoExpandColumn,
+            dataIndex: 'name',
+            sortable: true,
+            filter: { type: 'string' },
+            renderer: SM.MetaPanel.renderWithToolFactory('checklist')
+          },
+          {
+            header: "Labels",
+            width: 120,
+            dataIndex: 'labelIds',
+            sortable: false,
+            // filter: {
+            //   type: 'values',
+            //   collectionId: _this.collectionId,
+            //   renderer: SM.ColumnFilters.Renderers.labels
+            // },
+            renderer: function (value, metadata) {
+              const labels = []
+              for (const labelId of value) {
+                const label = SM.Cache.CollectionMap.get(_this.collectionId).labelMap.get(labelId)
+                if (label) labels.push(label)
+              }
+              labels.sort((a, b) => a.name.localeCompare(b.name))
+              metadata.attr = 'style="white-space:nowrap;text-overflow:clip;"'
+              return SM.styledEmptyRenderer(SM.Collection.LabelArrayTpl.apply(labels))
+            }
+          }
+        )
+        sortField = 'name'
+        break
+      case 'asset':
+        columns.push(
+          {
+            header: "Benchmark",
+            width: 175,
+            id: autoExpandColumn,
+            dataIndex: 'benchmarkId',
+            sortable: true,
+            filter: { type: 'string' },
+            renderer: SM.MetaPanel.renderWithToolFactory('checklist')
+          },
+          {
+            header: "Title",
+            width: 175,
+            dataIndex: 'title',
+            sortable: true,
+            filter: { type: 'string' },
+            hidden: true
+          },
+          {
+            header: "Revision",
+            width: 58,
+            dataIndex: 'revisionStr',
+            align: "center",
+            tooltip: "Default revision",
+            sortable: true,
+            renderer: function (v, md, r) {
+              return `${r.data.revisionStr}${r.data.revisionPinned ? '<img src="img/pin.svg" width="12" height="12" style="margin-left: 8px;">' : ''}`
+            }
+          }
+        )
+        sortField = 'benchmarkId'
+        break
+    }
+    columns.push(...SM.MetaPanel.CommonColumns)
+
+    this.proxy = new Ext.data.HttpProxy({
+      restful: true,
+      url: `${STIGMAN.Env.apiBase}/collections/${this.collectionId}/metrics/summary`,
+      headers: { 'Content-Type': 'application/json;charset=utf-8' }
+    })
+    const store = new Ext.data.JsonStore({
+      grid: this,
+      autoLoad: false,
+      smMaskDelay: 50,
+      proxy: this.proxy,
+      root: '',
+      fields,
+      idProperty: (v) => {
+        return `${v.assetId}-${v.benchmarkId}`
+      },
+      sortInfo: {
+        field: sortField,
+        direction: 'ASC' // or 'DESC' (case sensitive for local sorting)
+      }
+    })
+    this.totalTextCmp = new SM.RowCountTextItem({
+      store,
+      noun: 'checklist',
+      iconCls: 'sm-stig-icon'
+    })
+
+    const rowdblclick = (grid, rowIndex) => {
+      const r = grid.getStore().getAt(rowIndex)
+      const leaf = {
+        collectionId: grid.collectionId,
+        assetId: r.data.assetId,
+        assetName: r.data.name,
+        assetLabelIds: r.data.labelIds,
+        benchmarkId: r.data.benchmarkId,
+        revisionStr: r.data.revisionStr,
+        stigName: r.data.benchmarkId,
+      }
+      addReview({ leaf })
+    }
+
+    function cellclick(grid, rowIndex, columnIndex, e) {
+      if (e.target.className === "sm-grid-cell-toolbar-edit") {
+        const r = grid.getStore().getAt(rowIndex)
+        const leaf = {
+          collectionId: grid.collectionId,
+          assetId: r.data.assetId,
+          assetName: r.data.name,
+          assetLabelIds: r.data.labelIds,
+          benchmarkId: r.data.benchmarkId,
+          revisionStr: r.data.revisionStr,
+          stigName: r.data.benchmarkId,
+        }
+        addReview({ leaf })
+      }
+    }
+
+    const config = {
+      layout: 'fit',
+      store,
+      loadMask: { msg: '' },
+      cm: new Ext.grid.ColumnModel({
+        columns
+      }),
+      view: new SM.ColumnFilters.GridViewBuffered({
+        emptyText: this.emptyText || 'No records to display',
+        deferEmptyText: false,
+        forceFit: true,
+        cellSelectorDepth: 5,
+        // custom row height
+        rowHeight: 21,
+        borderHeight: 2,
+        // render rows as they come into viewable area.
+        scrollDelay: false,
+        autoExpandColumn,
+        listeners: {
+          filterschanged: function (view, item, value) {
+            store.filter(view.getFilterFns())
+          }
+        }
+      }),
+      bbar: new Ext.Toolbar({
+        items: [
+          {
+            xtype: 'sm-reload-store-button',
+            store,
+            handler: this.reloadBtnHandler
+          },
+          {
+            xtype: 'tbseparator'
+          },
+          {
+            xtype: 'exportbutton',
+            hasMenu: false,
+            grid: this,
+            gridBasename: this.exportName || this.title || 'unaggregated',
+            iconCls: 'sm-export-icon',
+            text: 'CSV'
+          },
+          {
+            xtype: 'tbfill'
+          },
+          {
+            xtype: 'tbseparator'
+          },
+          this.totalTextCmp
+        ]
+      }),
+      listeners: {
+        rowdblclick,
+        cellclick
+      }
+    }
+    Ext.apply(this, Ext.apply(this.initialConfig, config))
+    this.superclass().initComponent.call(this)
+  }
+})
+
+SM.MetaPanel.ProgressPanel = Ext.extend(Ext.Panel, {
+  initComponent: function () {
+
+    const calcMetrics = function (metrics) {
+      return {
+        unassessed: metrics.assessments - metrics.assessed,
+        assessed: metrics.statuses.saved - metrics.results.unassessed,
+        submitted: metrics.statuses.submitted,
+        accepted: metrics.statuses.accepted,
+        rejected: metrics.statuses.rejected,
+        assessments: metrics.assessments,
+        apiAssessed: metrics.assessed
+      }
+    }
+
+    const chartOptions = {
+      type: 'doughnut',
+      data: {
+        datasets: [{
+          data: [0, 0, 0, 0, 0],
+          backgroundColor: SM.CollectionPanel.ProgressPanelColors(localStorage.getItem('darkMode') === '1' ? 'dark' : 'light'),
+          borderWidth: [1, 1],
+          borderColor: '#bbbbbb'
+        }],
+        labels: [
+          'Assessed',
+          'Submitted',
+          'Accepted',
+          'Unassessed',
+          'Rejected'
+        ],
+      },
+      options: {
+        responsive: true,
+        plugins: {
+          legend: {
+            display: false
+          }
+        }
+      }
+    }
+
+    const chartPanel = new SM.CollectionPanel.ChartPanel({
+      border: false,
+      width: 170,
+      height: 170,
+      chartOptions
+    })
+
+    const onThemeChanged = function (theme) {
+      if (chartPanel.chart) {
+        chartPanel.chart.config._config.data.datasets[0].backgroundColor = SM.CollectionPanel.ProgressPanelColors(theme)
+        chartPanel.chart.update()
+      }
+    }
+    SM.Dispatcher.addListener('themechanged', onThemeChanged)
+
+    const updateMetrics = function (metrics) {
+      const metricCalcs = calcMetrics(metrics)
+      dataPanel.update(metricCalcs)
+      if (chartPanel.chart) {
+        chartPanel.chart.config._config.data.datasets[0].data = [
+          metricCalcs.assessed, //Assessed
+          metricCalcs.submitted, // Submitted
+          metricCalcs.accepted, // Accepted
+          metricCalcs.unassessed, // Unassessed
+          metricCalcs.rejected // Rejected         
+        ]
+        chartPanel.chart.update()
+      }
+      progressBarsPanel.updateMetrics(metrics)
+    }
+
+    const dataTpl = new Ext.XTemplate(
+      `<div class="sm-metrics-status-pct">{[this.calcAssessedPct(values.apiAssessed, values.assessments)]}% assessed</div>`,
+      '<table class="sm-metrics-status-table" style="margin: 0 auto;">',
+      '<tbody>',
+      '<tr><td class="sm-metrics-label sm-metrics-unassessed">Unassessed</td><td class="sm-metrics-value">{[this.intlNumberFormat(values.unassessed)]}</td></tr>',
+      '<tr><td class="sm-metrics-label sm-metrics-assessed">Assessed</td><td class="sm-metrics-value">{[this.intlNumberFormat(values.assessed)]}</td></tr>',
+      '<tr><td class="sm-metrics-label sm-metrics-submitted">Submitted</td><td class="sm-metrics-value">{[this.intlNumberFormat(values.submitted)]}</td></tr>',
+      '<tr><td class="sm-metrics-label sm-metrics-accepted">Accepted</td><td class="sm-metrics-value">{[this.intlNumberFormat(values.accepted)]}</td></tr>',
+      '<tr><td class="sm-metrics-label sm-metrics-rejected">Rejected</td><td class="sm-metrics-value">{[this.intlNumberFormat(values.rejected)]}</td></tr>',
+      '<tr class="sm-metrics-total"><td>Total Checks</td><td class="sm-metrics-value">{[this.intlNumberFormat(values.assessments)]}</td></tr>',
+      '</tbody>',
+      '</table>',
+      {
+        calcAssessedPct: function (assessed, assessments) {
+          const pct = assessments ? assessed / assessments * 100 : 0
+          if (pct > 99 && pct < 100) {
+            return '>99'
+          }
+          else {
+            return pct.toFixed(0).toString()
+          }
+        },
+        intlNumberFormat: SM.MetaPanel.numberRenderer
+      }
+    )
+
+    const dataPanel = new Ext.Panel({
+      border: false,
+      tpl: dataTpl,
+      width: 175
+    })
+    const progressBarsPanel = new SM.CollectionPanel.ProgressBarsPanel({
+      border: false,
+      height: 44
+    })
+
+    const config = {
+      layout: 'vbox',
+      height: 290,
+      layoutConfig: {
+        align: 'stretch',
+        pack: 'center'
+      },
+      items: [
+        {
+          layout: 'hbox',
+          height: 180,
+          border: false,
+          layoutConfig: {
+            align: 'middle',
+            pack: 'center'
+          },
+          items: [chartPanel, { width: 30, border: false }, dataPanel]
+        },
+        { height: 20, border: false },
+        progressBarsPanel,
+      ],
+      updateMetrics,
+      listeners: {
+        beforedestroy: function () {
+          SM.Dispatcher.removeListener('themechanged', onThemeChanged)
+        }
+      }
+    }
+    Ext.apply(this, Ext.apply(this.initialConfig, config))
+    SM.MetaPanel.ProgressPanel.superclass.initComponent.call(this)
+  }
+})
+
+SM.MetaPanel.FindingsPanel = Ext.extend(Ext.Panel, {
+  initComponent: function () {
+    const _this = this
+    const tpl = new Ext.XTemplate(
+      '<div class="sm-metrics-count-parent">',
+      '<div class="sm-metrics-count-child sm-metrics-low-box">',
+      `<div class="sm-metrics-count-label">CAT 3</div><div class="sm-metrics-count-value">{[SM.MetaPanel.numberRenderer(values.low)]}</div>`,
+      '</div>',
+      '<div class="sm-metrics-count-child sm-metrics-medium-box" >',
+      `<div class="sm-metrics-count-label">CAT 2</div><div class="sm-metrics-count-value">{[SM.MetaPanel.numberRenderer(values.medium)]}</div>`,
+      '</div>',
+      '<div class="sm-metrics-count-child sm-metrics-high-box" >',
+      `<div class="sm-metrics-count-label">CAT 1</div><div class="sm-metrics-count-value">{[SM.MetaPanel.numberRenderer(values.high)]}</div>`,
+      '</div>',
+      '</div>'
+    )
+    const updateMetrics = function (metrics) {
+      _this.update(metrics)
+    }
+    const config = {
+      tpl,
+      data: this.metrics,
+      updateMetrics
+    }
+    Ext.apply(this, Ext.apply(this.initialConfig, config))
+    this.superclass().initComponent.call(this)
+  }
+})
+
+SM.MetaPanel.ExportPanel = Ext.extend(Ext.Panel, {
+  initComponent: function () {
+    const _this = this
+    const collectionId = this.collectionId
+    const localStorageBase = 'metaExport'
+
+    const formatComboBox = new Ext.form.ComboBox({
+      mode: 'local',
+      width: 110,
+      fieldLabel: "Format",
+      forceSelection: true,
+      autoSelect: true,
+      editable: false,
+      store: new Ext.data.SimpleStore({
+        fields: ['displayStr', 'valueStr'],
+        data: [
+          ['JSON', 'json'],
+          ['CSV', 'csv']
+        ]
+      }),
+      valueField: 'valueStr',
+      displayField: 'displayStr',
+      value: localStorage.getItem(`${localStorageBase}Format`) || 'json',
+      monitorValid: false,
+      triggerAction: 'all',
+      listeners: {
+        select: function (combo, record, index) {
+          localStorage.setItem(`${localStorageBase}Format`, combo.getValue())
+        }
+      }
+    })
+    const styleComboBox = new Ext.form.ComboBox({
+      mode: 'local',
+      width: 110,
+      fieldLabel: "Style",
+      forceSelection: true,
+      autoSelect: true,
+      editable: false,
+      store: new Ext.data.SimpleStore({
+        fields: ['displayStr', 'valueStr'],
+        data: [
+          ['Summary', 'summary'],
+          ['Detail', 'detail']
+        ]
+      }),
+      valueField: 'valueStr',
+      displayField: 'displayStr',
+      value: localStorage.getItem(`${localStorageBase}Style`) || 'summary',
+      monitorValid: false,
+      triggerAction: 'all',
+      listeners: {
+        select: function (combo, record, index) {
+          localStorage.setItem(`${localStorageBase}Style`, combo.getValue())
+        }
+      }
+    })
+    const aggComboBox = new Ext.form.ComboBox({
+      mode: 'local',
+      width: 110,
+      fieldLabel: "Grouped by",
+      forceSelection: true,
+      autoSelect: true,
+      editable: false,
+      store: new Ext.data.SimpleStore({
+        fields: ['displayStr', 'valueStr'],
+        data: [
+          ['Collection', 'collection'],
+          ['STIG', 'stig'],
+          ['Totals', 'unagg']
+        ]
+      }),
+      valueField: 'valueStr',
+      displayField: 'displayStr',
+      value: localStorage.getItem(`${localStorageBase}Agg`) || 'collection',
+      monitorValid: false,
+      triggerAction: 'all',
+      listeners: {
+        select: function (combo, record, index) {
+          localStorage.setItem(`${localStorageBase}Agg`, combo.getValue())
+        }
+      }
+    })
+    const exportButton = new Ext.Button({
+      text: 'Download',
+      iconCls: 'sm-export-icon',
+      disabled: false,
+      style: {
+        position: 'relative',
+        top: '-52px',
+        left: '255px'
+      },
+      handler: async function () {
+        const queryParams = Object.entries(_this.baseParams ?? {}).flatMap(([k, v]) => Array.isArray(v) ? v.map((v) => [k, v]) : [[k, v]])
+        const format = formatComboBox.getValue()
+        queryParams.push(['format', format])
+        const queryParamsStr = new URLSearchParams(queryParams).toString()
+
+        const style = styleComboBox.getValue()
+        const agg = aggComboBox.getValue()
+        const url = `${STIGMAN.Env.apiBase}/collections/meta/metrics/${style}${agg === 'unagg' ? '' : `/${agg}`}?${queryParamsStr}`
+
+        const attachment = `${agg}-${style}.${format}`
+        await window.oidcProvider.updateToken(10)
+        const fetchInit = {
+          method: 'GET',
+          headers: {
+            'Authorization': `Bearer ${window.oidcProvider.token}`,
+            'Accept': `${format === 'csv' ? 'text/csv' : 'application/json'}`
+          },
+          attachment
+        }
+        const href = await SM.ServiceWorker.getDownloadUrl({ url, ...fetchInit })
+        if (href) {
+          window.location = href
+          return
+        }
+        const response = await fetch(url, fetchInit)
+        if (!response.ok) {
+          const body = await response.text()
+          throw new Error(`Request failed with status ${response.status}\n${body}`)
+        }
+        const blob = await response.blob()
+        saveAs(blob, attachment)
+      }
+    })
+
+
+    const config = {
+      layout: 'form',
+      items: [
+        aggComboBox,
+        styleComboBox,
+        formatComboBox,
+        exportButton
+      ]
+    }
+    Ext.apply(this, Ext.apply(this.initialConfig, config))
+    this.superclass().initComponent.call(this)
+  }
+})
+
+SM.MetaPanel.InventoryPanel = Ext.extend(Ext.Panel, {
+  initComponent: function () {
+    const _this = this
+    const tpl = new Ext.XTemplate(
+      '<div class="sm-metrics-count-parent">',
+      '<div class="sm-metrics-count-child sm-metrics-inventory-box" >',
+      `<div class="sm-metrics-count-label">Assets</div><div class="sm-metrics-count-value">{[SM.MetaPanel.numberRenderer(values.assets)]}</div>`,
+      '</div>',
+      '<div class="sm-metrics-count-child sm-metrics-inventory-box">',
+      `<div class="sm-metrics-count-label">STIGs</div><div class="sm-metrics-count-value">{[SM.MetaPanel.numberRenderer(values.stigs)]}</div>`,
+      '</div>',
+      '<div class="sm-metrics-count-child sm-metrics-inventory-box">',
+      `<div class="sm-metrics-count-label">Checklists</div><div class="sm-metrics-count-value">{[SM.MetaPanel.numberRenderer(values.checklists)]}</div>`,
+      '</div>',
+      '</div>'
+    )
+    const updateMetrics = function (metrics) {
+      _this.update(metrics)
+    }
+    const config = {
+      tpl,
+      data: this.data,
+      updateMetrics
+    }
+    Ext.apply(this, Ext.apply(this.initialConfig, config))
+    this.superclass().initComponent.call(this)
+  }
+})
+
+SM.MetaPanel.OverviewPanel = Ext.extend(Ext.Panel, {
+  initComponent: function () {
+    const _this = this
+    const toolTemplate = new Ext.XTemplate(
+      '<tpl if="!!values.text">',
+      '<div class="x-tool x-tool-{id}">{text}</div>',
+      '</tpl>',
+      '<tpl if="!!!values.text">',
+      '<div class="x-tool x-tool-{id}">&#160;</div>',
+      '</tpl>'
+    )
+
+    const collectionId = this.collectionId
+    this.lastRefreshedTextItem = new Ext.Toolbar.TextItem({
+      text: '',
+      tpl: [
+        `<span style="font-weight:600;">Fetched:</span> {[Ext.util.Format.date(values.date,'Y-m-d H:i:s T')]}`
+      ]
+    })
+    this.reloadBtn = new SM.ReloadStoreButton({
+      handler: this.reloadBtnHandler
+    })
+
+    this.inventoryPanel = new SM.MetaPanel.InventoryPanel({
+      cls: 'sm-round-inner-panel',
+      bodyStyle: 'padding: 10px;',
+      title: 'Inventory',
+      tools: this.inventoryPanelTools || undefined,
+      toolTemplate,
+      border: true
+    })
+    this.progressPanel = new SM.MetaPanel.ProgressPanel({
+      cls: 'sm-round-inner-panel',
+      bodyStyle: 'padding: 10px;',
+      title: 'Progress',
+      tools: this.progressPanelTools || undefined,
+      border: true
+    })
+    this.agesPanel = new SM.CollectionPanel.AgesPanel({
+      cls: 'sm-round-inner-panel',
+      bodyStyle: 'padding: 10px;',
+      title: 'Review Ages',
+      tools: this.agesPanelTools || undefined,
+      border: true
+    })
+    this.findingsPanel = new SM.MetaPanel.FindingsPanel({
+      cls: 'sm-round-inner-panel',
+      bodyStyle: 'padding: 10px;',
+      title: 'Findings',
+      tools: this.findingsPanelTools || undefined,
+      toolTemplate,
+      border: true
+    })
+    this.exportPanel = new SM.MetaPanel.ExportPanel({
+      cls: 'sm-round-inner-panel',
+      bodyStyle: 'padding: 10px;',
+      title: 'Export metrics',
+      border: true,
+      height: 122,
+      collectionId
+    })
+
+    const updateBaseParams = function (params) {
+      _this.baseParams = params
+      _this.exportPanel.baseParams = params
+    }
+    const updatePanels = function (data) {
+      _this.inventoryPanel.updateMetrics(data)
+      _this.progressPanel.updateMetrics(data.metrics)
+      _this.agesPanel.updateMetrics(data.metrics)
+      _this.findingsPanel.updateMetrics(data.metrics.findings)
+      _this.lastRefreshedTextItem.update({
+        date: data.date
+      })
+    }
+    const updateData = async function ({ refreshViewsOnly = false, loadMasksDisabled = false } = {}) {
+      try {
+        if (!_this.hasContent || !loadMasksDisabled) {
+          _this.bwrap?.mask('')
+        }
+        _this.reloadBtn.showLoadingIcon()
+        if (!refreshViewsOnly) {
+          const results = await Ext.Ajax.requestPromise({
+            url: `${STIGMAN.Env.apiBase}/collections/meta/metrics/summary`,
+            method: 'GET',
+            params: _this.baseParams
+          })
+          _this.data = JSON.parse(results.response.responseText)
+          _this.data.date = new Date()
+        }
+        updatePanels(_this.data)
+        _this.hasContent = true
+        return _this.data
+      }
+      catch (e) {
+        console.log(e)
+      }
+      finally {
+        _this.bwrap?.unmask()
+        _this.reloadBtn.showRefreshIcon()
+      }
+    }
+    const config = {
+      border: false,
+      autoScroll: true,
+      toolTemplate,
+      items: [
+        this.progressPanel,
+        this.inventoryPanel,
+        this.findingsPanel,
+        this.agesPanel,
+        this.exportPanel
+      ],
+      bbar: [
+        this.reloadBtn,
+        '->',
+        '-',
+        this.lastRefreshedTextItem
+      ],
+      updateData,
+      updateBaseParams
+    }
+    Ext.apply(this, Ext.apply(this.initialConfig, config))
+    this.superclass().initComponent.call(this)
+  }
+})
+
+SM.MetaPanel.AggCollectionPanel = Ext.extend(Ext.Panel, {
+  initComponent: function () {
+    const _this = this
+    const gridNorth = new SM.MetaPanel.AggGrid({
+      aggregation: 'collection',
+      hideReviewTool: true,
+      // stateId: `sm-metrics-agg-grid-label-${collectionId}`,
+      // stateful: true,
+      border: false,
+      reloadBtnHandler: this.reloadBtnHandler,
+      baseParams: this.baseParams,
+      exportName: 'Collections',
+      region: 'north',
+      split: true,
+      height: '33%',
+      initialized: false
+    })
+    const gridCenter = new SM.MetaPanel.AggGrid({
+      title: 'STIGs',
+      // stateId: `sm-metrics-agg-grid-label-asset-${collectionId}`,
+      // stateful: true,
+      border: false,
+      reloadBtnHandler: this.reloadBtnHandler,
+      aggregation: 'stig',
+      storeAutoLoad: false,
+      baseParams: this.baseParams,
+      exportName: 'STIGs',
+      region: 'center'
+    })
+    const gridSouth = new SM.MetaPanel.UnaggGrid({
+      title: 'Checklists',
+      // stateId: `sm-metrics-unagg-grid-collection-${collectionId}`,
+      // stateful: true,
+      border: false,
+      parentAggregation: 'stig',
+      reloadBtnHandler: this.reloadBtnHandler,
+      region: 'south',
+      split: true,
+      height: '33%'
+    })
+    async function onRowSelectNorth(cm, index, record) {
+      gridCenter.collectionId = record.data.collectionId
+      gridCenter.store.proxy.setUrl(`${STIGMAN.Env.apiBase}/collections/${record.data.collectionId}/metrics/summary/stig`)
+      // await gridCenter.store.loadPromise()
+      // gridSouth.store.removeAll()
+      // gridCenter.setTitle(`STIGs for ${record.data.name}`)
+      updateData({includeGridNorth: false})
+
+    }
+    async function onRowSelectCenter(cm, index, record) {
+      const selectedRowNorth = gridNorth.getSelectionModel().getSelected()
+      gridSouth.store.proxy.setUrl(`${STIGMAN.Env.apiBase}/collections/${selectedRowNorth.data.collectionId}/metrics/summary`)
+      gridSouth.collectionId = selectedRowNorth.data.collectionId
+      await gridSouth.store.loadPromise({
+        benchmarkId: record.data.benchmarkId
+      })
+      gridSouth.setTitle(`Checklists for "${record.data.benchmarkId}" in "${selectedRowNorth.data.name}"`)
+    }
+
+    gridNorth.getSelectionModel().on('rowselect', onRowSelectNorth)
+    gridCenter.getSelectionModel().on('rowselect', onRowSelectCenter)
+    const updateBaseParams = function (params) {
+      gridNorth.store.baseParams = _this.baseParams = params
+    }
+    const updateData = async function ({ refreshViewsOnly = false, loadMasksDisabled = false, includeGridNorth = true } = {}) {
+      try {
+        gridNorth.initialized = true
+        const selectedRowNorth = gridNorth.getSelectionModel().getSelected()
+        const selectedRowCenter = gridCenter.getSelectionModel().getSelected()
+
+        if (refreshViewsOnly) {
+          gridNorth.getView().refresh()
+          if (selectedRowNorth) {
+            gridCenter.getView().refresh()
+            if (selectedRowCenter) {
+              gridSouth.getView().refresh()
+            }
+          }
+          return
+        }
+
+        if (includeGridNorth) {
+          let savedLoadMaskDisabled = gridNorth.loadMask.disabled
+          gridNorth.loadMask.disabled = loadMasksDisabled
+          await gridNorth.store.loadPromise()
+          gridNorth.loadMask.disabled = savedLoadMaskDisabled
+        }
+
+        if (!selectedRowNorth) {
+          return
+        }
+
+        const currentRecordNorth = gridNorth.store.getById(selectedRowNorth.data.collectionId)
+        if (!currentRecordNorth) {
+          gridCenter.setTitle('STIGs')
+          gridCenter.store.removeAll()
+          gridSouth.setTitle('Checklists')
+          gridSouth.store.removeAll()
+          return
+        }
+        const currentIndexNorth = gridNorth.store.indexOfId(currentRecordNorth.data.collectionId)
+        gridNorth.view.focusRow(currentIndexNorth)
+        savedLoadMaskDisabled = gridCenter.loadMask.disabled
+        gridCenter.loadMask.disabled = loadMasksDisabled
+        gridCenter.store.proxy.setUrl(`${STIGMAN.Env.apiBase}/collections/${currentRecordNorth.data.collectionId}/metrics/summary/stig`)
+        await gridCenter.store.loadPromise()
+        gridCenter.loadMask.disabled = savedLoadMaskDisabled
+        gridCenter.setTitle(`STIGs in "${currentRecordNorth.data.name}"`)
+
+        
+        const currentRecordCenter = gridCenter.store.getById(selectedRowCenter?.data.revisionId)
+        if (!currentRecordCenter) {
+          gridSouth.setTitle('Checklists')
+          gridSouth.store.removeAll()
+          return
+        }
+        const currentIndexCenter = gridCenter.store.indexOfId(currentRecordCenter.data.revisionId)
+        gridCenter.view.focusRow(currentIndexCenter)
+        savedLoadMaskDisabled = gridSouth.loadMask.disabled
+        gridSouth.loadMask.disabled = loadMasksDisabled
+        gridSouth.store.proxy.setUrl(`${STIGMAN.Env.apiBase}/collections/${currentRecordNorth.data.collectionId}/metrics/summary`)
+        gridSouth.collectionId = currentRecordNorth.data.collectionId
+        await gridSouth.store.loadPromise({
+          benchmarkId: currentRecordCenter.data.benchmarkId
+        })
+        gridSouth.loadMask.disabled = savedLoadMaskDisabled
+        gridSouth.setTitle(`Checklists for "${currentRecordCenter.data.benchmarkId}" in "${currentRecordNorth.data.name}"`)
+
+      }
+      catch (e) {
+        console.log(e)
+      }
+    }
+
+    const config = {
+      layout: 'border',
+      cls: 'sm-metric-agg-panel',
+      items: [
+        gridNorth,
+        gridCenter,
+        gridSouth
+      ],
+      updateBaseParams,
+      updateData
+    }
+    Ext.apply(this, Ext.apply(this.initialConfig, config))
+    this.superclass().initComponent.call(this)
+  }
+})
+
+SM.MetaPanel.AggStigPanel = Ext.extend(Ext.Panel, {
+  initComponent: function () {
+    const _this = this
+    const collectionId = this.collectionId
+    const gridNorth = new SM.MetaPanel.AggGrid({
+      aggregation: 'stig',
+      hideReviewTool: true,
+      // stateId: `sm-metrics-agg-grid-label-${collectionId}`,
+      // stateful: true,
+      border: false,
+      collectionId,
+      reloadBtnHandler: this.reloadBtnHandler,
+      baseParams: this.baseParams,
+      exportName: 'STIGs',
+      region: 'north',
+      split: true,
+      height: '33%',
+      initialized: false
+    })
+    const gridCenter = new SM.MetaPanel.AggGrid({
+      title: 'Collections',
+      // stateId: `sm-metrics-agg-grid-label-asset-${collectionId}`,
+      // stateful: true,
+      border: false,
+      reloadBtnHandler: this.reloadBtnHandler,
+      aggregation: 'collection',
+      storeAutoLoad: false,
+      collectionId,
+      baseParams: this.baseParams,
+      exportName: 'Collections',
+      region: 'center'
+    })
+    const gridSouth = new SM.MetaPanel.UnaggGrid({
+      title: 'Checklists',
+      // stateId: `sm-metrics-unagg-grid-label-${collectionId}`,
+      // stateful: true,
+      border: false,
+      parentAggregation: 'stig',
+      reloadBtnHandler: this.reloadBtnHandler,
+      collectionId,
+      region: 'south',
+      split: true,
+      height: '33%'
+    })
+    async function onRowSelectNorth(cm, index, record) {
+      gridCenter.store.proxy.setUrl(`${STIGMAN.Env.apiBase}/collections/meta/metrics/summary/collection`)
+      gridCenter.benchmarkId = record.data.benchmarkId
+      gridCenter.revisionStr = record.data.revisionStr
+      await gridCenter.store.loadPromise({
+        revisionId: SM.MetaPanel.getRevisionId(record.data.benchmarkId, record.data.revisionStr)
+      })
+      updateData({includeGridNorth: false})
+
+    }
+    async function onRowSelectCenter(cm, index, record) {
+      const selectedRowNorth = gridNorth.getSelectionModel().getSelected()
+      gridSouth.store.proxy.setUrl(`${STIGMAN.Env.apiBase}/collections/${record.data.collectionId}/metrics/summary`)
+      gridSouth.collectionId = record.data.collectionId
+      await gridSouth.store.loadPromise({
+        benchmarkId: selectedRowNorth.data.benchmarkId
+      })
+      gridSouth.setTitle(`Checklists for "${selectedRowNorth.data.benchmarkId}" in "${record.data.name}"`)
+
+    }
+
+    gridNorth.getSelectionModel().on('rowselect', onRowSelectNorth)
+    gridCenter.getSelectionModel().on('rowselect', onRowSelectCenter)
+    const updateBaseParams = function (params) {
+      gridNorth.store.baseParams = _this.baseParams = params
+      gridCenter.store.baseParams = _this.baseParams = params
+    }
+    const updateData = async function ({ refreshViewsOnly = false, loadMasksDisabled = false, includeGridNorth = true } = {}) {
+      try {
+        gridNorth.initialized = true
+        const selectedRowNorth = gridNorth.getSelectionModel().getSelected()
+        const selectedRowCenter = gridCenter.getSelectionModel().getSelected()
+
+        if (refreshViewsOnly) {
+          gridNorth.getView().refresh()
+          if (selectedRowNorth) {
+            gridCenter.getView().refresh()
+            if (selectedRowCenter) {
+              gridSouth.getView().refresh()
+            }
+          }
+          return
+        }
+
+        if (includeGridNorth) {
+          let savedLoadMaskDisabled = gridNorth.loadMask.disabled
+          gridNorth.loadMask.disabled = loadMasksDisabled
+          await gridNorth.store.loadPromise()
+          gridNorth.loadMask.disabled = savedLoadMaskDisabled
+        }
+
+        if (!selectedRowNorth) {
+          return
+        }
+
+        const currentRecordNorth = gridNorth.store.getById(selectedRowNorth.data.revisionId)
+        if (!currentRecordNorth) {
+          gridCenter.setTitle('Collections')
+          gridCenter.store.removeAll()
+          gridSouth.setTitle('STIGs')
+          gridSouth.store.removeAll()
+          return
+        }
+        const currentIndexNorth = gridNorth.store.indexOfId(currentRecordNorth.data.revisionId)
+        gridNorth.view.focusRow(currentIndexNorth)
+        savedLoadMaskDisabled = gridCenter.loadMask.disabled
+        gridCenter.loadMask.disabled = loadMasksDisabled
+        gridCenter.store.proxy.setUrl(`${STIGMAN.Env.apiBase}/collections/meta/metrics/summary/collection`)
+        await gridCenter.store.loadPromise({
+          revisionId: currentRecordNorth.data.revisionId
+        })
+        gridCenter.loadMask.disabled = savedLoadMaskDisabled
+        gridCenter.setTitle(`Collections with "${currentRecordNorth.data.benchmarkId} ${currentRecordNorth.data.revisionStr}"`)
+
+        
+        const currentRecordCenter = gridCenter.store.getById(selectedRowCenter?.data.collectionId)
+        if (!currentRecordCenter) {
+          gridSouth.setTitle('Checklists')
+          gridSouth.store.removeAll()
+          return
+        }
+        const currentIndexCenter = gridCenter.store.indexOfId(currentRecordCenter.data.collectionId)
+        gridCenter.view.focusRow(currentIndexCenter)
+        savedLoadMaskDisabled = gridSouth.loadMask.disabled
+        gridSouth.loadMask.disabled = loadMasksDisabled
+        gridSouth.store.proxy.setUrl(`${STIGMAN.Env.apiBase}/collections/${currentRecordCenter.data.collectionId}/metrics/summary`)
+        await gridSouth.store.loadPromise({
+          benchmarkId: currentRecordNorth.data.benchmarkId
+        })
+        gridSouth.loadMask.disabled = savedLoadMaskDisabled
+        gridSouth.setTitle(`Checklists for "${currentRecordNorth.data.benchmarkId}" in "${currentRecordCenter.data.name}"`)
+
+      }
+      catch (e) {
+        console.log(e)
+      }
+    }
+
+    const config = {
+      layout: 'border',
+      cls: 'sm-metric-agg-panel',
+      items: [
+        gridNorth,
+        gridCenter,
+        gridSouth
+      ],
+      updateBaseParams,
+      updateData
+    }
+    Ext.apply(this, Ext.apply(this.initialConfig, config))
+    this.superclass().initComponent.call(this)
+  }
+})
+
+SM.MetaPanel.showMetaTab = async function (options) {
+  try {
+    const { treePath, initialCollectionIds = [] } = options
+    const tab = Ext.getCmp('main-tab-panel').getItem(`meta-panel`)
+    if (tab) {
+      Ext.getCmp('main-tab-panel').setActiveTab(tab.id)
+      return
+    }
+
+    const gState = {}
+
+    gState.collectionIds = initialCollectionIds
+    gState.filterableCollections = []
+
+    const UPDATE_DATA_DELAY = 300000
+
+    const overviewTitleTpl = new Ext.XTemplate(
+      `Collections: {[values.collections]}`
+    )
+
+    const filterMenu = new SM.MetaPanel.CollectionsMenu({
+      collections: gState.filterableCollections,
+      initialCollectionIds,
+      showHeader: true,
+      showApply: true,
+      listeners: {
+        applied: function (collectionIds) {
+          SM.Dispatcher.fireEvent('collectionfilter', collectionIds)
+        }
+      }
+    })
+    const overviewPanel = new SM.MetaPanel.OverviewPanel({
+      cls: 'sm-round-panel sm-metrics-overview-panel',
+      collapsible: true,
+      collapseFirst: false,
+      inventoryPanelTools: [],
+      findingsPanelTools: [],
+      tools: [
+        {
+          id: 'collection',
+          text: 'Filter &#9660;',
+          handler: (event, toolEl, panel, tc) => {
+            filterMenu.showAt(event.xy)
+          }
+        }
+      ],
+      title: 'Initializing...',
+      margins: { top: SM.Margin.top, right: SM.Margin.edge, bottom: SM.Margin.bottom, left: SM.Margin.edge },
+      region: 'west',
+      width: 430,
+      minWidth: 430,
+      split: true,
+      reloadBtnHandler,
+    })
+    const aggStigPanel = new SM.MetaPanel.AggStigPanel({
+      title: 'STIGs',
+      iconCls: 'sm-stig-icon',
+      layout: 'fit',
+      border: false,
+      reloadBtnHandler
+    })
+    const aggCollectionPanel = new SM.MetaPanel.AggCollectionPanel({
+      title: 'Collections',
+      iconCls: 'sm-collection-icon',
+      layout: 'fit',
+      border: false,
+      reloadBtnHandler
+    })
+
+    setCurrentBaseParams(initialCollectionIds)
+
+    const aggTabPanel = new Ext.TabPanel({
+      activeTab: 0,
+      border: false,
+      deferredRender: false,
+      firstShow: true,
+      items: [
+        aggCollectionPanel,
+        aggStigPanel
+      ],
+      listeners: {
+        tabchange: function (tp) {
+          if (!tp.firstShow) updateData({ event: 'tabchange' })
+          tp.firstShow = false
+        }
+      }
+    })
+
+    const centerPanel = new Ext.Panel({
+      region: 'center',
+      layout: 'fit',
+      cls: 'sm-round-panel',
+      margins: { top: SM.Margin.top, right: SM.Margin.edge, bottom: SM.Margin.bottom, left: SM.Margin.adjacent },
+      border: false,
+      collapsible: false,
+      items: aggTabPanel
+    })
+
+    const metaTab = new Ext.Panel({
+      id: 'meta-panel',
+      sm_unshown: true,
+      border: false,
+      region: 'center',
+      iconCls: 'sm-report-icon',
+      title: "Meta Dashboard",
+      closable: true,
+      layout: 'border',
+      sm_treePath: treePath,
+      updateTitle: function () {
+        this.setTitle("Meta Dashboard")
+      },
+      items: [
+        overviewPanel,
+        centerPanel
+      ],
+      listeners: {
+        beforehide: (panel) => {
+          cancelTimers()
+        },
+        activate: (panel) => {
+          updateData({ event: 'activate' })
+          panel.sm_unshown = false
+        }
+      }
+    })
+
+    SM.Dispatcher.addListener('collectionfilter', onCollectionFilter)
+    metaTab.on('beforedestroy', () => {
+      SM.Dispatcher.removeListener('collectionfilter', onCollectionFilter)
+      cancelTimers()
+    })
+
+    SM.AddPanelToMainTab(metaTab, 'permanent')
+
+    // functions
+
+    function setCurrentBaseParams(collectionIds) {
+      const params = {}
+      if (collectionIds.length) {
+        params.collectionId = collectionIds
+      }
+      aggCollectionPanel?.updateBaseParams(params)
+      aggStigPanel?.updateBaseParams(params)
+      overviewPanel?.updateBaseParams(params)
+      return params
+    }
+
+    async function updateFilterableCollections() {
+      try {
+        gState.filterableCollections = await Ext.Ajax.requestPromise({
+          responseType: 'json',
+          url: `${STIGMAN.Env.apiBase}/collections`,
+          method: 'GET'
+        })
+        const filterableCollectionIds = gState.filterableCollections.map(collection => collection.collectionId)
+        // remove from gState.collectionIds any missing collectionIds
+        gState.collectionIds = gState.collectionIds.filter(collectionId => filterableCollectionIds.includes(collectionId))
+        // reset base parameters
+        setCurrentBaseParams(gState.collectionIds)
+        filterMenu.refreshItems(gState.filterableCollections)
+
+        return gState.filterableCollections
+      }
+      catch (e) {
+        console.error(e)
+        return []
+      }
+    }
+
+    function updateOverviewTitle() {
+      const overviewTitle = overviewTitleTpl.apply({
+        collections: `${gState.collectionIds.length ? gState.collectionIds.length : gState.filterableCollections.length} of ${gState.filterableCollections.length}`
+      })
+      overviewPanel.setTitle(overviewTitle)
+    }
+
+    function reloadBtnHandler() { updateData({ event: 'reload' }) }
+
+    // handle change to collection filters in NavTree
+    async function onCollectionFilter(srcCollectionIds) {
+      try {
+        if (gState.filterableCollections.every(i => srcCollectionIds.includes(i.collectionId))) {
+          gState.collectionIds = []
+        }
+        else {
+          gState.collectionIds = srcCollectionIds
+        }
+        localStorage.setItem('metaCollectionIds', JSON.stringify(gState.collectionIds))
+        gState.baseParams = setCurrentBaseParams(gState.collectionIds)
+        await overviewPanel.updateData()
+        updateOverviewTitle()
+        const activePanel = aggTabPanel.getActiveTab()
+        if (activePanel) {
+          await activePanel.updateData()
+        }
+      }
+      catch (e) {
+        SM.Error.handleError(e)
+      }
+    }
+
+    // handle periodic updates
+    async function updateData({ event } = {}) {
+      try {
+        // event = activate || tabchange || reload || updateData || refreshViews
+        const refreshViewsOnly = event === 'refreshviews'
+        const loadMasksDisabled = event === 'tabchange' || event === 'updatedata' || event === 'refreshviews'
+
+        clearTimeout(gState.refreshViewTimerId)
+        const promises = []
+
+        if (!refreshViewsOnly) {
+          clearTimeout(gState.updateDataTimerId)
+          gState.updateDataTimerId = gState.refreshViewTimerId = null
+
+          promises.push(updateFilterableCollections())
+
+          gState.updateDataTimerId = setTimeout(
+            updateData,
+            UPDATE_DATA_DELAY,
+            { event: 'updatedata' }
+          )
+        }
+        promises.push(overviewPanel.updateData({ refreshViewsOnly, loadMasksDisabled }))
+        const activePanel = aggTabPanel.getActiveTab()
+        if (activePanel) {
+          promises.push(activePanel.updateData({ refreshViewsOnly, loadMasksDisabled: activePanel.items.items[0].initialized ? loadMasksDisabled : false }))
+        }
+
+        const [unused0, apiMetricsCollection, unused1] = await Promise.all(promises)
+        updateOverviewTitle()
+
+        const refreshViewsDelay = calcRefreshDelay(apiMetricsCollection.metrics.maxTouchTs)
+        if (refreshViewsDelay < UPDATE_DATA_DELAY) {
+          gState.refreshViewTimerId = setTimeout(
+            updateData,
+            refreshViewsDelay,
+            { event: 'refreshviews' }
+          )
+        }
+      }
+      catch (e) {
+        console.log(e)
+      }
+    }
+    function cancelTimers() {
+      clearTimeout(gState.refreshViewTimerId)
+      clearTimeout(gState.updateDataTimerId)
+      gState.refreshViewTimerId = gState.updateDataTimerId = null
+    }
+
+    function calcRefreshDelay(maxTouchTs) {
+      // given maxTouchTs, calculate the interval to refresh the grids/toolbars
+      const diffSecs = Math.ceil(Math.abs(new Date() - new Date(maxTouchTs)) / 1000)
+      if (diffSecs < 3600) {
+        // 30s when maxTouchTs is < 1h 
+        return 30 * 1000
+      }
+      if (diffSecs < 86400) {
+        // 1h when maxTouchTs is < 1d
+        return 3600 * 1000
+      }
+      // 1d
+      return 86400 * 1000
+    }
+  }
+  catch (e) {
+    SM.Error.handleError(e)
+  }
+}
+
+SM.MetaPanel.CollectionsMenu = Ext.extend(Ext.menu.Menu, {
+  initComponent: function () {
+    const _this = this
+    this.addEvents('applied')
+    const initialItems = this.initialCollectionIds.map( id => ({collectionId: id, checked: true, text: id}))
+    const config = {
+      items: initialItems,
+      listeners: {
+        itemclick: this.onItemClick,
+        hide: this.onMenuHide,
+        show: this.onMenuShow
+      }
+    }
+    Ext.apply(this, Ext.apply(this.initialConfig, config))
+    this.superclass().initComponent.call(this)
+  },
+  isExcluded: function (collection) {
+    return collection.metadata['app.metaExcluded'] === '1'
+  },
+  onItemClick: function (item, e) {
+    if (item.hideOnClick) { // only the Apply item
+      this.isApplied = true
+      this.fireEvent('applied', this.getCheckedCollectionIds())
+    }
+  },
+  onMenuHide: function (menu) {
+    if (menu.isApplied) {
+      menu.isApplied = false
+      return
+    }
+    // if selections were not applied, reset items to their checked state when the menu was shown
+    if (menu.lastCheckedStatesObject) {
+      for (const item of this.items.items) {
+        if (item.xtype === 'menucheckitem') item.setChecked(!!menu.lastCheckedStatesObject[item.collectionId], true)
+      }
+    }
+  },
+  onMenuShow: function (menu) {
+    menu.lastCheckedStatesObject = menu.getCheckedStatesObject()
+  },
+  getCheckedStatesObject: function () {
+    return this.items.items.reduce( (agg, item) => {
+      if (item.collectionId) agg[item.collectionId] = item.checked
+      return agg
+    }, {} )
+  },
+  getCheckedCollectionIds: function () {
+    const checked = this.items.items.reduce(function (ids, item) {
+      if (item.checked) {
+        ids.push(item.collectionId)
+      }
+      return ids
+    }, [])
+    return checked
+  },
+  getCheckedCollections: function () {
+    const checked = this.items.items.reduce(function (checkedItems, item) {
+      if (item.checked) {
+        checkedItems.push(item)
+      }
+      return checkedItems
+    }, [])
+    return checked
+  },
+  getCollectionItemConfig: function (collection, checked = false) {
+    return {
+      xtype: 'menucheckitem',
+      hideOnClick: false,
+      text: SM.MetaPanel.CollectionTpl.apply(collection),
+      collectionId: collection?.collectionId ?? null,
+      collection,
+      checked,
+      listeners: {
+        checkchange: function (item, checked) {
+          item.parentMenu.fireEvent('itemcheckchanged', item, checked)
+        }
+      }
+    }
+  },
+  getTextItemConfig: function (text = '<b>FILTER</b>') {
+    return {
+      hideOnClick: false,
+      activeClass: '',
+      text,
+      iconCls: 'sm-menuitem-filter-icon',
+      cls: 'sm-menuitem-filter-collection'
+    }
+  },
+  getActionItemConfig: function (text = '<b>Apply</b>') {
+    return {
+      xtype: 'menuitem',
+      text,
+      icon: 'img/change.svg'
+    }
+  },
+  setCollectionsChecked: function (collectionIds, checked) {
+    for (const collectionId of collectionIds) {
+      this.find('collectionId', collectionId)[0]?.setChecked(checked, true) //suppressEvent = true
+    }
+  },
+  updateCollection: function (collection) {
+    const item = this.find('collectionId', collection.collectionId)[0]
+    if (item) {
+      if (this.isExcluded(collection)) {
+        this.removeCollection(collection)
+      }
+      else {
+        item.collection = collection
+        item.setText(SM.MetaPanel.CollectionTpl.apply(collection))
+        this.items.sort('ASC', this.sorter)
+        this.rerender()
+      }
+    }
+  },
+  addCollection: function (collection) {
+    if (this.isExcluded(collection)) return
+    this.addItem(this.getCollectionItemConfig(collection))
+    this.items.sort('ASC', this.sorter)
+    this.rerender()
+  },
+  removeCollection: function (collectionId) {
+    const item = this.find('collectionId', collectionId)[0]
+    if (item) {
+      this.remove(item)
+    }
+  },
+  sorter: function (a, b) {
+    return a.name.localeCompare(b.name)
+  },
+  refreshItems: function (collections) {
+    const collectionIdSet = new Set(this.getCheckedCollectionIds())
+    this.removeAll()
+    if (this.showHeader) {
+      this.addItem(this.getTextItemConfig())
+    }
+    collections.sort(this.sorter)
+    for (const collection of collections) {
+      if (this.isExcluded(collection)) continue
+      const checked = collectionIdSet.has(collection.collectionId)
+      this.addItem(this.getCollectionItemConfig(collection, checked))
+    }
+    if (this.showApply) {
+      this.addItem('-')
+      this.addItem(this.getActionItemConfig())
+    }
+  },
+  rerender: function () {
+    if (this.rendered) {
+      this.el.remove()
+      delete this.el
+      delete this.ul
+      this.rendered = false
+      this.render()
+      this.doLayout.call(this, false, true)
+    }
+  }
+})
+
+SM.MetaPanel.SpriteHtml = `<span class="sm-collection-sprite {extraCls}"
+    ext:qtip="{[SM.he(SM.he(values.description))]}">
+    {[SM.he(values.name)]}
+    </span>`
+
+SM.MetaPanel.CollectionTpl = new Ext.XTemplate(
+  SM.MetaPanel.SpriteHtml
+)
+
diff --git a/client/src/js/SM/NavTree.js b/client/src/js/SM/NavTree.js
index 2e86863ab..5bf342c96 100644
--- a/client/src/js/SM/NavTree.js
+++ b/client/src/js/SM/NavTree.js
@@ -15,7 +15,7 @@ SM.NavTree.CollectionLeafConfig = function (collection) {
   const collectionGrant = curUser.collectionGrants.find( g => g.collection.collectionId === collection.collectionId )
   let toolsEl = ''
   if (collectionGrant && collectionGrant.accessLevel >= 3) {
-    toolsEl = '<img class="sm-tree-toolbar" src="img/gear.svg" width="12" height="12">'
+    toolsEl = '<img class="sm-tree-toolbar" src="img/gear.svg" width="12" height="12" ext:qtip="Manage Collection">'
   }
   return {
     id: `${collection.collectionId}-collection-leaf`,
@@ -274,9 +274,21 @@ SM.NavTree.TreePanel = Ext.extend(Ext.tree.TreePanel, {
               {
                 id: `collections-root`,
                 node: 'collections',
-                text: 'Collections',
+                text: 'Collections<img class="sm-tree-toolbar" src="img/grid.svg" width="12" height="12" ext:qtip="Meta Dashboard">',
                 iconCls: 'sm-collection-icon',
-                expanded: true
+                expanded: true,
+                listeners: {
+                  beforeclick: function (n, e) {
+                    if (e.target.className === "sm-tree-toolbar") {
+                      SM.MetaPanel.showMetaTab({
+                        treePath: n.getPath(),
+                        initialCollectionIds: SM.safeJSONParse(localStorage.getItem('metaCollectionIds')) ?? []
+                      })
+                      return false
+                    }
+                    return true
+                  }
+                }
               }
             )
             content.push(
diff --git a/client/src/js/SM/WhatsNew.js b/client/src/js/SM/WhatsNew.js
index f0316fe8a..31d48e1ff 100644
--- a/client/src/js/SM/WhatsNew.js
+++ b/client/src/js/SM/WhatsNew.js
@@ -1,6 +1,23 @@
 Ext.ns('SM.WhatsNew')
 
 SM.WhatsNew.Sources = [
+  {
+    date: '2024-01-17',
+    header: `New Meta Dashboard`,
+    body: `
+    <p>
+    The new Meta Dashboard provides totals and metrics for some or all of your Collections at a glance. The Collections Tab shows top-level metrics for each Collection, while the STIGs tab shows metrics for each STIG across Collections.  
+    <p>
+    Access the Meta Dashboard by clicking on the Report icon in the top-level Collections node of the Navigation Tree:
+    <p>
+    <p><img src="img/whatsnew/2024-01-17-meta-collection-icon.png"/></p>
+
+    <p>Control which Collections are included in the Meta Dashboard with the filters at the top of the Overview panel:</p>
+
+    <p><img src="img/whatsnew/2024-01-17-meta-collection-panel-overview-filters.png"/></p>
+    `    
+  },      
+  
   {
     date: '2023-10-31',
     header: `New Interfaces for Managing Asset Labels and STIG Assignments`,
diff --git a/client/src/js/resources.js b/client/src/js/resources.js
index a6418344e..961bc892a 100644
--- a/client/src/js/resources.js
+++ b/client/src/js/resources.js
@@ -47,6 +47,7 @@ const scripts = [
   'js/SM/CollectionAsset.js',
   'js/SM/CollectionGrant.js',
   'js/SM/CollectionPanel.js',
+  'js/SM/MetaPanel.js',
   'js/SM/ColumnFilters.js',
   'js/SM/FindingsPanel.js',
   'js/SM/Assignments.js',
diff --git a/data/appdata/README.md b/data/appdata/README.md
index fe7216087..153381357 100644
--- a/data/appdata/README.md
+++ b/data/appdata/README.md
@@ -1,10 +1,28 @@
 ## Demonstration Application Data
-Before loading the demonstration data, the following STIG checklists must be made available to STIG Manager. From the web client:
 
-`Administration -> STIG and SCAP Benchmarks -> Import STIGs`
+Sample data that demonstrates the capabilities of STIG Manager is provided in the `data/appdata` directory of the project repo.  This data is intended to be loaded into a fresh STIG Manager installation, as loading it will wipe out all existing data in the system except for the imported reference STIGs.  The sample data was automatically generated and does not represent an actual system.
 
-All required checklists are included in DISA's [STIG Library Compilation](https://public.cyber.mil/stigs/compilations/)
+Before loading the demonstration data, the Reference STIGs must be made available to STIG Manager. From the web client:
+
+- `Application Management -> STIG Benchmarks -> Import STIGs`
+- Import the `data/appdata/stigs-for-sample-data.zip` file from the repo. This file contains all STIGs required for the sample data.
+
+After the STIGs are imported, the sample data can be loaded from the web client:
+
+- `Application Management -> Application Info -> Replace Application Data...`
+- Select the `data/appdata/appdata-small.zip` file from the repo. The data may take a few 10s of seconds to load.
+
+
+Refresh the browser to see the new data. 
+
+If you are not running with our demonstration Keycloak Container, you may need to grant yourself access to the Collections included in the sample data using the `Application Management -> Collections` interface.
+
+
+### Sample STIGs
+
+The STIGs included are also available from DISA's [STIG Library Compilation:](https://public.cyber.mil/stigs/compilations/)
 - Application_Security_Development_STIG
+- CAN_Ubuntu_18-04_STIG
 - Google_Chrome_Current_Windows
 - IIS_10-0_Server_STIG
 - IIS_10-0_Site_STIG
@@ -21,6 +39,5 @@ All required checklists are included in DISA's [STIG Library Compilation](https:
 - Oracle_Database_12c_STIG
 - PostgreSQL_9-x_STIG
 - RHEL_7_STIG
-- U_CAN_Ubuntu_18-04_STIG
 - Windows_10_STIG
 - Windows_Server_2016_STIG
\ No newline at end of file
diff --git a/data/appdata/appdata-small.zip b/data/appdata/appdata-small.zip
index c88b57dfe..76e9e4b74 100644
Binary files a/data/appdata/appdata-small.zip and b/data/appdata/appdata-small.zip differ
diff --git a/data/appdata/stigs-for-sample-data.zip b/data/appdata/stigs-for-sample-data.zip
new file mode 100644
index 000000000..abb22f056
Binary files /dev/null and b/data/appdata/stigs-for-sample-data.zip differ
diff --git a/docs/STIG-Manager-OSS.ckl b/docs/STIG-Manager-OSS.ckl
index 19a9d5a16..f12e5e273 100644
--- a/docs/STIG-Manager-OSS.ckl
+++ b/docs/STIG-Manager-OSS.ckl
@@ -1,9 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- STIG Manager 1.0.40 -->
+<!-- STIG Manager 1.4.1 -->
+<!-- Classification: NONE -->
 <CHECKLIST>
   <ASSET>
     <ROLE>None</ROLE>
     <ASSET_TYPE>Non-Computing</ASSET_TYPE>
+    <MARKING>NONE</MARKING>
     <HOST_NAME>STIG-Manager-OSS</HOST_NAME>
     <HOST_IP/>
     <HOST_MAC/>
@@ -34,7 +36,7 @@
         </SI_DATA>
         <SI_DATA>
           <SID_NAME>description</SID_NAME>
-          <SID_DATA>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.</SID_DATA>
+          <SID_DATA>This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.</SID_DATA>
         </SI_DATA>
         <SI_DATA>
           <SID_NAME>filename</SID_NAME>
@@ -42,7 +44,7 @@
         </SI_DATA>
         <SI_DATA>
           <SID_NAME>releaseinfo</SID_NAME>
-          <SID_DATA>Release: 1 Benchmark Date: 23 Oct 2020</SID_DATA>
+          <SID_DATA>Release: 3 Benchmark Date: 26 Jul 2023</SID_DATA>
         </SI_DATA>
         <SI_DATA>
           <SID_NAME>title</SID_NAME>
@@ -69,13 +71,17 @@
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000001</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222387r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222387r879511_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -87,7 +93,8 @@
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application management includes the ability to control the number of users and user sessions that utilize an application. Limiting the number of allowed users and sessions per user is helpful in limiting risks related to DoS attacks. 
+          <ATTRIBUTE_DATA>Application management includes the ability to control the number of users and user sessions that utilize an application. Limiting the number of allowed users and sessions per user is helpful in limiting risks related to DoS attacks.
+
 This requirement may be met via the application or by utilizing information system session control provided by a web server or other underlying solution that provides specialized session management capabilities.
 
 If it has been specified that this requirement will be handled by the application, the capability to limit the maximum number of concurrent single user sessions must be designed and built into the application.
@@ -154,7 +161,7 @@ If the application is not configured to limit the number of logon sessions per u
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -162,7 +169,7 @@ If the application is not configured to limit the number of logon sessions per u
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The User Session layer, including concurrent session handling, is implemented by an external OpenID Connect (OIDC) Provider that issues OAuth2 tokens.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -175,13 +182,17 @@ If the application is not configured to limit the number of logon sessions per u
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000295</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222388r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222388r879673_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -215,7 +226,7 @@ Log out of the application and close the browser. Reopen the browser and examine
 
 The procedure to view cookies will vary according to the browser used. Some modern browsers are making use of SQLite databases to store cookie data so use of a SQLite db reader/browser may be required.
 
-Open the cookies related to the application website and search for any identification or authentication information. While authentication information can vary on a per application basis, this is most often specified as &#x22;username=x&#x22;, or &#x22;password=x&#x22;.
+Open the cookies related to the application website and search for any identification or authentication information. While authentication information can vary on a per application basis, this is most often specified as &quot;username=x&quot;, or &quot;password=x&quot;.
 
 If the web application prompts the user to save their password, or if a username or password value exists within a cookie or within local storage locations, even if hashed, this is a finding.
 
@@ -263,7 +274,7 @@ The application may use means other than cookies to store user information. If t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -271,7 +282,7 @@ The application may use means other than cookies to store user information. If t
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The Web Client does not persist storage of any user information, including OAuth2 tokens.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -284,13 +295,17 @@ The application may use means other than cookies to store user information. If t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000295</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222389r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222389r879673_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -302,9 +317,9 @@ The application may use means other than cookies to store user information. If t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Leaving a user&#x2019;s application session established for an indefinite period of time increases the risk of session hijacking.
+          <ATTRIBUTE_DATA>Leaving a user’s application session established for an indefinite period of time increases the risk of session hijacking.
 
-Session termination terminates an individual user&#x27;s logical application session after 15 minutes of application inactivity at which time the user must re-authenticate and a new session must be established if the user desires to continue work in the application.</ATTRIBUTE_DATA>
+Session termination terminates an individual user&apos;s logical application session after 15 minutes of application inactivity at which time the user must re-authenticate and a new session must be established if the user desires to continue work in the application.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -362,7 +377,7 @@ If the configuration setting is not set to time out user sessions after 15 minut
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -370,7 +385,7 @@ If the configuration setting is not set to time out user sessions after 15 minut
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The User Session layer, including idle session handling, is implemented by an external OpenID Connect (OIDC) Provider that issues OAuth2 tokens.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -383,13 +398,17 @@ If the configuration setting is not set to time out user sessions after 15 minut
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000295</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222390r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222390r879673_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -401,9 +420,9 @@ If the configuration setting is not set to time out user sessions after 15 minut
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Leaving an admin user&#x27;s application session established for an indefinite period of time increases the risk of session hijacking.
+          <ATTRIBUTE_DATA>Leaving an admin user&apos;s application session established for an indefinite period of time increases the risk of session hijacking.
 
-Session termination terminates an individual user&#x27;s logical application session after 10 minutes of application inactivity at which time the user must re-authenticate and a new session must be established if the user desires to continue work in the application.</ATTRIBUTE_DATA>
+Session termination terminates an individual user&apos;s logical application session after 10 minutes of application inactivity at which time the user must re-authenticate and a new session must be established if the user desires to continue work in the application.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -461,7 +480,7 @@ If the configuration setting is not set to time out admin user sessions after 10
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -469,7 +488,7 @@ If the configuration setting is not set to time out admin user sessions after 10
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The User Session layer, including idle session handling, is implemented by an external OpenID Connect (OIDC) Provider that issues OAuth2 tokens.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -482,13 +501,17 @@ If the configuration setting is not set to time out admin user sessions after 10
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000296</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222391r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222391r879674_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -560,15 +583,15 @@ If the user session is not terminated or if the logoff function does not exist,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002363</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The Web Client requests logoff service from the OIDC Provider after user interaction with a DOM element whose innerText = &#x27;Logout&#x27;</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The Web Client requests logoff service from the OIDC Provider after user interaction with a DOM element whose innerText = &apos;Logout&apos;</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -581,13 +604,17 @@ If the user session is not terminated or if the logoff function does not exist,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000297</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222392r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222392r879675_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -657,17 +684,17 @@ If the application does not provide an explicit logoff message indicating the us
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002364</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The SPA does not display an explicit &#x27;logged out&#x27; screen, it immediately redirects to the login screen of the configured OIDC Provider.
+        <FINDING_DETAILS>The SPA does not display an explicit &apos;logged out&apos; screen, it immediately redirects to the login screen of the configured OIDC Provider.
 
 Addressed by Issue #485</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -680,13 +707,17 @@ Addressed by Issue #485</FINDING_DETAILS>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000311</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222393r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222393r879689_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -768,15 +799,15 @@ If application data required to be marked is not marked and does not retain its
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002262</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The API scaffolds each new database instance with the classification specified by the environment variable STIGMAN_CLASSIFICATION. This value is stored in the &#x27;configuration&#x27; table and represents the default classification for all data that is stored by the database instance, served by the API, and received by the Web Client.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The API scaffolds each new database instance with the classification specified by the environment variable STIGMAN_CLASSIFICATION. This value is stored in the &apos;configuration&apos; table and represents the default classification for all data that is stored by the database instance, served by the API, and received by the Web Client.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -789,13 +820,17 @@ If application data required to be marked is not marked and does not retain its
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000313</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222394r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222394r879690_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -875,7 +910,7 @@ If application data required to be marked does not retain its marking while it i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -883,7 +918,7 @@ If application data required to be marked does not retain its marking while it i
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Individual objects do not contain data markings. An API endpoint returns the data marking for all data served by the API. The Web Client displays a banner that represents the data marking for all data received by the Client. Processing the data does not alter this banner in any circumstances.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -896,13 +931,17 @@ If application data required to be marked does not retain its marking while it i
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000314</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222395r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222395r879691_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -982,7 +1021,7 @@ If application data required to be marked does not retain its marking when it is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -990,7 +1029,7 @@ If application data required to be marked does not retain its marking when it is
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Individual objects do not contain data markings. An API endpoint returns the data marking for all data served by the API. The Web Client displays a banner that represents the data marking for all data received by the Client. Data transmission does not alter this banner in any circumstances.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1003,13 +1042,17 @@ If application data required to be marked does not retain its marking when it is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222396r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222396r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1085,7 +1128,7 @@ If the connection is not secured with TLS, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1093,7 +1136,7 @@ If the connection is not secured with TLS, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The documentation recommends deployments locate the application behind a TLS reverse proxy.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1106,13 +1149,17 @@ If the connection is not secured with TLS, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000015</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222397r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222397r879520_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1188,7 +1235,7 @@ If the connection is not secured with TLS, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1196,7 +1243,7 @@ If the connection is not secured with TLS, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The documentation recommends deployments locate the application behind a TLS reverse proxy.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1209,13 +1256,17 @@ If the connection is not secured with TLS, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000015</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222398r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222398r879520_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1297,7 +1348,7 @@ If SOAP messages requiring integrity do not have the Message ID, Service Request
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1305,7 +1356,7 @@ If SOAP messages requiring integrity do not have the Message ID, Service Request
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize SOAP messages.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1318,13 +1369,17 @@ If SOAP messages requiring integrity do not have the Message ID, Service Request
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222399r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222399r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1394,7 +1449,7 @@ If messages using WS Security do not contain time stamps, sequence numbers, and
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1402,7 +1457,7 @@ If messages using WS Security do not contain time stamps, sequence numbers, and
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize WS-Security tokens.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1415,13 +1470,17 @@ If messages using WS Security do not contain time stamps, sequence numbers, and
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222400r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222400r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1493,7 +1552,7 @@ If the design document does not exist, or does not indicate validity periods are
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1501,7 +1560,7 @@ If the design document does not exist, or does not indicate validity periods are
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize WSS or SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1514,13 +1573,17 @@ If the design document does not exist, or does not indicate validity periods are
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222401r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222401r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1532,7 +1595,7 @@ If the design document does not exist, or does not indicate validity periods are
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains. SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider). SAML assertions are usually made about a subject, (user) represented by the &#x3C;Subject&#x3E; element. SAML assertion identifiers should be unique across a system implementation. Duplicate SAML assertion identifiers could lead to unauthorized access to a web service.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains. SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider). SAML assertions are usually made about a subject, (user) represented by the &lt;Subject&gt; element. SAML assertion identifiers should be unique across a system implementation. Duplicate SAML assertion identifiers could lead to unauthorized access to a web service.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -1592,7 +1655,7 @@ If the design document does not exist, or does not indicate SAML assertion ident
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1600,7 +1663,7 @@ If the design document does not exist, or does not indicate SAML assertion ident
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1613,13 +1676,17 @@ If the design document does not exist, or does not indicate SAML assertion ident
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222402r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222402r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1631,7 +1698,7 @@ If the design document does not exist, or does not indicate SAML assertion ident
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains.  SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider).  SAML assertions are usually made about a subject, (user) represented by the &#x3C;Subject&#x3E; element.   
+          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains.  SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider).  SAML assertions are usually made about a subject, (user) represented by the &lt;Subject&gt; element.   
 
 The confidentially of the data in a message as the message is passed through an intermediary web service may be required to be restricted by the intermediary web service. The intermediary web service may leak or distribute the data contained in a message if not encrypted or protected.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -1693,7 +1760,7 @@ If the design document does not exist, or does not indicate all WS-Security toke
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1701,7 +1768,7 @@ If the design document does not exist, or does not indicate all WS-Security toke
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize WS-Security tokens</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1714,13 +1781,17 @@ If the design document does not exist, or does not indicate all WS-Security toke
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222403r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222403r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1732,9 +1803,9 @@ If the design document does not exist, or does not indicate all WS-Security toke
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains.  SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider).  SAML assertions are usually made about a subject, (user) represented by the &#x3C;Subject&#x3E; element.
+          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains.  SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider).  SAML assertions are usually made about a subject, (user) represented by the &lt;Subject&gt; element.
 
-When a SAML assertion is used with a &#x3C;SubjectConfirmation&#x3E; element, a begin and end time for the &#x3C;SubjectConfirmation&#x3E; should be set to prevent reuse of the message at a later time. Not setting a specific time period for the &#x3C;SubjectConfirmation&#x3E;, may grant immediate access to an attacker and result in an immediate loss of confidentiality.</ATTRIBUTE_DATA>
+When a SAML assertion is used with a &lt;SubjectConfirmation&gt; element, a begin and end time for the &lt;SubjectConfirmation&gt; should be set to prevent reuse of the message at a later time. Not setting a specific time period for the &lt;SubjectConfirmation&gt;, may grant immediate access to an attacker and result in an immediate loss of confidentiality.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -1748,13 +1819,13 @@ Review the design document for web services using SAML assertions.
 
 If the application does not utilize SAML assertions, this check is not applicable.
 
-Examine the contents of a SOAP message using the &#x3C;SubjectConfirmation&#x3E; element. All messages should contain the &#x3C;NotOnOrAfter&#x3E; element. This can be accomplished if the application allows the ability to view XML messages or via a protocol analyzer like Wireshark.
+Examine the contents of a SOAP message using the &lt;SubjectConfirmation&gt; element. All messages should contain the &lt;NotOnOrAfter&gt; element. This can be accomplished if the application allows the ability to view XML messages or via a protocol analyzer like Wireshark.
 
-If SOAP messages do not contain &#x3C;NotOnOrAfter&#x3E; elements, this is a finding.</ATTRIBUTE_DATA>
+If SOAP messages do not contain &lt;NotOnOrAfter&gt; elements, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Design and configure the application to use the &#x3C;NotOnOrAfter&#x3E; condition when using the &#x3C;SubjectConfirmation&#x3E; element in a SAML assertion.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Design and configure the application to use the &lt;NotOnOrAfter&gt; condition when using the &lt;SubjectConfirmation&gt; element in a SAML assertion.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -1794,7 +1865,7 @@ If SOAP messages do not contain &#x3C;NotOnOrAfter&#x3E; elements, this is a fin
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1802,7 +1873,7 @@ If SOAP messages do not contain &#x3C;NotOnOrAfter&#x3E; elements, this is a fin
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1815,13 +1886,17 @@ If SOAP messages do not contain &#x3C;NotOnOrAfter&#x3E; elements, this is a fin
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222404r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222404r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1833,9 +1908,9 @@ If SOAP messages do not contain &#x3C;NotOnOrAfter&#x3E; elements, this is a fin
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains.  SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider).  SAML assertions are usually made about a subject, (user) represented by the &#x3C;Subject&#x3E; element.
+          <ATTRIBUTE_DATA>SAML is a standard for exchanging authentication and authorization data between security domains.  SAML uses security tokens containing assertions to pass information about a principal (usually an end user) between a SAML authority, (identity provider), and a SAML consumer, (service provider).  SAML assertions are usually made about a subject, (user) represented by the &lt;Subject&gt; element.
 
-When a SAML assertion is used with a &#x3C;Conditions&#x3E; element, a begin and end time for the &#x3C;Conditions&#x3E; element should be set in order to specify a timeframe in which the assertion is valid. Not setting a specific time period for the &#x3C;Conditions&#x3E; element, the possibility exists of granting immediate access or elevated privileges to an attacker which results in an immediate loss of confidentiality.</ATTRIBUTE_DATA>
+When a SAML assertion is used with a &lt;Conditions&gt; element, a begin and end time for the &lt;Conditions&gt; element should be set in order to specify a timeframe in which the assertion is valid. Not setting a specific time period for the &lt;Conditions&gt; element, the possibility exists of granting immediate access or elevated privileges to an attacker which results in an immediate loss of confidentiality.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -1849,13 +1924,13 @@ Review the design document for web services using SAML assertions.
 
 If the application does not utilize SAML assertions, this check is not applicable.
 
-Examine the contents of a SOAP message using the &#x3C;Conditions&#x3E; element; all messages should contain the &#x3C;NotBefore&#x3E; and &#x3C;NotOnOrAfter&#x3E; or &#x3C;OneTimeUse&#x3E; element when in a SAML Assertion. This can be accomplished using a protocol analyzer such as Wireshark.
+Examine the contents of a SOAP message using the &lt;Conditions&gt; element; all messages should contain the &lt;NotBefore&gt; and &lt;NotOnOrAfter&gt; or &lt;OneTimeUse&gt; element when in a SAML Assertion. This can be accomplished using a protocol analyzer such as Wireshark.
 
-If SOAP using the &#x3C;Conditions&#x3E; element does not contain &#x3C;NotBefore&#x3E; and &#x3C;NotOnOrAfter&#x3E; or &#x3C;OneTimeUse&#x3E; elements, this is a finding.</ATTRIBUTE_DATA>
+If SOAP using the &lt;Conditions&gt; element does not contain &lt;NotBefore&gt; and &lt;NotOnOrAfter&gt; or &lt;OneTimeUse&gt; elements, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Design and configure the application to implement the use of the &#x3C;NotBefore&#x3E; and &#x3C;NotOnOrAfter&#x3E; or &#x3C;OneTimeUse&#x3E; when using the &#x3C;Conditions&#x3E; element in a SAML assertion.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Design and configure the application to implement the use of the &lt;NotBefore&gt; and &lt;NotOnOrAfter&gt; or &lt;OneTimeUse&gt; when using the &lt;Conditions&gt; element in a SAML assertion.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -1895,7 +1970,7 @@ If SOAP using the &#x3C;Conditions&#x3E; element does not contain &#x3C;NotBefor
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -1903,7 +1978,7 @@ If SOAP using the &#x3C;Conditions&#x3E; element does not contain &#x3C;NotBefor
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -1916,13 +1991,17 @@ If SOAP using the &#x3C;Conditions&#x3E; element does not contain &#x3C;NotBefor
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222405r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222405r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -1934,7 +2013,7 @@ If SOAP using the &#x3C;Conditions&#x3E; element does not contain &#x3C;NotBefor
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Multiple &#x3C;OneTimeUse&#x3E; elements used in a SAML assertion can lead to elevation of privileges, if the application does not process SAML assertions correctly.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Multiple &lt;OneTimeUse&gt; elements used in a SAML assertion can lead to elevation of privileges, if the application does not process SAML assertions correctly.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -1948,7 +2027,7 @@ Review the design document for web services using SAML assertions.
 
 If the application does not utilize SAML assertions, this check is not applicable.
 
-Examine the contents of a SOAP message using the OneTimeUse element; all messages should contain only one instance of a &#x3C;OneTimeUse&#x3E; element in a SAML assertion. This can be accomplished using a protocol analyzer such as Wireshark.
+Examine the contents of a SOAP message using the OneTimeUse element; all messages should contain only one instance of a &lt;OneTimeUse&gt; element in a SAML assertion. This can be accomplished using a protocol analyzer such as Wireshark.
 
 If SOAP message uses more than one, OneTimeUse element in a SAML assertion, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -1994,7 +2073,7 @@ If SOAP message uses more than one, OneTimeUse element in a SAML assertion, this
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2002,7 +2081,7 @@ If SOAP message uses more than one, OneTimeUse element in a SAML assertion, this
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2015,13 +2094,17 @@ If SOAP message uses more than one, OneTimeUse element in a SAML assertion, this
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000014</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222406r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222406r879519_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2093,7 +2176,7 @@ If the SessionIndex is tied to privacy information, and it is not encrypted, thi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2101,7 +2184,7 @@ If the SessionIndex is tied to privacy information, and it is not encrypted, thi
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The SPA does not utilize SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2114,13 +2197,17 @@ If the SessionIndex is tied to privacy information, and it is not encrypted, thi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222407r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222407r879522_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2138,7 +2225,7 @@ Manual examples include but are not limited to admin staff logging into the syst
 
 A comprehensive application account management process that includes automation helps to ensure accounts designated as requiring attention are consistently and promptly addressed. Examples include, but are not limited to, using automation to take action on multiple accounts designated as inactive, suspended or terminated or by disabling accounts located in non-centralized account stores such as multiple servers. This requirement applies to all account types, including individual/user, shared, group, system, guest/anonymous, emergency, developer/manufacturer/vendor, temporary, and service.
 
-The application must be configured to automatically provide account management functions and these functions must immediately enforce the organization&#x27;s current account policy. The automated mechanisms may reside within the application itself or may be offered by the operating system or other infrastructure providing automated account management capabilities. Automated mechanisms may be comprised of differing technologies that when placed together contain an overall automated mechanism supporting an organization&#x27;s automated account management requirements.
+The application must be configured to automatically provide account management functions and these functions must immediately enforce the organization&apos;s current account policy. The automated mechanisms may reside within the application itself or may be offered by the operating system or other infrastructure providing automated account management capabilities. Automated mechanisms may be comprised of differing technologies that when placed together contain an overall automated mechanism supporting an organization&apos;s automated account management requirements.
 
 Account management functions include: assignment of group or role membership; identifying account type; specifying user access authorizations (i.e., privileges); account removal, update, or termination; and administrative alerts. The use of automated mechanisms can include, for example: using email or text messaging to automatically notify account managers when users are terminated or transferred; using the information system to monitor account usage; and using automated telephonic notification to report atypical system account usage.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -2206,7 +2293,7 @@ If the account management process is manual in nature, this is a finding.</ATTRI
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2214,7 +2301,7 @@ If the account management process is manual in nature, this is a finding.</ATTRI
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2227,13 +2314,17 @@ If the account management process is manual in nature, this is a finding.</ATTRI
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000317</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222408r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222408r879694_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2307,7 +2398,7 @@ If there is no process for handling group account credentials, this is a finding
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2315,7 +2406,7 @@ If there is no process for handling group account credentials, this is a finding
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2328,13 +2419,17 @@ If there is no process for handling group account credentials, this is a finding
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000024</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222409r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222409r879523_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2414,7 +2509,7 @@ If the application has no ability to specify a user account as being temporary i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2422,7 +2517,7 @@ If the application has no ability to specify a user account as being temporary i
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2435,13 +2530,17 @@ If the application has no ability to specify a user account as being temporary i
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222410r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222410r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2519,7 +2618,7 @@ If a process, procedure, function or feature designed to prevent emergency accou
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2527,7 +2626,7 @@ If a process, procedure, function or feature designed to prevent emergency accou
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2540,13 +2639,17 @@ If a process, procedure, function or feature designed to prevent emergency accou
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000025</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222411r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222411r879524_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2626,7 +2729,7 @@ If the application is not set to expire inactive accounts after 35 days, or if t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2634,7 +2737,7 @@ If the application is not set to expire inactive accounts after 35 days, or if t
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2647,13 +2750,17 @@ If the application is not set to expire inactive accounts after 35 days, or if t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000025</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222412r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222412r879524_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2725,7 +2832,7 @@ If any accounts cannot be validated and are deemed to be unnecessary, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2733,7 +2840,7 @@ If any accounts cannot be validated and are deemed to be unnecessary, this is a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2746,13 +2853,17 @@ If any accounts cannot be validated and are deemed to be unnecessary, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000026</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222413r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222413r879525_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2832,7 +2943,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2840,7 +2951,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2853,13 +2964,17 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000027</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222414r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222414r879526_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -2939,7 +3054,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -2947,7 +3062,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -2960,13 +3075,17 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000028</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222415r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222415r879527_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3046,7 +3165,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3054,7 +3173,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3067,13 +3186,17 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000029</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222416r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222416r879528_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3153,7 +3276,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3161,7 +3284,7 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3174,13 +3297,17 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000291</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222417r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222417r879669_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3254,7 +3381,7 @@ If system administrators and ISSOs are not notified when accounts are created, t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3262,7 +3389,7 @@ If system administrators and ISSOs are not notified when accounts are created, t
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3275,13 +3402,17 @@ If system administrators and ISSOs are not notified when accounts are created, t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000292</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222418r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222418r879670_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3357,7 +3488,7 @@ If system administrators and ISSOs are not notified when accounts are modified,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3365,7 +3496,7 @@ If system administrators and ISSOs are not notified when accounts are modified,
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3378,13 +3509,17 @@ If system administrators and ISSOs are not notified when accounts are modified,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000293</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222419r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222419r879671_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3460,7 +3595,7 @@ If system administrators and ISSOs are not notified when accounts are disabled,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3468,7 +3603,7 @@ If system administrators and ISSOs are not notified when accounts are disabled,
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3481,13 +3616,17 @@ If system administrators and ISSOs are not notified when accounts are disabled,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000294</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222420r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222420r879672_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3563,7 +3702,7 @@ If system administrators and ISSOs are not notified when accounts are removed, t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3571,7 +3710,7 @@ If system administrators and ISSOs are not notified when accounts are removed, t
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3584,13 +3723,17 @@ If system administrators and ISSOs are not notified when accounts are removed, t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000319</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222421r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222421r918115_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3614,6 +3757,10 @@ Application developers are encouraged to integrate their applications with enter
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Examine the application documentation or interview the application representative to identify how the application users are managed.
 
+Interview the application administrator and determine if the application is configured to utilize a centralized user management system such as Active Directory for user management or if the application manages user accounts within the application.
+
+If the application is configured to use an enterprise-based application user management capability that is STIG compliant, the requirement is not applicable.
+
 Identify the location of the audit logs and review the end of the logs.
 
 Access the user account management functionality and enable a test user account.
@@ -3666,15 +3813,15 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002130</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider..</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3687,13 +3834,17 @@ At a minimum, ensure account name, date and time of the event are recorded.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000320</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222422r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222422r879697_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3769,7 +3920,7 @@ If system administrators and ISSOs are not notified when accounts are enabled, t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3777,7 +3928,7 @@ If system administrators and ISSOs are not notified when accounts are enabled, t
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account Management services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3790,13 +3941,17 @@ If system administrators and ISSOs are not notified when accounts are enabled, t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000323</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222423r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222423r879700_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3870,7 +4025,7 @@ If the application data protection requirements are not documented, this is a fi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3878,7 +4033,7 @@ If the application data protection requirements are not documented, this is a fi
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The project provides documentation describing its data structures and protection methods, including RBAC and other access controls. These concepts are also expressed and enforced by its use of an appropriate OAS definition.  All app data is persisted in a deployment-provided database that must be configured in accordance with organization requirements.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -3891,13 +4046,17 @@ If the application data protection requirements are not documented, this is a fi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000324</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222424r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222424r879701_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -3985,7 +4144,7 @@ If the application requirements specify protections for data mining and the appl
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -3993,7 +4152,7 @@ If the application requirements specify protections for data mining and the appl
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Data mining detection and prevention are to be implemented at the Log Analysis layer, Ingress controller, or elsewhere.  No data mining protection requirements apply to application itself.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4006,13 +4165,17 @@ If the application requirements specify protections for data mining and the appl
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000033</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222425r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222425r879530_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4110,7 +4273,7 @@ If the enforcement of configured access restrictions is not performed, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -4118,7 +4281,7 @@ If the enforcement of configured access restrictions is not performed, this is a
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API ensures proper access to application resources in accordance with Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) mechanisms at the application and Collection levels. No direct database access is provided by the application. See documentation.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4131,13 +4294,17 @@ If the enforcement of configured access restrictions is not performed, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000328</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222426r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222426r879705_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4223,7 +4390,7 @@ If the enforcement of configured access restrictions is not performed, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -4231,7 +4398,7 @@ If the enforcement of configured access restrictions is not performed, this is a
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API ensures proper access to application resources in accordance with Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) mechanisms at the application and Collection levels. No direct database access is provided by the application. See documentation.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4244,13 +4411,17 @@ If the enforcement of configured access restrictions is not performed, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000038</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222427r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222427r879533_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4343,7 +4514,7 @@ If the application does not enforce the approved authorizations for controlling
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -4351,7 +4522,7 @@ If the application does not enforce the approved authorizations for controlling
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The application does not provide data flow control capabilities, the requirement is not applicable.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4364,13 +4535,17 @@ If the application does not enforce the approved authorizations for controlling
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000039</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222428r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222428r879534_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4465,7 +4640,7 @@ If the application does not enforce the approved authorizations for controlling
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -4473,7 +4648,7 @@ If the application does not enforce the approved authorizations for controlling
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The application does not provide data flow control capabilities, the requirement is not applicable.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4486,13 +4661,17 @@ If the application does not enforce the approved authorizations for controlling
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000340</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222429r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222429r879717_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4514,7 +4693,7 @@ Privileged functions include, for example, establishing accounts, performing sys
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Identify the application user account(s) that the application uses to run. These accounts include the application processes (defined by Control Panel Services (Windows) or ps &#x2013;ef (UNIX)) or for an n-tier application, the account that connects from one service (such as a web server) to another (such as a database server).
+          <ATTRIBUTE_DATA>Identify the application user account(s) that the application uses to run. These accounts include the application processes (defined by Control Panel Services (Windows) or ps –ef (UNIX)) or for an n-tier application, the account that connects from one service (such as a web server) to another (such as a database server).
 
 Determine the OS user groups in which each account is a member.
 
@@ -4578,15 +4757,15 @@ The finding details should note the full path of the file(s) and the associated
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002235</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The Project publishes container images configured to execute the API as the unprivileged user, &#x27;node&#x27; whose userId is not 0.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The Project publishes container images configured to execute the API as the unprivileged user, &apos;node&apos; whose userId is not 0.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4599,13 +4778,17 @@ The finding details should note the full path of the file(s) and the associated
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000342</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222430r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222430r879719_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4683,15 +4866,15 @@ If the application user account has excessive OS privileges such as being in the
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002233</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The project supplied container images are configured to run by the limited, unprivileged user, &#x27;node&#x27;.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The project supplied container images are configured to run by the limited, unprivileged user, &apos;node&apos;.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4704,13 +4887,17 @@ If the application user account has excessive OS privileges such as being in the
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000343</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222431r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222431r879720_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4786,7 +4973,7 @@ If the execution of privileged functionality is not logged, this is a finding.</
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -4794,7 +4981,7 @@ If the execution of privileged functionality is not logged, this is a finding.</
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records for privileged functions that document the specific endpoint invoked, the date and time, and all path and query parameters.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4807,13 +4994,17 @@ If the execution of privileged functionality is not logged, this is a finding.</
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000065</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222432r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222432r879546_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -4893,7 +5084,7 @@ If the logon is successful upon the 4th attempt the account was not locked after
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -4901,7 +5092,7 @@ If the logon is successful upon the 4th attempt the account was not locked after
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>User Account services are provided by a external OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -4914,13 +5105,17 @@ If the logon is successful upon the 4th attempt the account was not locked after
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000345</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222433r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222433r879722_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5002,7 +5197,7 @@ Use that process when unlocking application user accounts.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5010,7 +5205,7 @@ Use that process when unlocking application user accounts.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>User Account services are provided by a external OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5023,13 +5218,17 @@ Use that process when unlocking application user accounts.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000068</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222434r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222434r879547_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5047,7 +5246,7 @@ System use notifications are required only for access via logon interfaces with
 
 The banner must be formatted in accordance with DTM-08-060. Use the following verbiage for applications that can accommodate banners of 1300 characters:
 
-&#x22;You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+&quot;You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
 
 By using this IS (which includes any device attached to this IS), you consent to the following conditions:
 
@@ -5059,11 +5258,11 @@ By using this IS (which includes any device attached to this IS), you consent to
 
 -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
 
--Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.&#x22;
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.&quot;
 
 Use the following verbiage for operating systems that have severe limitations on the number of characters that can be displayed in the banner:
 
-&#x22;I&#x27;ve read &#x26; consent to terms in IS user agreem&#x27;t.&#x22;</ATTRIBUTE_DATA>
+&quot;I&apos;ve read &amp; consent to terms in IS user agreem&apos;t.&quot;</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -5123,7 +5322,7 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5131,7 +5330,7 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The Standard Mandatory DoD Notice and Consent Banner can be displayed by the external OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5144,13 +5343,17 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000069</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222435r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222435r879548_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5164,7 +5367,7 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>The banner must be acknowledged by the user prior to allowing the user access to the application. This provides assurance that the user has seen the message and accepted the conditions for access. If the consent banner is not acknowledged by the user, DoD will not be in compliance with system use notifications required by law.
 
-To establish acceptance of the application usage policy, a click-through banner at application logon is required. The application must prevent further activity until the user executes a positive action to manifest agreement by clicking on a box indicating &#x22;OK&#x22;.</ATTRIBUTE_DATA>
+To establish acceptance of the application usage policy, a click-through banner at application logon is required. The application must prevent further activity until the user executes a positive action to manifest agreement by clicking on a box indicating &quot;OK&quot;.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -5222,7 +5425,7 @@ If the banner is not displayed or no action must be taken to accept terms of use
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5230,7 +5433,7 @@ If the banner is not displayed or no action must be taken to accept terms of use
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Standard Mandatory DoD Notice and Consent Banner services are provided by a external OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5243,13 +5446,17 @@ If the banner is not displayed or no action must be taken to accept terms of use
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000070</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222436r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222436r879549_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5267,7 +5474,7 @@ System use notifications are required only for access via logon interfaces with
 
 The banner must be formatted in accordance with DTM-08-060. Use the following verbiage for desktops, laptops, and other devices accommodating banners of 1300 characters:
 
-&#x22;You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
+&quot;You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only.
 
 By using this IS (which includes any device attached to this IS), you consent to the following conditions:
 
@@ -5279,11 +5486,11 @@ By using this IS (which includes any device attached to this IS), you consent to
 
 -This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not for your personal benefit or privacy.
 
--Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.&#x22;
+-Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching or monitoring of the content of privileged communications, or work product, related to personal representation or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work product are private and confidential. See User Agreement for details.&quot;
 
 Use the following verbiage for operating systems that have severe limitations on the number of characters that can be displayed in the banner:
 
-&#x22;I&#x27;ve read &#x26; consent to terms in IS user agreem&#x27;t.&#x22;</ATTRIBUTE_DATA>
+&quot;I&apos;ve read &amp; consent to terms in IS user agreem&apos;t.&quot;</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -5339,7 +5546,7 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5363,7 +5570,7 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Standard Mandatory DoD Notice and Consent Banner services are provided by a external OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5376,13 +5583,17 @@ If the standard DoD-approved banner is not displayed prior to obtaining access,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000075</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222437r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222437r879551_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5462,7 +5673,7 @@ If the date and time the user account was last granted access to the application
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5470,7 +5681,7 @@ If the date and time the user account was last granted access to the application
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>User Session services are provided by a external OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5483,13 +5694,17 @@ If the date and time the user account was last granted access to the application
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000080</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222438r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222438r879554_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5569,7 +5784,7 @@ If the application is required to provide non-repudiation services and does not,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5577,7 +5792,7 @@ If the application is required to provide non-repudiation services and does not,
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>STIG Manager does not have any non-repudiation requirements as part of its design.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5590,13 +5805,17 @@ If the application is required to provide non-repudiation services and does not,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000086</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222439r561233_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222439r879557_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5676,7 +5895,7 @@ If the log dates and times do not correlate when the logs are aggregated, this i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5684,7 +5903,7 @@ If the log dates and times do not correlate when the logs are aggregated, this i
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>STIG Manager does not offer log aggregation services. This is expected to be implemented by specific deployments at the Log Analysis level.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5697,13 +5916,17 @@ If the log dates and times do not correlate when the logs are aggregated, this i
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222441r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222441r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5785,7 +6008,7 @@ If the application generates session ID creation event logs by default, and that
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5793,7 +6016,7 @@ If the application generates session ID creation event logs by default, and that
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5806,13 +6029,17 @@ If the application generates session ID creation event logs by default, and that
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222442r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222442r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5888,7 +6115,7 @@ If the application generates audit logs by default when session IDs are destroye
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -5896,7 +6123,7 @@ If the application generates audit logs by default when session IDs are destroye
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -5909,13 +6136,17 @@ If the application generates audit logs by default when session IDs are destroye
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222443r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222443r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -5929,7 +6160,7 @@ If the application generates audit logs by default when session IDs are destroye
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Application design sometimes requires the renewal of session IDs in order to continue approved user access to the application.
 
-Session renewal is done on a case by case basis under circumstances defined by the application architecture. The following are some examples of when session renewal must be done; whenever there is a change in user privilege such as transitioning from a user to an admin role or when a user changes from an anonymous user to an authenticated user or when a user&#x27;s permissions have changed.
+Session renewal is done on a case by case basis under circumstances defined by the application architecture. The following are some examples of when session renewal must be done; whenever there is a change in user privilege such as transitioning from a user to an admin role or when a user changes from an anonymous user to an authenticated user or when a user&apos;s permissions have changed.
 
 For these types of critical application functionalities, the previous session ID needs to be destroyed or otherwise invalidated and a new session ID must be created.
 
@@ -5945,7 +6176,7 @@ Web based applications will often utilize an application server that creates, ma
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Interview the system admin and review the application documentation.
 
-Identify any web pages or application functionality where a user&#x27;s privileges or permissions will change. This is most likely to occur during the authentication stages.
+Identify any web pages or application functionality where a user&apos;s privileges or permissions will change. This is most likely to occur during the authentication stages.
 
 Evaluate the log/audit output by opening the log files and observing changes to the logs.
 
@@ -6005,7 +6236,7 @@ If the application is not configured to log session ID renewal events this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6013,7 +6244,7 @@ If the application is not configured to log session ID renewal events this is a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6026,13 +6257,17 @@ If the application is not configured to log session ID renewal events this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222444r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222444r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6058,13 +6293,13 @@ Examples of such data include but are not limited to; Passwords, Session IDs, Ap
 
 Utilizing the UNIX grep-based search utility include the following examples which are meant to illustrate the purpose of the requirement.
 
-Password values are usually associated with usernames so searching for &#x22;username&#x22; in the provided log file will often assist in determining if password values are included.
+Password values are usually associated with usernames so searching for &quot;username&quot; in the provided log file will often assist in determining if password values are included.
 
-grep -i &#x22;username&#x22; &#x3C;  logfile.txt
+grep -i &quot;username&quot; &lt;  logfile.txt
 
 Search for social security numbers in the provided log file.
 
-grep -i &#x22;[0-9]{3}[-]?[0-9]{2}[-]?[0-9]{4}&#x22; &#x3C;  logfile.txt
+grep -i &quot;[0-9]{3}[-]?[0-9]{2}[-]?[0-9]{4}&quot; &lt;  logfile.txt
 
 Use regular expressions to aid in searching log files. All search syntax cannot be provided within the STIG, the reviewer must utilize their knowledge to create new search criteria based upon the log format used and the potentially sensitive data processed by the application.
 
@@ -6112,7 +6347,7 @@ If the application logs sensitive data such as session IDs, application source c
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6120,7 +6355,7 @@ If the application logs sensitive data such as session IDs, application source c
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API does not emit audit records with sensitive data, including session Ids (not used), encryption keys, or passwords (not used).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6133,13 +6368,17 @@ If the application logs sensitive data such as session IDs, application source c
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222445r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222445r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6151,7 +6390,7 @@ If the application logs sensitive data such as session IDs, application source c
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>When a user&#x27;s session times out, it is important to be able to identify these events in the application logs.
+          <ATTRIBUTE_DATA>When a user&apos;s session times out, it is important to be able to identify these events in the application logs.
 
 Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident, or identify those responsible for one.
 
@@ -6231,7 +6470,7 @@ If the session timeout event is not recorded in the logs, this is a finding.</AT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6239,7 +6478,7 @@ If the session timeout event is not recorded in the logs, this is a finding.</AT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6252,13 +6491,17 @@ If the session timeout event is not recorded in the logs, this is a finding.</AT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222446r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222446r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6324,7 +6567,7 @@ If the time the event occurred is not included as part of the event, this is a f
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6332,7 +6575,7 @@ If the time the event occurred is not included as part of the event, this is a f
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records that are time stamped.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6345,13 +6588,17 @@ If the time the event occurred is not included as part of the event, this is a f
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222447r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222447r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6443,7 +6690,7 @@ If HTTP headers are not logged, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6451,7 +6698,7 @@ If HTTP headers are not logged, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Addressed by Issue #179, allowing different log levels and configuration to affect headers included in audit record.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6464,13 +6711,17 @@ If HTTP headers are not logged, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222448r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222448r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6544,7 +6795,7 @@ If the IP addresses of the systems that connect to the application are not recor
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6552,7 +6803,7 @@ If the IP addresses of the systems that connect to the application are not recor
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that include the original source IP address.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6565,13 +6816,17 @@ If the IP addresses of the systems that connect to the application are not recor
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000089</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222449r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222449r879559_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6583,7 +6838,7 @@ If the IP addresses of the systems that connect to the application are not recor
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>When users conduct activity within an application, that user&#x2019;s identity must be recorded in the audit log. Failing to record the identity of the user responsible for the activity within the application is detrimental to forensic analysis.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>When users conduct activity within an application, that user’s identity must be recorded in the audit log. Failing to record the identity of the user responsible for the activity within the application is detrimental to forensic analysis.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -6641,15 +6896,15 @@ If the user ID is not recorded along with the event in the event log, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000169</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that include the OAuth2 token claim configured as representing the requesting entity&#x27;s username.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that include the OAuth2 token claim configured as representing the requesting entity&apos;s username.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6662,13 +6917,17 @@ If the user ID is not recorded along with the event in the event log, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000091</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222450r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222450r879561_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6700,9 +6959,9 @@ Access and open the auditing logs.
 
 Using an account with the appropriate privileges, grant the user a privilege they previously did not have.
 
-Attempt to grant privileges in a manner that will cause a failure event such as granting privileges to a non-existent user or attempting to grant privileges with an account that doesn&#x27;t have the rights to do so.
+Attempt to grant privileges in a manner that will cause a failure event such as granting privileges to a non-existent user or attempting to grant privileges with an account that doesn&apos;t have the rights to do so.
 
-Review the application logs and ensure both events were captured in the logs. The event data should include the user&#x2019;s identity and the privilege that was granted and the privilege that failed to be granted.
+Review the application logs and ensure both events were captured in the logs. The event data should include the user’s identity and the privilege that was granted and the privilege that failed to be granted.
 
 If the application does not log when successful and unsuccessful attempts to grant privilege occur, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -6748,7 +7007,7 @@ If the application does not log when successful and unsuccessful attempts to gra
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6756,7 +7015,7 @@ If the application does not log when successful and unsuccessful attempts to gra
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Addressed by Issue #179, must include POST content and JSON reply in audit record.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6769,13 +7028,17 @@ If the application does not log when successful and unsuccessful attempts to gra
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000492</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222451r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222451r879863_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6854,7 +7117,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6862,7 +7125,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to access security objects (i.e., Collections, Assets, Reviews).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6875,13 +7138,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000493</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222452r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222452r879864_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -6959,7 +7226,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -6967,7 +7234,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to access security levels (i.e., Collection Grants).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -6980,13 +7247,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000494</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222453r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222453r879865_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7070,7 +7341,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7078,7 +7349,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to access all categories of information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7091,13 +7362,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000495</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222454r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222454r879866_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7127,9 +7402,9 @@ Access and open the auditing logs.
 
 Using an admin account, modify the privileges of a privileged user.
 
-Attempt to modify privileges in a manner that will cause a failure event such as attempting to modify a user&#x2019;s privileges with an account that doesn&#x27;t have the rights to do so.
+Attempt to modify privileges in a manner that will cause a failure event such as attempting to modify a user’s privileges with an account that doesn&apos;t have the rights to do so.
 
-Review the application logs and ensure both events were captured in the logs. The event data should include the user&#x2019;s identity and the privilege that was granted and the privilege that failed to be granted.
+Review the application logs and ensure both events were captured in the logs. The event data should include the user’s identity and the privilege that was granted and the privilege that failed to be granted.
 
 If the application does not log when successful and unsuccessful attempts to modify privileges occur, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -7175,7 +7450,7 @@ If the application does not log when successful and unsuccessful attempts to mod
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7183,7 +7458,7 @@ If the application does not log when successful and unsuccessful attempts to mod
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Addressed by Issue #179, must include POST content and JSON reply in audit record.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7196,13 +7471,17 @@ If the application does not log when successful and unsuccessful attempts to mod
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000496</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222455r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222455r879867_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7281,7 +7560,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7289,7 +7568,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to modify security objects (i.e, Collections, Assets, Reviews and Users).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7302,13 +7581,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000497</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222456r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222456r879868_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7390,7 +7673,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7398,7 +7681,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to modify security levels (i.e, Collection Grants).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7411,13 +7694,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000498</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222457r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222457r879869_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7501,7 +7788,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7509,7 +7796,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to modify categories of information (i.e, Collection Grants, Restricted User Access).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7522,13 +7809,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000499</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222458r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222458r879870_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7558,9 +7849,9 @@ Access and open the auditing logs.
 
 Using an admin account, delete some or all of the privileges of a privileged user.
 
-Attempt to delete privileges in a manner that will cause a failure event such as attempting to delete a user&#x2019;s privileges with an account that doesn&#x27;t have the rights to do so.
+Attempt to delete privileges in a manner that will cause a failure event such as attempting to delete a user’s privileges with an account that doesn&apos;t have the rights to do so.
 
-Review the application logs and ensure both events were captured in the logs. The event data should include the user&#x2019;s identity and the privilege that was granted and the privilege that failed to be granted.
+Review the application logs and ensure both events were captured in the logs. The event data should include the user’s identity and the privilege that was granted and the privilege that failed to be granted.
 
 If the application does not log when successful and unsuccessful attempts to delete privileges occur, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -7606,7 +7897,7 @@ If the application does not log when successful and unsuccessful attempts to del
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7614,7 +7905,7 @@ If the application does not log when successful and unsuccessful attempts to del
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Addressed by Issue #179, must include POST content and JSON reply in audit record.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7627,13 +7918,17 @@ If the application does not log when successful and unsuccessful attempts to del
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000500</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222459r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222459r879871_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7715,7 +8010,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7723,7 +8018,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to delete security levels  (i.e, Collection Grants, Restricted User Access).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7736,13 +8031,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000501</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222460r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222460r879872_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7820,7 +8119,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7828,7 +8127,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API does not implement functionality that manipulates database security objects, including deletions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7841,13 +8140,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000502</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222461r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222461r879873_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7931,7 +8234,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -7939,7 +8242,7 @@ If the application does not generate an audit record when successful and unsucce
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to delete categories of information (i.e, Collection Grants, Restricted User Access).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -7952,13 +8255,17 @@ If the application does not generate an audit record when successful and unsucce
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000503</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222462r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222462r879874_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -7984,7 +8291,7 @@ Knowing when a user successfully or unsuccessfully logged on to the application
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Review and monitor the application logs.
 
-Authenticate to the application and observe if the log includes an entry to indicate the user&#x2019;s authentication was successful.
+Authenticate to the application and observe if the log includes an entry to indicate the user’s authentication was successful.
 
 Terminate the user session by logging out.
 
@@ -8034,7 +8341,7 @@ If successful and unsuccessful logon events are not recorded in the logs, this i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8042,7 +8349,7 @@ If successful and unsuccessful logon events are not recorded in the logs, this i
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8055,13 +8362,17 @@ If successful and unsuccessful logon events are not recorded in the logs, this i
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000504</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222463r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222463r879875_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8087,7 +8398,7 @@ Privileged access does not include an application design which does not modify t
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Review and monitor the application logs.
 
-Authenticate to the application as a privileged user and observe if the log includes an entry to indicate the user&#x2019;s authentication was successful.
+Authenticate to the application as a privileged user and observe if the log includes an entry to indicate the user’s authentication was successful.
 
 Perform actions as an admin or other privileged user such as modifying the logging verbosity, or starting or stopping an application service, or terminating a test user session.
 
@@ -8135,7 +8446,7 @@ If log events that correspond with the actions performed are not recorded in the
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8143,7 +8454,7 @@ If log events that correspond with the actions performed are not recorded in the
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>By design, privileged access does not include the ability to modify the application or its configuration.  It only provide users with the functionality or the ability to manage their own user specific preferences or otherwise tailor the application to suit individual user needs based upon choices or selections built into the application.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8156,13 +8467,17 @@ If log events that correspond with the actions performed are not recorded in the
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000505</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222464r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222464r879876_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8174,7 +8489,7 @@ If log events that correspond with the actions performed are not recorded in the
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Knowing when a user&#x2019;s application session began and when it ended is critical information that aids in forensic analysis.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Knowing when a user’s application session began and when it ended is critical information that aids in forensic analysis.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -8232,7 +8547,7 @@ If the start and the end time of the session are not recorded in the logs, this
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8240,7 +8555,7 @@ If the start and the end time of the session are not recorded in the logs, this
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8253,13 +8568,17 @@ If the start and the end time of the session are not recorded in the logs, this
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000507</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222465r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222465r879878_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8335,7 +8654,7 @@ If the application does not log application object access, this is a finding.</A
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8343,7 +8662,7 @@ If the application does not log application object access, this is a finding.</A
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for successful and unsuccessful attempts to access to application objects (i.e, Collections, Assets, Reviews, Users).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8356,13 +8675,17 @@ If the application does not log application object access, this is a finding.</A
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000508</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222466r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222466r879879_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8445,7 +8768,7 @@ If the application does not log all direct access to the system, this is a findi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8453,7 +8776,7 @@ If the application does not log all direct access to the system, this is a findi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The application does not provide direct access to the underlying information system.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8466,13 +8789,17 @@ If the application does not log all direct access to the system, this is a findi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000509</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222467r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222467r918117_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8498,11 +8825,15 @@ Application developers are encouraged to integrate their applications with enter
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Log on to the application as an administrative user.
+          <ATTRIBUTE_DATA>Examine the application documentation or interview the application representative to identify how the application users are managed.
+
+Interview the application administrator and determine if the application is configured to utilize a centralized user management system such as Active Directory for user management or if the application manages user accounts within the application.
 
-Navigate to the user account management functionality. If no user management capability exists within the application, refer to the Enterprise Active Directory or LDAP user management interfaces.
+If the application is configured to use an enterprise-based application user management capability that is STIG compliant, the requirement is not applicable.
+
+Identify the location of the audit logs and review the end of the logs.
 
-Monitor and review the log where the application&#x27;s user activity is recorded.
+Access the user account management functionality.
 
 Create an application test account and then review the log to ensure a log record that documents the event is created.
 
@@ -8510,11 +8841,11 @@ Modify the test account and then review the log to ensure a log record that docu
 
 Disable the test account and then review the log to ensure a log record that documents the event is created.
 
-Terminate/Remove the test account and then review the log to ensure a log record that documents the event is created.
+Terminate/remove the test account and then review the log to ensure a log record that documents the event is created.
 
 If log events are not created that document all of these events, this is a finding.
 
-If some, but not all of the aforementioned events are documented in the logs, this is a finding.
+If some but not all of the aforementioned events are documented in the logs, this is a finding.
 
 Findings should document which of the events was not logged.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -8560,7 +8891,7 @@ Findings should document which of the events was not logged.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8568,7 +8899,7 @@ Findings should document which of the events was not logged.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web app delegates these duties to an OIDC Provider. The OpenID Connect (OIDC) Provider creates, manages and logs user session data.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8581,13 +8912,17 @@ Findings should document which of the events was not logged.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000092</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222468r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222468r879562_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8667,7 +9002,7 @@ If the application does not begin logging events upon start up, this is a findin
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8676,8 +9011,8 @@ If the application does not begin logging events upon start up, this is a findin
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records immediately upon the start of its bootstrapping process.
 
-Your local definition of &#x27;application startup&#x27; may include other components (i.e, OIDC Provider, database, reverse proxies, log servers, etc.) whose compliance with this check must be individually evaluated.</FINDING_DETAILS>
-        <COMMENTS/>
+Your local definition of &apos;application startup&apos; may include other components (i.e, OIDC Provider, database, reverse proxies, log servers, etc.) whose compliance with this check must be individually evaluated.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8690,13 +9025,17 @@ Your local definition of &#x27;application startup&#x27; may include other compo
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000095</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222469r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222469r879563_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8708,8 +9047,8 @@ Your local definition of &#x27;application startup&#x27; may include other compo
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Forensics is a large part of security incident response.  Applications must provide a record of their actions so application events can be investigated post-event.  
-
+          <ATTRIBUTE_DATA>Forensics is a large part of security incident response.  Applications must provide a record of their actions so application events can be investigated post-event.  
+
 Attackers may attempt to shut off the application logging capability to cover their activity while on the system.  Recording the shutdown event and the time it occurred in the application or  system logs helps to provide forensic evidence that aids in investigating the events.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
@@ -8718,12 +9057,12 @@ Attackers may attempt to shut off the application logging capability to cover th
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review and monitor the application and system logs.
-
-If an application shutdown event is not recorded in the logs, either initiate a shutdown event and review the logs after reestablishing access or request backup copies of the application or system logs that indicate shutdown events are being recorded.
-
-Alternatively, check for a setting within the application that controls application logging events and determine if application shutdown logging is configured.
-
+          <ATTRIBUTE_DATA>Review and monitor the application and system logs.
+
+If an application shutdown event is not recorded in the logs, either initiate a shutdown event and review the logs after reestablishing access or request backup copies of the application or system logs that indicate shutdown events are being recorded.
+
+Alternatively, check for a setting within the application that controls application logging events and determine if application shutdown logging is configured.
+
 If the application is not recording application shutdown events in either the application or system log, or if the application is not configured to record shutdown events, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
@@ -8768,7 +9107,7 @@ If the application is not recording application shutdown events in either the ap
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8777,8 +9116,8 @@ If the application is not recording application shutdown events in either the ap
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records after receiving the SIGINT or SIGTERM signal that initiates a shutdown. Addressed by Issue #484
 
-Your local definition of &#x27;application shutdown&#x27; may include other components (i.e, OIDC Provider, database, reverse proxies, log servers, etc.) whose compliance with this check must be individually evaluated.</FINDING_DETAILS>
-        <COMMENTS/>
+Your local definition of &apos;application shutdown&apos; may include other components (i.e, OIDC Provider, database, reverse proxies, log servers, etc.) whose compliance with this check must be individually evaluated.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8791,13 +9130,17 @@ Your local definition of &#x27;application shutdown&#x27; may include other comp
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000095</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222470r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222470r879563_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8875,7 +9218,7 @@ If the IP address of the remote system is not recorded along with the event in t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8883,7 +9226,7 @@ If the IP address of the remote system is not recorded along with the event in t
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records containing the destination IP when retrieving token signing keys from the OIDC Provider or when optionally downloading STIG compilations during  the initial database bootstrap.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8896,13 +9239,17 @@ If the IP address of the remote system is not recorded along with the event in t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000095</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222471r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222471r879563_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -8930,7 +9277,7 @@ If the application design documents include specific data elements that require
 
 Utilize the application as a regular user and operate the application so as to access data elements contained within the application. This includes using the application user interface to browse through data elements, query/search data elements and using report generation capability if it exists.
 
-Observe and determine if the application log includes an entry to indicate the user&#x2019;s access to the data was recorded.
+Observe and determine if the application log includes an entry to indicate the user’s access to the data was recorded.
 
 If successful access to application data elements is not recorded in the logs, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -8976,7 +9323,7 @@ If successful access to application data elements is not recorded in the logs, t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -8984,7 +9331,7 @@ If successful access to application data elements is not recorded in the logs, t
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for user actions involving access to data (i.e, Collections, Assets, Reviews, Users).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -8997,13 +9344,17 @@ If successful access to application data elements is not recorded in the logs, t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000095</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222472r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222472r879563_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9079,7 +9430,7 @@ If successful changes/modifications to application data elements are not recorde
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -9087,7 +9438,7 @@ If successful changes/modifications to application data elements are not recorde
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records for user actions involving changes to data (i.e, Collections, Assets, Reviews, Users).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9100,13 +9451,17 @@ If successful changes/modifications to application data elements are not recorde
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000096</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222473r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222473r879564_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9174,7 +9529,7 @@ If the audit logs do not have a corresponding date and time associated with each
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -9182,7 +9537,7 @@ If the audit logs do not have a corresponding date and time associated with each
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records that are time stamped.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9195,13 +9550,17 @@ If the audit logs do not have a corresponding date and time associated with each
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000097</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222474r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222474r879565_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9293,16 +9652,15 @@ If the audit logs do not contain enough data in the logs to establish which comp
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000132</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The API emits audit records that include a component property. 
-</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The API emits audit records that include a component property.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9315,13 +9673,17 @@ If the audit logs do not contain enough data in the logs to establish which comp
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000098</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222475r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222475r879566_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9335,7 +9697,7 @@ If the audit logs do not contain enough data in the logs to establish which comp
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Without establishing the source, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack.
 
-In the case of centralized logging, or other instances where log files are consolidated, there is risk that the application&#x27;s log data could be co-mingled with other log data.  To address this issue, the application itself must be identified as well as the application host or client name. 
+In the case of centralized logging, or other instances where log files are consolidated, there is risk that the application&apos;s log data could be co-mingled with other log data.  To address this issue, the application itself must be identified as well as the application host or client name. 
 
 In order to compile an accurate risk assessment, and provide forensic analysis, it is essential for security personnel to know the source of the event, particularly in the case of centralized logging.
 
@@ -9401,7 +9763,7 @@ If the application name and the hosts or client names are not identified, this i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -9409,7 +9771,7 @@ If the application name and the hosts or client names are not identified, this i
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records that include an instance property.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9422,13 +9784,17 @@ If the application name and the hosts or client names are not identified, this i
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000099</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222476r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222476r879567_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9458,9 +9824,9 @@ Access the application logs and review the logs to determine if the results of a
 
 Successful application events are expected to far outnumber errors.   Therefore, success events may be implied by default and not specified in the logs if this behavior is documented.
 
-The outcome will be a log record that displays the application event/operation that occurred followed by the result of the operation such as &#x22;ERROR&#x22;, &#x22;FAILURE&#x22;, &#x22;SUCCESS&#x22; or &#x22;PASS&#x22;.
+The outcome will be a log record that displays the application event/operation that occurred followed by the result of the operation such as &quot;ERROR&quot;, &quot;FAILURE&quot;, &quot;SUCCESS&quot; or &quot;PASS&quot;.
 
-Operation outcomes may also be indicated by numeric code where a &#x22;1&#x22; might indicate success and a &#x22;0&#x22; may indicate operation failure.
+Operation outcomes may also be indicated by numeric code where a &quot;1&quot; might indicate success and a &quot;0&quot; may indicate operation failure.
 
 If the application does not produce audit records that contain information regarding the results of application operations, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -9506,7 +9872,7 @@ If the application does not produce audit records that contain information regar
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -9514,7 +9880,7 @@ If the application does not produce audit records that contain information regar
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that contain the response status code.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9527,13 +9893,17 @@ If the application does not produce audit records that contain information regar
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000100</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222477r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222477r879568_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9606,15 +9976,15 @@ If the event logs do not include the appropriate identifier or identifiers, this
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001487</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that include the OAuth2 token claim configured as representing the requesting entity&#x27;s username.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that include the OAuth2 token claim configured as representing the requesting entity&apos;s username.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9627,13 +9997,17 @@ If the event logs do not include the appropriate identifier or identifiers, this
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000101</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222478r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222478r879569_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9713,17 +10087,17 @@ If the application does not log the full text recording of privileged commands o
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000135</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>When logging endpoint requests, if the request includes parameter &#x27;elevate&#x27; == true, the API emits audit records that include the JSON POST content and the JSON reply
+        <FINDING_DETAILS>When logging endpoint requests, if the request includes parameter &apos;elevate&apos; == true, the API emits audit records that include the JSON POST content and the JSON reply
 
 Addressed by Issue #179</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9736,13 +10110,17 @@ Addressed by Issue #179</FINDING_DETAILS>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000101</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222479r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222479r879569_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9812,7 +10190,7 @@ If the application is not configured to utilize transaction logging, this is a f
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -9820,7 +10198,7 @@ If the application is not configured to utilize transaction logging, this is a f
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Implemented by the Data Storage layer</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9833,13 +10211,17 @@ If the application is not configured to utilize transaction logging, this is a f
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000356</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222480r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222480r879729_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -9915,15 +10297,15 @@ If the application does not provide the ability to centrally manage the content
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001844</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -9936,13 +10318,17 @@ If the application does not provide the ability to centrally manage the content
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000358</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222481r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222481r879731_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10022,15 +10408,15 @@ If the logs are not automatically moved off the system as per approved schedule,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10043,13 +10429,17 @@ If the logs are not automatically moved off the system as per approved schedule,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000515</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222482r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222482r879886_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10123,15 +10513,15 @@ If the system is not configured to write the application logs to the centralized
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001851</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10144,13 +10534,17 @@ If the system is not configured to write the application logs to the centralized
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000359</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222483r561236_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222483r879732_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10174,11 +10568,11 @@ The requirement will take into account a reasonable amount of processing time su
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review system documentation and interview application administrator for details regarding logging configuration.  
+          <ATTRIBUTE_DATA>Review system documentation and interview application administrator for details regarding logging configuration. 
 
 If the application utilizes a centralized logging system that provides storage capacity alarming, this requirement is not applicable.
 
-Identify application alarming capability relating to storage capacity alarming for the log repository.  Coordinate with the appropriate personnel regarding the generation of test alarms.
+Identify application alarming capability relating to storage capacity alarming for the log repository. Coordinate with the appropriate personnel regarding the generation of test alarms.
 
 Review log alarm settings and ensure audit log storage capacity alarming is enabled and set to alarm when the storage threshold exceeds 75% of disk storage capacity or the capacity value the SA and ISSO have determined will provide adequate time to plan for capacity expansion.
 
@@ -10228,15 +10622,15 @@ If the application is not configured to send an alarm when storage volume exceed
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001855</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10249,13 +10643,17 @@ If the application is not configured to send an alarm when storage volume exceed
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000360</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222484r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222484r879733_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10335,15 +10733,15 @@ Configure the log alerts to be immediately sent to the application admin/SA and
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001858</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10356,13 +10754,17 @@ Configure the log alerts to be immediately sent to the application admin/SA and
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000108</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222485r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222485r879570_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10444,15 +10846,15 @@ If the application is not configured to alarm on alerts that indicate the audit
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000139</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10465,13 +10867,17 @@ If the application is not configured to alarm on alerts that indicate the audit
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000109</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222486r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222486r879571_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10555,15 +10961,15 @@ If the application does not shut down processing when an audit failure is detect
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000140</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution. Application must be stopped by the Container Platform layer (e.g., k8s).</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution. Application must be stopped by the Container Platform layer (e.g., k8s).</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10576,13 +10982,17 @@ If the application does not shut down processing when an audit failure is detect
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000111</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222487r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222487r879572_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10610,7 +11020,7 @@ Automated mechanisms for centralized reviews and analyses include, for example,
 
 If the application utilizes a centralized logging system that provides the capability to review the log files from one central location, this requirement is not applicable.
 
-Access the application&#x27;s log management utility and review the log files.  Ensure all of the applications logs are reviewable from within the centralized log management function and access to other systems in order to review application logs are not required.
+Access the application&apos;s log management utility and review the log files.  Ensure all of the applications logs are reviewable from within the centralized log management function and access to other systems in order to review application logs are not required.
 
 If all of the application logs are not reviewable from a central location, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -10656,15 +11066,15 @@ If all of the application logs are not reviewable from a central location, this
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000154</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10677,13 +11087,17 @@ If all of the application logs are not reviewable from a central location, this
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000115</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222488r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222488r879574_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10770,15 +11184,15 @@ If the application does not provide the ability to filter audit events, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000158</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10791,13 +11205,17 @@ If the application does not provide the ability to filter audit events, this is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000181</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222489r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222489r879618_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10809,7 +11227,7 @@ If the application does not provide the ability to filter audit events, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The ability to generate on-demand reports, including after the audit data has been subjected to audit reduction, greatly facilitates the organization&#x27;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
+          <ATTRIBUTE_DATA>The ability to generate on-demand reports, including after the audit data has been subjected to audit reduction, greatly facilitates the organization&apos;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
 
 Audit reduction is a process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts. The report generation capability provided by the application must support on-demand (i.e., customizable, ad-hoc, and as-needed) reports.
 
@@ -10888,15 +11306,15 @@ If the application does not provide on demand reports based on the filtered audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001876</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -10909,13 +11327,17 @@ If the application does not provide on demand reports based on the filtered audi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000364</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222490r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222490r879737_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -10927,7 +11349,7 @@ If the application does not provide on demand reports based on the filtered audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The ability to perform on-demand audit review and analysis, including after the audit data has been subjected to audit reduction, greatly facilitates the organization&#x27;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
+          <ATTRIBUTE_DATA>The ability to perform on-demand audit review and analysis, including after the audit data has been subjected to audit reduction, greatly facilitates the organization&apos;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
 
 Audit reduction is a technique used to reduce the volume of audit records in order to facilitate a manual review. Audit reduction does not alter original audit records. The report generation capability provided by the application must support on-demand (i.e., customizable, ad-hoc, and as-needed) reports.
 
@@ -11006,15 +11428,15 @@ If the application does not provide an audit reduction capability that supports
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001875</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11027,13 +11449,17 @@ If the application does not provide an audit reduction capability that supports
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000365</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222491r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222491r879738_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11119,15 +11545,15 @@ If the application does not provide an audit reduction (event filtering) capabil
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001877</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11140,13 +11566,17 @@ If the application does not provide an audit reduction (event filtering) capabil
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000366</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222492r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222492r879739_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11158,7 +11588,7 @@ If the application does not provide an audit reduction (event filtering) capabil
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The report generation capability must support on-demand review and analysis in order to facilitate the organization&#x27;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
+          <ATTRIBUTE_DATA>The report generation capability must support on-demand review and analysis in order to facilitate the organization&apos;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
 
 Report generation must be capable of generating on-demand (i.e., customizable, ad-hoc, and as-needed) reports. On-demand reporting allows personnel to report issues more rapidly to more effectively meet reporting requirements. Collecting log data and aggregating it to present the data in a single, consolidated report achieves this objective.
 
@@ -11228,15 +11658,15 @@ If the application does not provide an immediate, ad-hoc audit review and analys
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001878</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11249,13 +11679,17 @@ If the application does not provide an immediate, ad-hoc audit review and analys
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000367</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222493r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222493r879740_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11267,7 +11701,7 @@ If the application does not provide an immediate, ad-hoc audit review and analys
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The report generation capability must support on-demand reporting in order to facilitate the organization&#x27;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
+          <ATTRIBUTE_DATA>The report generation capability must support on-demand reporting in order to facilitate the organization&apos;s ability to generate incident reports as needed to better handle larger-scale or more complex security incidents.
 
 The report generation capability provided by the application must be capable of generating on-demand (i.e., customizable, ad-hoc, and as-needed) reports. On-demand reporting allows personnel to report issues more rapidly to more effectively meet reporting requirements. Collecting log data and aggregating it to present the data in a single, consolidated report achieves this objective.
 
@@ -11335,15 +11769,15 @@ If the application does not provide customizable, immediate, ad-hoc audit log re
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001879</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11356,13 +11790,17 @@ If the application does not provide customizable, immediate, ad-hoc audit log re
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000368</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222494r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222494r879741_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11442,15 +11880,15 @@ If the application does not have a report generation capability that supports af
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001880</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11463,13 +11901,17 @@ If the application does not have a report generation capability that supports af
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000369</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222495r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222495r879742_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11555,15 +11997,15 @@ If the application of event filters modifies the original log records, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001881</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11576,13 +12018,17 @@ If the application of event filters modifies the original log records, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000370</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222496r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222496r879743_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11668,15 +12114,15 @@ If the application of event filters modifies the original log records, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001882</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11689,13 +12135,17 @@ If the application of event filters modifies the original log records, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000116</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222497r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222497r879575_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11729,7 +12179,7 @@ Access the system OS hosting the application and use the related OS commands to
 
 Perform an action in the application that causes a log event to be written and review the log to ensure the system times and the application log times correlate; compensating for any time delays that may have occurred between running the OS time command and running the application action.
 
-If the application doesn&#x27;t use the internal system clocks to generate time stamps for the audit event logs, this is a finding.</ATTRIBUTE_DATA>
+If the application doesn&apos;t use the internal system clocks to generate time stamps for the audit event logs, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
@@ -11773,7 +12223,7 @@ If the application doesn&#x27;t use the internal system clocks to generate time
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -11781,7 +12231,7 @@ If the application doesn&#x27;t use the internal system clocks to generate time
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records with a time stamp generated from the system clock.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11794,13 +12244,17 @@ If the application doesn&#x27;t use the internal system clocks to generate time
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000374</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222498r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222498r879747_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11876,7 +12330,7 @@ If the application is not configured to map to UTC or GMT, this is a finding.</A
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -11884,7 +12338,7 @@ If the application is not configured to map to UTC or GMT, this is a finding.</A
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records with the time stamp represented as an ISO-8601 string, including time zone.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11897,13 +12351,17 @@ If the application is not configured to map to UTC or GMT, this is a finding.</A
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000375</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222499r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222499r879748_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -11975,7 +12433,7 @@ If the application audit log time stamps differ from the OS time source by more
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -11983,7 +12441,7 @@ If the application audit log time stamps differ from the OS time source by more
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API emits audit records with millisecond time stamp precision.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -11996,13 +12454,17 @@ If the application audit log time stamps differ from the OS time source by more
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000118</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222500r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222500r879576_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12090,15 +12552,15 @@ If a non-privileged user account is allowed to access the audit data or the audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000162</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12111,13 +12573,17 @@ If a non-privileged user account is allowed to access the audit data or the audi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000119</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222501r561239_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222501r879577_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12205,15 +12671,15 @@ If a non-privileged user account is allowed to modify the audit data or the audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000163</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12226,13 +12692,17 @@ If a non-privileged user account is allowed to modify the audit data or the audi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000120</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222502r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222502r879578_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12320,15 +12790,15 @@ If a non-privileged user account is allowed to delete the audit data or the audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000164</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12341,13 +12811,17 @@ If a non-privileged user account is allowed to delete the audit data or the audi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000121</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222503r561242_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222503r879579_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12431,15 +12905,15 @@ If a non-privileged user account is allowed to access the audit data or the audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001493</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12452,13 +12926,17 @@ If a non-privileged user account is allowed to access the audit data or the audi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000122</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222504r561290_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222504r879580_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12540,15 +13018,15 @@ If file permissions are configured so as to allow unapproved modifications to th
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001494</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12561,13 +13039,17 @@ If file permissions are configured so as to allow unapproved modifications to th
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000123</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222505r561245_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222505r879581_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12649,15 +13131,15 @@ If file permissions are configured to allow unapproved deletions of the audit to
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001495</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12670,13 +13152,17 @@ If file permissions are configured to allow unapproved deletions of the audit to
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000125</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222506r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222506r879582_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12752,15 +13238,15 @@ If the application backup settings are not configured to backup application audi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001348</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12773,13 +13259,17 @@ If the application backup settings are not configured to backup application audi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000126</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222507r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222507r879583_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12857,15 +13347,15 @@ If an integrity check is not created to protect the integrity of the audit infor
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001350</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12879,12 +13369,16 @@ If an integrity check is not created to protect the integrity of the audit infor
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
-          <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000290</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222508r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222508r879668_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -12904,7 +13398,7 @@ It is not uncommon for attackers to replace the audit tools or inject code into
 
 To address this risk, audit tools must be cryptographically signed/hashed and the resulting value securely stored in order to provide the capability to identify when the audit tools have been modified, manipulated or replaced.
 
-Some OSs provide a native command line tool capable of extracting or creating a hash value. Care must be taken to ensure any hashing algorithm strength used is acceptable.  An example is UNIX OS variants that provide the &#x22;shasum&#x22; utility with SHA256 capabilities.  Windows is not known to provide a native cryptographic tool that utilizes an acceptable hashing algorithm.  The Windows fciv.exe checksum tool currently only utilizes MD5 and SHA1 which are not acceptable hashing algorithms.</ATTRIBUTE_DATA>
+Some OSs provide a native command line tool capable of extracting or creating a hash value. Care must be taken to ensure any hashing algorithm strength used is acceptable.  An example is UNIX OS variants that provide the &quot;shasum&quot; utility with SHA256 capabilities.  Windows is not known to provide a native cryptographic tool that utilizes an acceptable hashing algorithm.  The Windows fciv.exe checksum tool currently only utilizes MD5 and SHA1 which are not acceptable hashing algorithms.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -12924,7 +13418,7 @@ If the system hosting the application has a separate file monitoring utility ins
 
 Ask application administrator to demonstrate the cryptographic hashing mechanisms used to create the one way hashes that can be used to validate the integrity of audit tools.
 
-For example, &#x22;shasum /path/to/file &#x3E; checksum.filename&#x22;.
+For example, &quot;shasum /path/to/file &gt; checksum.filename&quot;.
 
 Ask the application administrator to provide the list of checksum values and the associated file names of the audit tools.
 
@@ -12972,15 +13466,15 @@ If a cryptographic checksum or hash value of the audit tool file is not created
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001496</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution. The project does not provide a separate tool in the form of a file which provides an ability to view and manipulate application log data, query data, or generate reports</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution. The project does not provide a separate tool in the form of a file which provides an ability to view and manipulate application log data, query data, or generate reports</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -12993,13 +13487,17 @@ If a cryptographic checksum or hash value of the audit tool file is not created
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000290</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222509r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222509r879668_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13081,15 +13579,15 @@ If a cryptographic checksum or hash value of the audit tool file is not periodic
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001496</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution. The project does not provide a separate tool in the form of a file which provides an ability to view and manipulate application log data, query data or generate reports.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution. The project does not provide a separate tool in the form of a file which provides an ability to view and manipulate application log data, query data or generate reports.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13102,13 +13600,17 @@ If a cryptographic checksum or hash value of the audit tool file is not periodic
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000378</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222510r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222510r879751_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13188,7 +13690,7 @@ If the application allows regular users to install untested or unapproved softwa
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13196,7 +13698,7 @@ If the application allows regular users to install untested or unapproved softwa
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project does not provide the ability to install software components, modules, plugins, or extensions,</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13209,13 +13711,17 @@ If the application allows regular users to install untested or unapproved softwa
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000380</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222511r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222511r879753_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13295,7 +13801,7 @@ If access permissions to configuration files are not restricted to application a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13303,7 +13809,7 @@ If access permissions to configuration files are not restricted to application a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The application cannot configure itself, and does not offer any configuration mechanisms that are affected by users or config files.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13316,13 +13822,17 @@ If access permissions to configuration files are not restricted to application a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000381</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222512r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222512r879754_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13356,7 +13866,7 @@ Review the application audit logs and ensure a log entry is made identifying the
 
 If application configuration is maintained by using a text editor to modify a configuration file, modify the configuration file with a text editor. Review the system logs and ensure a log entry is made for the file modification that identifies the user that was used to make the changes.
 
-If the user account is not logged, or is a group account such as &#x22;root&#x22;, this is a finding.
+If the user account is not logged, or is a group account such as &quot;root&quot;, this is a finding.
 
 If the user account used to make the changes is not logged in the audit records, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -13402,7 +13912,7 @@ If the user account used to make the changes is not logged in the audit records,
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13410,7 +13920,7 @@ If the user account used to make the changes is not logged in the audit records,
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The application cannot configure itself, and does not offer any configuration mechanisms that are affected by users or config files. The project should be deployed with a Application Services layer (Container Platform such as k8s)  that audits configuration changes to the application.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13423,13 +13933,17 @@ If the user account used to make the changes is not logged in the audit records,
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000131</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222513r561248_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222513r879584_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13507,7 +14021,7 @@ Provide a cryptographic hash value that can be verified by a system administrato
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13515,7 +14029,7 @@ Provide a cryptographic hash value that can be verified by a system administrato
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The application is offered as containerized API/Web Client builds that are signed using Docker Content Trust.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13528,13 +14042,17 @@ Provide a cryptographic hash value that can be verified by a system administrato
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000133</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222514r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222514r879586_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13612,7 +14130,7 @@ If file restrictions do not limit write access to library files and if the appli
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13620,7 +14138,7 @@ If file restrictions do not limit write access to library files and if the appli
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The API is designed to be stateless and runnable in a read-only  container.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13633,13 +14151,17 @@ If file restrictions do not limit write access to library files and if the appli
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222515r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222515r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13736,7 +14258,7 @@ If the high risk issues identified in the report have not been fixed or mitigate
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13744,7 +14266,7 @@ If the high risk issues identified in the report have not been fixed or mitigate
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Deployments must be scanned according to individual or organizational policies. Developers scan the codebase regularly in a test environment, but this is only one component of a functioning production deployment.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13757,13 +14279,17 @@ If the high risk issues identified in the report have not been fixed or mitigate
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000384</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222516r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222516r879757_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13839,7 +14365,7 @@ If application requirements or policy documents specify application execution re
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13847,7 +14373,7 @@ If application requirements or policy documents specify application execution re
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Organization-defined policies regarding software program usage and restrictions, and/or rules authorizing the terms and conditions of software program usage are determined locally and not by the project.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13860,13 +14386,17 @@ If application requirements or policy documents specify application execution re
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000386</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222517r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222517r879759_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13944,7 +14474,7 @@ If application whitelisting is not utilized or does not follow a deny-all, permi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -13952,7 +14482,7 @@ If application whitelisting is not utilized or does not follow a deny-all, permi
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The application is not a configuration management or similar type of application designed to manage system processes and configurations, this requirement is not applicable.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -13965,13 +14495,17 @@ If application whitelisting is not utilized or does not follow a deny-all, permi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000141</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222518r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222518r879587_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -13997,7 +14531,7 @@ Examples of non-essential capabilities include, but are not limited to, advertis
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Review the application guidance, application requirements documentation, and interview the application administrator.
 
-Identify the application&#x27;s operational requirements and what services the application is intended to provide users.
+Identify the application&apos;s operational requirements and what services the application is intended to provide users.
 
 Review the overall application features and functionality via the user interface.
 
@@ -14009,7 +14543,7 @@ If the application is operating with extraneous capabilities that have not been
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Disable application extraneous application functionality that is not required in order to fulfill the application&#x27;s mission.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Disable application extraneous application functionality that is not required in order to fulfill the application&apos;s mission.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -14049,7 +14583,7 @@ If the application is operating with extraneous capabilities that have not been
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14057,7 +14591,7 @@ If the application is operating with extraneous capabilities that have not been
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The application runs only essential services needed for operation.  Container images are based on either the Alpine Linux distribution or the Iron Bank Universal Base Image (UBI).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14070,13 +14604,17 @@ If the application is operating with extraneous capabilities that have not been
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000142</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222519r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222519r918119_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14106,15 +14644,11 @@ Interview the application administrator.
 
 Identify the network ports and protocols that are utilized by the application.
 
-Using a combination of relevant OS commands and application configuration utilities identify the TCP/IP port numbers the application is configured to utilize and is utilizing.
-
-Review the PPSM web page at:
+Using a combination of relevant OS commands and application configuration utilities, identify the TCP/IP port numbers the application is configured to utilize and is utilizing.
 
-http://www.disa.mil/Network-Services/Enterprise-Connections/PPSM
+Review the PPSM Category Assurance List (CAL) at: 
 
-Review the PPSM Category Assurance List (CAL) directly at the following link: 
-
-https://disa.deps.mil/ext/cop/iase/ppsm/Pages/cal.aspx
+https://cyber.mil/ppsm/cal/
 
 Verify the ports used by the application are approved by the PPSM CAL.
 
@@ -14162,7 +14696,7 @@ If the ports are not approved by the PPSM CAL, this is a finding.</ATTRIBUTE_DAT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14170,7 +14704,7 @@ If the ports are not approved by the PPSM CAL, this is a finding.</ATTRIBUTE_DAT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>PPS features are implemented by the Container Platform service.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14183,13 +14717,17 @@ If the ports are not approved by the PPSM CAL, this is a finding.</ATTRIBUTE_DAT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000389</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222520r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222520r879762_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14236,7 +14774,7 @@ Authenticate to the application as the user in the User role.
 
 Access the application functionality that allows the user to change their role and change from the User role to the Report Creator role.
 
-If the user is not prompted to reauthenticate before the user&#x2019;s role is changed, this is a finding.
+If the user is not prompted to reauthenticate before the user’s role is changed, this is a finding.
 
 Log out of the application and log back in as the User role.
 
@@ -14288,7 +14826,7 @@ If the user is not prompted to reauthenticate before the user is allowed to proc
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14296,7 +14834,7 @@ If the user is not prompted to reauthenticate before the user is allowed to proc
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider. Reauthentication policies are locally defined and implemented.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14309,13 +14847,17 @@ If the user is not prompted to reauthenticate before the user is allowed to proc
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000390</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222521r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222521r879763_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14400,7 +14942,7 @@ If the device is not forced to reauthenticate periodically, this is a finding.</
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14408,7 +14950,7 @@ If the device is not forced to reauthenticate periodically, this is a finding.</
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider. Reauthentication policies are locally defined and implemented.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14421,13 +14963,17 @@ If the device is not forced to reauthenticate periodically, this is a finding.</
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000148</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222522r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222522r879589_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14506,7 +15052,7 @@ If the application does not uniquely identify and authenticate users, this is a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14514,7 +15060,7 @@ If the application does not uniquely identify and authenticate users, this is a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14527,13 +15073,17 @@ If the application does not uniquely identify and authenticate users, this is a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000149</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222523r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222523r879590_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14552,7 +15102,7 @@ Factors include:
 (ii) something a user has (e.g., cryptographic identification device, token); or
 (iii) something a user is (e.g., biometric).
 
-Multifactor authentication decreases the attack surface by virtue of the fact that attackers must obtain two factors, a physical token or a biometric and a PIN, in order to authenticate.  It is not enough to simply steal a user&#x27;s password to obtain access.  
+Multifactor authentication decreases the attack surface by virtue of the fact that attackers must obtain two factors, a physical token or a biometric and a PIN, in order to authenticate.  It is not enough to simply steal a user&apos;s password to obtain access.  
 
 A privileged account is defined as an information system account with authorizations of a privileged user.  
 
@@ -14618,7 +15168,7 @@ If the application allows administrative access to the application without requi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14626,7 +15176,7 @@ If the application allows administrative access to the application without requi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14639,13 +15189,17 @@ If the application allows administrative access to the application without requi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000391</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222524r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222524r879764_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14719,7 +15273,7 @@ If the application allows access without requiring a CAC, this is a finding.</AT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14727,7 +15281,7 @@ If the application allows access without requiring a CAC, this is a finding.</AT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14740,13 +15294,17 @@ If the application allows access without requiring a CAC, this is a finding.</AT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000392</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222525r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222525r879765_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14824,7 +15382,7 @@ If the application allows access without requiring a CAC, this is a finding.</AT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14832,7 +15390,7 @@ If the application allows access without requiring a CAC, this is a finding.</AT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider. Reauthentication policies are locally defined and implemented.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14845,13 +15403,17 @@ If the application allows access without requiring a CAC, this is a finding.</AT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000150</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222526r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222526r879591_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14939,7 +15501,7 @@ If the application allows access without requiring a CAC or Alt. Token, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -14947,7 +15509,7 @@ If the application allows access without requiring a CAC or Alt. Token, this is
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -14960,13 +15522,17 @@ If the application allows access without requiring a CAC or Alt. Token, this is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000151</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222527r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222527r879592_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -14985,7 +15551,7 @@ Factors include:
 (ii) something a user has (e.g., cryptographic identification device, token); or
 (iii) something a user is (e.g., biometric).
 
-Multifactor authentication decreases the attack surface by virtue of the fact that attackers must obtain two factors, a physical token or a biometric and a PIN, in order to authenticate.  It is not enough to simply steal a user&#x27;s password to obtain access.  
+Multifactor authentication decreases the attack surface by virtue of the fact that attackers must obtain two factors, a physical token or a biometric and a PIN, in order to authenticate.  It is not enough to simply steal a user&apos;s password to obtain access.  
 
 A privileged account is defined as an information system account with authorizations of a privileged user.  
 
@@ -15053,7 +15619,7 @@ If the application allows administrative access to the application without requi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15061,7 +15627,7 @@ If the application allows administrative access to the application without requi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15074,13 +15640,17 @@ If the application allows administrative access to the application without requi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000152</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222528r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222528r879593_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15167,7 +15737,7 @@ If the application allows access without requiring a CAC or Alt. Token, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15175,7 +15745,7 @@ If the application allows access without requiring a CAC or Alt. Token, this is
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15188,13 +15758,17 @@ If the application allows access without requiring a CAC or Alt. Token, this is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000153</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222529r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222529r879594_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15274,7 +15848,7 @@ If the application allows access without first requiring the group member to aut
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15282,7 +15856,7 @@ If the application allows access without first requiring the group member to aut
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not use group or shared accounts.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15295,13 +15869,17 @@ If the application allows access without first requiring the group member to aut
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000156</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222530r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222530r879597_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15313,12 +15891,12 @@ If the application allows access without first requiring the group member to aut
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack.
-
-An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
-
-A privileged account is any information system account with authorizations of a privileged user.
-
+          <ATTRIBUTE_DATA>A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack.
+
+An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
+
+A privileged account is any information system account with authorizations of a privileged user.
+
 Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
@@ -15327,26 +15905,26 @@ Techniques used to address this include protocols using nonces (e.g., numbers ge
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review application documentation and interview application administrator to identify what authentication mechanisms are used when accessing the application.
-
-If the application is hosting publicly releasable information that does not require authentication, or if the application users are not eligible for a DoD CAC as per DoD 8520, this requirement is not applicable.
-
-Review to ensure the application is utilizing TLSV1.2 or greater to protect communication and privileged user authentication traffic.
-
-Verify the application utilizes a strong authentication mechanism such as Kerberos, IPSEC, or Secure Shell (SSH).
-
-- Cryptographically sign web services packets.
-- Time stamps and cryptographic hashes are used with web services packets.
-- Use WS_Security for web services.
-
-Request the most recent vulnerability scan results and configuration settings.
-
-Verify the configuration is set to test for known replay vulnerabilities.
-
-Request code review results (if available) and review for issues that have been identified as potential replay attack vulnerabilities.
-
-Verify identified issues have been remediated.
-
+          <ATTRIBUTE_DATA>Review application documentation and interview application administrator to identify what authentication mechanisms are used when accessing the application.
+
+If the application is hosting publicly releasable information that does not require authentication, or if the application users are not eligible for a DoD CAC as per DoD 8520, this requirement is not applicable.
+
+Review to ensure the application is utilizing TLSV1.2 or greater to protect communication and privileged user authentication traffic.
+
+Verify the application utilizes a strong authentication mechanism such as Kerberos, IPSEC, or Secure Shell (SSH).
+
+- Cryptographically sign web services packets.
+- Time stamps and cryptographic hashes are used with web services packets.
+- Use WS_Security for web services.
+
+Request the most recent vulnerability scan results and configuration settings.
+
+Verify the configuration is set to test for known replay vulnerabilities.
+
+Request code review results (if available) and review for issues that have been identified as potential replay attack vulnerabilities.
+
+Verify identified issues have been remediated.
+
 If the application is not implementing replay-resistant authentication methods applicable to the application architecture, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
@@ -15391,7 +15969,7 @@ If the application is not implementing replay-resistant authentication methods a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15399,7 +15977,7 @@ If the application is not implementing replay-resistant authentication methods a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Replay-resistant authentication mechanisms are implemented by the OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15412,13 +15990,17 @@ If the application is not implementing replay-resistant authentication methods a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000157</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222531r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222531r879598_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15430,14 +16012,14 @@ If the application is not implementing replay-resistant authentication methods a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>A replay attack is a man-in-the-middle style attack which allows an attacker to repeat or alter a valid data transmission that may enable unauthorized access to the application. Authentication sessions between the authenticating client and the application server validating the user credentials must not be vulnerable to a replay attack.
-
-The protection methods selected to protect against a replay attack will vary according to the application architecture.
-
-An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
-
-A non-privileged account is any operating system account with authorizations of a non-privileged user.
-
+          <ATTRIBUTE_DATA>A replay attack is a man-in-the-middle style attack which allows an attacker to repeat or alter a valid data transmission that may enable unauthorized access to the application. Authentication sessions between the authenticating client and the application server validating the user credentials must not be vulnerable to a replay attack.
+
+The protection methods selected to protect against a replay attack will vary according to the application architecture.
+
+An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
+
+A non-privileged account is any operating system account with authorizations of a non-privileged user.
+
 Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one time use) or challenges (e.g., TLS, WS_Security) and PKI certificates. Additional techniques include time-synchronous or challenge-response one-time authenticators.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
@@ -15446,26 +16028,26 @@ Techniques used to address this include protocols using nonces (e.g., numbers ge
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator to identify what authentication mechanisms are used when accessing the application.
-
-If the application is hosting publicly releasable information that does not require authentication, or if the application users are not eligible for a DoD CAC as per DoD 8520, this requirement is not applicable.
-
-Review to ensure the application is utilizing TLSV1.2 or greater to protect communication and non-privileged user authentication traffic.
-
-Verify the application utilizes a strong authentication mechanism such as Kerberos, IPSEC, or Secure Shell (SSH).
-
-- Cryptographically sign web services packets.
-- Time stamps and cryptographic hashes are used with web services packets.
-- Use WS_Security for web services.
-
-Request the most recent vulnerability scan results and configuration settings.
-
-Verify the configuration is set to test for known replay vulnerabilities.
-
-Request code review results (if available) and review for issues that have been identified as potential replay attack vulnerabilities.
-
-Verify identified issues have been remediated.
-
+          <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator to identify what authentication mechanisms are used when accessing the application.
+
+If the application is hosting publicly releasable information that does not require authentication, or if the application users are not eligible for a DoD CAC as per DoD 8520, this requirement is not applicable.
+
+Review to ensure the application is utilizing TLSV1.2 or greater to protect communication and non-privileged user authentication traffic.
+
+Verify the application utilizes a strong authentication mechanism such as Kerberos, IPSEC, or Secure Shell (SSH).
+
+- Cryptographically sign web services packets.
+- Time stamps and cryptographic hashes are used with web services packets.
+- Use WS_Security for web services.
+
+Request the most recent vulnerability scan results and configuration settings.
+
+Verify the configuration is set to test for known replay vulnerabilities.
+
+Request code review results (if available) and review for issues that have been identified as potential replay attack vulnerabilities.
+
+Verify identified issues have been remediated.
+
 If the application is not implementing replay-resistant authentication methods applicable to the application architecture, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
@@ -15510,7 +16092,7 @@ If the application is not implementing replay-resistant authentication methods a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15518,7 +16100,7 @@ If the application is not implementing replay-resistant authentication methods a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Replay-resistant authentication mechanisms are implemented by the OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15531,13 +16113,17 @@ If the application is not implementing replay-resistant authentication methods a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000158</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222532r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222532r879599_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15551,9 +16137,9 @@ If the application is not implementing replay-resistant authentication methods a
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Without identifying devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity.
 
-With one way SSL authentication which is the typical form of SSL authentication done between a web browser client and a web server, the client requests the server certificate to validate the server&#x27;s identity and establish a secure connection.
+With one way SSL authentication which is the typical form of SSL authentication done between a web browser client and a web server, the client requests the server certificate to validate the server&apos;s identity and establish a secure connection.
 
-When SSL mutual authentication is used, the server is configured to request the client&#x2019;s certificate as well so the server can also identify the client.
+When SSL mutual authentication is used, the server is configured to request the client’s certificate as well so the server can also identify the client.
 
 For distributed architectures (e.g., service-oriented architectures), the decisions regarding the validation of identification claims may be made by services separate from the services acting on those decisions. In such situations, it is necessary to provide the identification decisions (as opposed to the actual identifiers) to the services that need to act on those decisions.
 
@@ -15588,7 +16174,7 @@ E.g., web.xml stored in WEB-INF/ sub directory of the application root folder.
 
 Open the web.xml file using a text editor.
 
-Verify the application deployment descriptor for the application and the resource requiring protection under the &#x22;login-config&#x22; element is set to CLIENT-CERT.
+Verify the application deployment descriptor for the application and the resource requiring protection under the &quot;login-config&quot; element is set to CLIENT-CERT.
 
 If SSL mutual authentication is required and is not being utilized, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -15634,7 +16220,7 @@ If SSL mutual authentication is required and is not being utilized, this is a fi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15642,7 +16228,7 @@ If SSL mutual authentication is required and is not being utilized, this is a fi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Mutual authentication mechanisms are implemented by the OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15655,13 +16241,17 @@ If SSL mutual authentication is required and is not being utilized, this is a fi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000394</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222533r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222533r879767_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15748,7 +16338,7 @@ If no authentication mechanism is used to authenticate remote service consumers/
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -15756,7 +16346,7 @@ If no authentication mechanism is used to authenticate remote service consumers/
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>All API endpoint access requires a valid OAuth2 token issued by the application OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15769,13 +16359,17 @@ If no authentication mechanism is used to authenticate remote service consumers/
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000395</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222534r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222534r879768_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15789,9 +16383,9 @@ If no authentication mechanism is used to authenticate remote service consumers/
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Without identifying devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity.
 
-One way SSL/TLS authentication is the typical form of  authentication done between a web browser client and a web server. The client requests the server certificate to validate the server&#x27;s identity and establish a secure connection.
+One way SSL/TLS authentication is the typical form of  authentication done between a web browser client and a web server. The client requests the server certificate to validate the server&apos;s identity and establish a secure connection.
 
-When SSL/TLS mutual authentication is used, the server is configured to request the client&#x2019;s certificate as well so the server can also identify the client. This form of authentication is normally chosen for system to system communications that leverage HTTP as the transport.
+When SSL/TLS mutual authentication is used, the server is configured to request the client’s certificate as well so the server can also identify the client. This form of authentication is normally chosen for system to system communications that leverage HTTP as the transport.
 
 It should be noted that SSL is being deprecated and replaced with TLS.
 
@@ -15823,7 +16417,7 @@ Verify endpoints are configured for client authentication (mutual authentication
 
 Some application architectures configure their settings in text/xml formatted files; in that case, have the application administrator identify the configuration files used by the application (e.g., web.xml stored in WEB-INF/ sub directory of the application root folder).
 
-Open the web.xml file using a text editor and verify the application deployment descriptor for the application and the resource requiring protection under the &#x22;login-config&#x22; element is set to CLIENT-CERT.
+Open the web.xml file using a text editor and verify the application deployment descriptor for the application and the resource requiring protection under the &quot;login-config&quot; element is set to CLIENT-CERT.
 
 If SSL/TLS mutual authentication is required due to the application processing non-releasable data and SSL/TLS mutual authentication not being utilized, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -15869,15 +16463,15 @@ If SSL/TLS mutual authentication is required due to the application processing n
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001967</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.  Devices should perform mutual authentication with the OIDC Provider via the  &#x27;client credentials&#x27; flow with Signed JWT or equivalent  PKI technologies.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.  Devices should perform mutual authentication with the OIDC Provider via the  &apos;client credentials&apos; flow with Signed JWT or equivalent  PKI technologies.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -15890,13 +16484,17 @@ If SSL/TLS mutual authentication is required due to the application processing n
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000163</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222535r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222535r879600_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -15990,15 +16588,15 @@ If the application does not disable accounts used to authenticate devices after
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000795</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider. Devices should perform mutual authentication with the OIDC Provider via the  &#x27;client credentials&#x27; flow with Signed JWT or equivalent  PKI technologies.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider. Devices should perform mutual authentication with the OIDC Provider via the  &apos;client credentials&apos; flow with Signed JWT or equivalent  PKI technologies.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16011,13 +16609,17 @@ If the application does not disable accounts used to authenticate devices after
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000164</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222536r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222536r879601_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16105,7 +16707,7 @@ If a password shorter than 15 characters can be created, this is a finding.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16113,7 +16715,7 @@ If a password shorter than 15 characters can be created, this is a finding.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16126,13 +16728,17 @@ If a password shorter than 15 characters can be created, this is a finding.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000166</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222537r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222537r879603_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16218,7 +16824,7 @@ If a password without at least one upper-case character can be created, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16226,7 +16832,7 @@ If a password without at least one upper-case character can be created, this is
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16239,13 +16845,17 @@ If a password without at least one upper-case character can be created, this is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000167</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222538r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222538r879604_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16331,7 +16941,7 @@ If a password without at least one lower-case character can be created, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16339,7 +16949,7 @@ If a password without at least one lower-case character can be created, this is
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16352,13 +16962,17 @@ If a password without at least one lower-case character can be created, this is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000168</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222539r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222539r879605_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16444,7 +17058,7 @@ If a password without at least one numeric character can be created, this is a f
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16452,7 +17066,7 @@ If a password without at least one numeric character can be created, this is a f
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16465,13 +17079,17 @@ If a password without at least one numeric character can be created, this is a f
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000169</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222540r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222540r879606_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16557,7 +17175,7 @@ If a password without at least one special character can be created, this is a f
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16565,7 +17183,7 @@ If a password without at least one special character can be created, this is a f
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16578,13 +17196,17 @@ If a password without at least one special character can be created, this is a f
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000170</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222541r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222541r879607_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16670,7 +17292,7 @@ If less than 8 characters of the password are changed, this is a finding.</ATTRI
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16678,7 +17300,7 @@ If less than 8 characters of the password are changed, this is a finding.</ATTRI
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16691,13 +17313,17 @@ If less than 8 characters of the password are changed, this is a finding.</ATTRI
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000171</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222542r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222542r879608_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16721,7 +17347,7 @@ and
 
 - When the application is publicly available and or hosting publicly releasable data requiring some degree of need-to-know protection.
 
-Passwords need to be protected at all times and using a strong one-way hashing encryption algorithm with a salt is the standard method for providing a means to validate a user&#x27;s password without having to store the actual password.  
+Passwords need to be protected at all times and using a strong one-way hashing encryption algorithm with a salt is the standard method for providing a means to validate a user&apos;s password without having to store the actual password.  
 
 Performance and time required to access are factors that must be considered and the one way hash is the most feasible means of securing the password and providing an acceptable measure of password security.  If passwords are stored in clear text, they can be plainly read and easily compromised.
 
@@ -16750,7 +17376,7 @@ Applications must only store passwords that have been cryptographically protecte
 
 If the application does not use passwords, the requirement is not applicable.
 
-Have the application administrator identify the application&#x27;s password storage locations.  Potential locations include the local file system where the application is stored or in an application-related database table that should not be accessible to application users.
+Have the application administrator identify the application&apos;s password storage locations.  Potential locations include the local file system where the application is stored or in an application-related database table that should not be accessible to application users.
 
 Review application files and folders using a text editor or by using a database tool that allows you to view data stored in database tables.  Look for indications of stored user information and review that information.  Determine if password strings are readable/discernable.
 
@@ -16804,7 +17430,7 @@ Ensure strong access control permissions on data files containing authentication
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16812,7 +17438,7 @@ Ensure strong access control permissions on data files containing authentication
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16825,13 +17451,17 @@ Ensure strong access control permissions on data files containing authentication
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000172</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222543r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222543r879609_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16873,7 +17503,7 @@ Identify when the application transmits passwords. This will most likely be when
 
 Access the application management interface with a test account and access the functionality that requires a password be provided. If the interface is via a web browser, verify the web browser has gone secure prior to entering any password or authentication information.
 
-This can be done by viewing the browser and observing a &#x201C;lock&#x201D; icon displayed somewhere in the browser as well as an https:// to indicate an SSL connection. Most browsers display this in the upper left hand corner.
+This can be done by viewing the browser and observing a “lock” icon displayed somewhere in the browser as well as an https:// to indicate an SSL connection. Most browsers display this in the upper left hand corner.
 
 If the application is transmitting the password rather than the user, obtain design documentation from the application admin that provides the details on how they are protecting the password during transmission. This will usually be via a TLS/SSL tunneled connection or VPN.
 
@@ -16921,7 +17551,7 @@ If the passwords are not encrypted when being transmitted, this is a finding.</A
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -16929,7 +17559,7 @@ If the passwords are not encrypted when being transmitted, this is a finding.</A
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -16942,13 +17572,17 @@ If the passwords are not encrypted when being transmitted, this is a finding.</A
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000173</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222544r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222544r879610_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -16974,7 +17608,7 @@ and
 
 Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement.
 
-Restricting this setting limits the user&#x27;s ability to change their password. Passwords need to be changed at specific policy-based intervals; however, if the application allows the user to immediately and continually change their password, then the password could be repeatedly changed in a short period of time to defeat the organization&#x27;s policy regarding password reuse.</ATTRIBUTE_DATA>
+Restricting this setting limits the user&apos;s ability to change their password. Passwords need to be changed at specific policy-based intervals; however, if the application allows the user to immediately and continually change their password, then the password could be repeatedly changed in a short period of time to defeat the organization&apos;s policy regarding password reuse.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -17034,7 +17668,7 @@ If a password can be changed more than once within 24 hours, the minimum lifetim
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17042,7 +17676,7 @@ If a password can be changed more than once within 24 hours, the minimum lifetim
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17055,13 +17689,17 @@ If a password can be changed more than once within 24 hours, the minimum lifetim
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000174</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222545r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222545r879611_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17149,7 +17787,7 @@ If user passwords are not configured to expire after 60 days, or if the applicat
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17157,7 +17795,7 @@ If user passwords are not configured to expire after 60 days, or if the applicat
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17170,13 +17808,17 @@ If user passwords are not configured to expire after 60 days, or if the applicat
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000165</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222546r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222546r879602_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17264,7 +17906,7 @@ If the application does not prevent users from reusing their previous 5 password
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17272,7 +17914,7 @@ If the application does not prevent users from reusing their previous 5 password
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17285,13 +17927,17 @@ If the application does not prevent users from reusing their previous 5 password
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000397</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222547r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222547r879770_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17331,7 +17977,7 @@ If the application does not use passwords, the requirement is not applicable.
 
 Access the application management interface and view the user password settings page.
 
-Review user password settings and validate the application is configured to specify when a password is temporary and force a password change when the administrator either creates a new user account or changes a user&#x2019;s password.
+Review user password settings and validate the application is configured to specify when a password is temporary and force a password change when the administrator either creates a new user account or changes a user’s password.
 
 If the application can not specify a password as temporary and force the user to change the temporary password upon successful authentication, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -17377,7 +18023,7 @@ If the application can not specify a password as temporary and force the user to
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17385,7 +18031,7 @@ If the application can not specify a password as temporary and force the user to
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17398,13 +18044,17 @@ If the application can not specify a password as temporary and force the user to
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222548r561251_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222548r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17416,11 +18066,11 @@ If the application can not specify a password as temporary and force the user to
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>If the application allows user A to change user B&#x27;s password,  user B can be locked out of the application, and user A is provided the ability to grant themselves access to the application as user B.  This violates application integrity and availability principles.
+          <ATTRIBUTE_DATA>If the application allows user A to change user B&apos;s password,  user B can be locked out of the application, and user A is provided the ability to grant themselves access to the application as user B.  This violates application integrity and availability principles.
 
 Many applications provide a password reset capability that allows the user to reset their password if they forget it.
 
-Protections must be utilized when establishing a password change or reset capability to prevent user A from changing user B&#x27;s password.
+Protections must be utilized when establishing a password change or reset capability to prevent user A from changing user B&apos;s password.
 
 Protection is usually accomplished by having each user provide an out of bounds (OOB) communication address such as a separate email address or SMS/text address (mobile phone) that can be used to transmit password reset/change information.
 
@@ -17436,19 +18086,19 @@ Applications must prevent users other than the administrator or the user associa
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Review the application documentation and interview application administrator.
 
-Determine if the application utilizes passwords.  If the application does not utilize passwords, the requirement is NA.
+Determine if the application utilizes passwords. If the application does not utilize passwords, the requirement is NA.
 
-Identify the processes, commands or web pages the application uses to allow application users to change their own passwords.  This includes but is not limited to password resets.
+Identify the processes, commands or web pages the application uses to allow application users to change their own passwords. This includes but is not limited to password resets.
 
 If the application does not allow users to change or reset their passwords, the requirement is NA.
 
-Obtain two application test accounts, referred to here as User A and User B.  Access the application as User A.  Utilize the application password reset or change processes and determine if User A is allowed to specify or otherwise force a password change for User B.
+Obtain two application test accounts, referred to here as User A and User B. Access the application as User A. Utilize the application password reset or change processes and determine if User A is allowed to specify or otherwise force a password change for User B.
 
-If User A is allowed to change or force a reset of User B&#x27;s password, this is a finding.</ATTRIBUTE_DATA>
+If User A is allowed to change or force a reset of User B&apos;s password, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Use a CAC to authenticate users instead of using passwords.  If application users are prohibited or prevented from obtaining a CAC due to DoD policy requirements and passwords are the only viable option, design the application to utilize a secure password change or password reset process.
+          <ATTRIBUTE_DATA>Use a CAC to authenticate users instead of using passwords. If application users are prohibited or prevented from obtaining a CAC due to DoD policy requirements and passwords are the only viable option, design the application to utilize a secure password change or password reset process.
 
 Utilize out of band (OOB) communication techniques to communicate password change requests to users.
 
@@ -17494,19 +18144,15 @@ Ensure users are only allowed to change their own passwords.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000184</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17519,13 +18165,17 @@ Ensure users are only allowed to change their own passwords.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000400</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222549r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222549r879773_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17537,11 +18187,11 @@ Ensure users are only allowed to change their own passwords.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The application must ensure that a user does not retain any rights that may have been granted or retain access to the application after the user&#x27;s authorization or role within the application has been deleted or modified.  This means once a user&#x27;s role/account within the application has been modified, deleted or disabled, the changes must be enforced immediately within the application.  Any privileges or access the user had prior to the change must not be retained.  For example; any application sessions that the user may have already established prior to the configuration change must be terminated when the user account changes occur.
+          <ATTRIBUTE_DATA>The application must ensure that a user does not retain any rights that may have been granted or retain access to the application after the user&apos;s authorization or role within the application has been deleted or modified.  This means once a user&apos;s role/account within the application has been modified, deleted or disabled, the changes must be enforced immediately within the application.  Any privileges or access the user had prior to the change must not be retained.  For example; any application sessions that the user may have already established prior to the configuration change must be terminated when the user account changes occur.
 
 Simply removing a user from a web application without terminating any existing application user sessions can introduce a scenario where the deleted user still has access to the application even though their account has been deleted from the authentication store. This can be attributed to browser caching and session management on the web server.
 
-To address this, the web application must provide a means for ensuring this type of &#x22;zombie&#x22; access does not occur. Applications must provide a user management feature or function that will terminate any existing user sessions at the same time or just before the user account is terminated from the authoritative authentication source.</ATTRIBUTE_DATA>
+To address this, the web application must provide a means for ensuring this type of &quot;zombie&quot; access does not occur. Applications must provide a user management feature or function that will terminate any existing user sessions at the same time or just before the user account is terminated from the authoritative authentication source.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -17603,7 +18253,7 @@ If the test user retains access after the test account has been deleted, this is
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17611,7 +18261,7 @@ If the test user retains access after the test account has been deleted, this is
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider. Low-latency session termination should be configured on the OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17624,13 +18274,17 @@ If the test user retains access after the test account has been deleted, this is
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000175</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222550r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222550r879612_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17662,7 +18316,7 @@ Review the method to determine if a certification path that includes status info
 
 Some applications may utilize underlying OS certificate validation and certificate path building capabilities while others may build the capability into the application itself.
 
-The certification path will include the intermediary certificate CAs along with a status of the CA server&#x27;s signing certificate and will end at the trusted root anchor.
+The certification path will include the intermediary certificate CAs along with a status of the CA server&apos;s signing certificate and will end at the trusted root anchor.
 
 If the application does not construct a certificate path to an accepted trust anchor, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -17708,7 +18362,7 @@ If the application does not construct a certificate path to an accepted trust an
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17716,7 +18370,7 @@ If the application does not construct a certificate path to an accepted trust an
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17729,13 +18383,17 @@ If the application does not construct a certificate path to an accepted trust an
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000176</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222551r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222551r879613_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17761,7 +18419,7 @@ Both the holders of a digital certificate and the issuing authority must protect
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator to identify where the application&#x27;s private key is stored.
+          <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator to identify where the application&apos;s private key is stored.
 
 If the application does not perform code signing or other cryptographic tasks requiring a private key, this requirement is not applicable.
 
@@ -17819,7 +18477,7 @@ If unauthorized access is granted to the private key(s), this is a finding.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17827,7 +18485,7 @@ If unauthorized access is granted to the private key(s), this is a finding.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17840,13 +18498,17 @@ If unauthorized access is granted to the private key(s), this is a finding.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000177</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222552r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222552r879614_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -17918,7 +18580,7 @@ If the application does not map the certificate data to an individual user or gr
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -17926,7 +18588,7 @@ If the application does not map the certificate data to an individual user or gr
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -17939,13 +18601,17 @@ If the application does not map the certificate data to an individual user or gr
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000401</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222553r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222553r879774_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18023,7 +18689,7 @@ If the application is not configured to implement a CRL, this is a finding.</ATT
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18031,7 +18697,7 @@ If the application is not configured to implement a CRL, this is a finding.</ATT
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18044,13 +18710,17 @@ If the application is not configured to implement a CRL, this is a finding.</ATT
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000178</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222554r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222554r879615_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18068,7 +18738,7 @@ Obfuscation of user-provided information when typed into the system is a method
 
 For example, displaying asterisks when a user types in a password is an example of obscuring feedback of authentication information.
 
-Another method is to display authentication feedback for a very limited time, usually in fractions of a second. This occurs during password character entry where the password characters are displayed for a very small window of time and then automatically obfuscated. This allows users with just enough time to confirm their password as they type it while limiting the ability of &#x22;shoulder surfers&#x22; to covertly witness the values.
+Another method is to display authentication feedback for a very limited time, usually in fractions of a second. This occurs during password character entry where the password characters are displayed for a very small window of time and then automatically obfuscated. This allows users with just enough time to confirm their password as they type it while limiting the ability of &quot;shoulder surfers&quot; to covertly witness the values.
 
 A common tactic employed to circumvent password obfuscation is to copy the obfuscated password and paste it to a text file.  Proper obfuscation techniques will not paste the clear text password.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -18132,7 +18802,7 @@ Design the application so obfuscated passwords cannot be copied and then pasted
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18140,7 +18810,7 @@ Design the application so obfuscated passwords cannot be copied and then pasted
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18151,7 +18821,11 @@ Design the application so obfuscated passwords cannot be copied and then pasted
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
@@ -18159,7 +18833,7 @@ Design the application so obfuscated passwords cannot be copied and then pasted
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222555r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222555r879616_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18175,7 +18849,7 @@ Design the application so obfuscated passwords cannot be copied and then pasted
 Based on the criticality of the application, system designers might choose to utilize a hardware based cryptographic module due to the protections and security benefits a hardware based solution provides over a software based solution. Due to various factors, including expense, hardware based encryption modules are usually relegated to only those applications where the system requirements specify it as a required protection. Examples include applications that handle extremely sensitive data or those used in life and death situations, e.g., weapons systems. 
 
 General purpose applications such as a web site will often opt to leverage an underlying software based encryption capability that is offered by the OS, database or application development framework.  Operating systems or database products often provide their own cryptographic modules that are FIPS 140-2 compliant and can meet the authentication to the crypto module requirement via their Role Based Access Controls (users and groups) built into the product.  
-In all cases, user&#x2019;s accessing the cryptographic module must be authenticated and granted the appropriate rights in order to access the encryption module.  Any encryption utilized by the access control mechanisms must be FIPS 140-2 compliant.</ATTRIBUTE_DATA>
+In all cases, user’s accessing the cryptographic module must be authenticated and granted the appropriate rights in order to access the encryption module.  Any encryption utilized by the access control mechanisms must be FIPS 140-2 compliant.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -18237,7 +18911,7 @@ If the cryptographic module that requires authentication is not on the FIPS-appr
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18245,7 +18919,7 @@ If the cryptographic module that requires authentication is not on the FIPS-appr
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18258,13 +18932,17 @@ If the cryptographic module that requires authentication is not on the FIPS-appr
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000180</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222556r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222556r879617_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18342,7 +19020,7 @@ If the application does not identify and authenticate non-organizational users a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18350,7 +19028,7 @@ If the application does not identify and authenticate non-organizational users a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18363,13 +19041,17 @@ If the application does not identify and authenticate non-organizational users a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000402</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222557r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222557r879775_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18445,7 +19127,7 @@ If the application is required to provide authenticated access to Federal agenci
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18453,7 +19135,7 @@ If the application is required to provide authenticated access to Federal agenci
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18466,13 +19148,17 @@ If the application is required to provide authenticated access to Federal agenci
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000403</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222558r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222558r879776_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18548,7 +19234,7 @@ If the application is required to provide authenticated access to Federal agenci
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18556,7 +19242,7 @@ If the application is required to provide authenticated access to Federal agenci
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18569,13 +19255,17 @@ If the application is required to provide authenticated access to Federal agenci
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000404</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222559r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222559r879777_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18590,7 +19280,7 @@ If the application is required to provide authenticated access to Federal agenci
           <ATTRIBUTE_DATA>FICAM establishes a federated identity framework for the Federal Government. FICAM provides Government-wide services for common Identity, Credential and Access Management (ICAM) requirements.  The FICAM Trust Framework Solutions (TFS) is the federated identity framework for the U.S. federal government.
  The TFS is a process by which Industry Trust Frameworks (The codification of requirements for credentials and their issuance, privacy and security requirements, as well as auditing qualifications and processes) are evaluated and assessed for potential use by the Government.  
 
-A Trust Framework that is comparable to federal standards is adopted through this process, which allows Federal Government Relying Parties (Federal Government web sites or RP&#x27;s) to trust Credential Service Providers a.k.a. Identity Providers that have been assessed under that particular trust framework.  This allows federal government relying parties to trust such credentials at their approved assurance levels. 
+A Trust Framework that is comparable to federal standards is adopted through this process, which allows Federal Government Relying Parties (Federal Government web sites or RP&apos;s) to trust Credential Service Providers a.k.a. Identity Providers that have been assessed under that particular trust framework.  This allows federal government relying parties to trust such credentials at their approved assurance levels. 
 
 This requirement only applies to applications that are intended to be accessible to non-federal government agencies and other partners through FICAM. 
 
@@ -18656,7 +19346,7 @@ If the application does not accept FICAM approved credentials when accepting thi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18664,7 +19354,7 @@ If the application does not accept FICAM approved credentials when accepting thi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Authentication services are provided by an external (OIDC) OpenID Connect Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18677,13 +19367,17 @@ If the application does not accept FICAM approved credentials when accepting thi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000405</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222560r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222560r879778_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18722,7 +19416,7 @@ This requirement applies to DoD service providers who are relying parties of ext
  
 Ask the application administrator to demonstrate how the application conforms to FICAM issued profiles such as SAML or OPENID.  
 
-If the application is designed to be a service provider utilizing an external identify provider and doesn&#x27;t conform to FICAM-issued profiles, this is a finding.</ATTRIBUTE_DATA>
+If the application is designed to be a service provider utilizing an external identify provider and doesn&apos;t conform to FICAM-issued profiles, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
@@ -18766,7 +19460,7 @@ If the application is designed to be a service provider utilizing an external id
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18774,7 +19468,7 @@ If the application is designed to be a service provider utilizing an external id
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The project conforms to OpenID Connect, a FICAM issued profile.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18787,13 +19481,17 @@ If the application is designed to be a service provider utilizing an external id
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000409</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222561r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222561r879782_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18811,7 +19509,7 @@ If events associated with non-local administrative access or diagnostic sessions
 
 This requirement addresses auditing-related issues associated with maintenance tools used specifically for diagnostic and repair actions on organizational information systems.
 
-This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &#x22;ping,&#x22; &#x22;ls,&#x22; &#x22;ipconfig,&#x22; or the hardware and software implementing the monitoring port of an Ethernet switch).</ATTRIBUTE_DATA>
+This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &quot;ping,&quot; &quot;ls,&quot; &quot;ipconfig,&quot; or the hardware and software implementing the monitoring port of an Ethernet switch).</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -18875,7 +19573,7 @@ If the application provides maintenance functions and capabilities and those fun
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18883,7 +19581,7 @@ If the application provides maintenance functions and capabilities and those fun
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not provide non-local maintenance and diagnostic capability.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -18896,13 +19594,17 @@ If the application provides maintenance functions and capabilities and those fun
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000411</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222562r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222562r879784_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -18918,7 +19620,7 @@ If the application provides maintenance functions and capabilities and those fun
 
 Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Local maintenance and diagnostic activities are those activities carried out by individuals physically present at the information system or information system component and not communicating across a network connection.
 
-This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &#x22;ping,&#x22; &#x22;ls,&#x22; &#x22;ipconfig,&#x22; or the hardware and software implementing the monitoring port of an Ethernet switch).
+This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &quot;ping,&quot; &quot;ls,&quot; &quot;ipconfig,&quot; or the hardware and software implementing the monitoring port of an Ethernet switch).
 
 The application can meet this requirement through leveraging a cryptographic module.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -18984,7 +19686,7 @@ If the application provides remote access to maintenance functions and capabilit
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -18992,7 +19694,7 @@ If the application provides remote access to maintenance functions and capabilit
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not provide non-local maintenance and diagnostic capability.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -19005,13 +19707,17 @@ If the application provides remote access to maintenance functions and capabilit
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000412</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222563r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222563r879785_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -19091,7 +19797,7 @@ If the application provides remote access to maintenance functions and capabilit
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19099,7 +19805,7 @@ If the application provides remote access to maintenance functions and capabilit
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not provide non-local maintenance and diagnostic capability.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -19112,13 +19818,17 @@ If the application provides remote access to maintenance functions and capabilit
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000413</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222564r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222564r879786_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -19154,13 +19864,13 @@ Identify the IP address of the source system used to originate testing traffic.
 
 Access the operating system of the application host and execute the relevant OS commands to identify active TCP/IP sessions on the application host.
 
-For example, the &#x22;netstat -a&#x22; command will provide a status of all TCP/IP connections on both Windows and UNIX systems.
+For example, the &quot;netstat -a&quot; command will provide a status of all TCP/IP connections on both Windows and UNIX systems.
 
 Netstat output can be redirected to a file or the grep command can be used on UNIX systems to identify the specific application processes and network connections.
 
-netstat -a |grep -i &#x22;application process name&#x22; &#x3E; filename
+netstat -a |grep -i &quot;application process name&quot; &gt; filename
 or
-netstat  -a |grep -i source IP address &#x3E; filename
+netstat  -a |grep -i source IP address &gt; filename
 
 Utilizing the application, access using the appropriate role needed to execute maintenance tasks.
 
@@ -19216,7 +19926,7 @@ If the application provides remote access to maintenance functions and capabilit
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19224,7 +19934,7 @@ If the application provides remote access to maintenance functions and capabilit
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not provide non-local maintenance and diagnostic capability.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -19237,13 +19947,17 @@ If the application provides remote access to maintenance functions and capabilit
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000185</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222565r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222565r879620_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -19261,7 +19975,7 @@ Non-local maintenance and diagnostic activities are those activities conducted b
 
 Typically, strong authentication requires authenticators that are resistant to replay attacks and employ multifactor authentication. Strong authenticators include, for example, PKI where certificates are stored on a token protected by a password, passphrase, or biometric.
 
-This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &#x22;ping,&#x22; &#x22;ls,&#x22; &#x22;ipconfig,&#x22; or the hardware and software implementing the monitoring port of an Ethernet switch).</ATTRIBUTE_DATA>
+This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &quot;ping,&quot; &quot;ls,&quot; &quot;ipconfig,&quot; or the hardware and software implementing the monitoring port of an Ethernet switch).</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -19329,7 +20043,7 @@ If a CAC is not used when remotely accessing the application for maintenance or
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19337,7 +20051,7 @@ If a CAC is not used when remotely accessing the application for maintenance or
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not provide non-local maintenance and diagnostic capability.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -19350,13 +20064,17 @@ If a CAC is not used when remotely accessing the application for maintenance or
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000186</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222566r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222566r879621_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -19372,7 +20090,7 @@ If a CAC is not used when remotely accessing the application for maintenance or
 
 Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. Local maintenance and diagnostic activities are those activities carried out by individuals physically present at the information system or information system component and not communicating across a network connection.
 
-This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &#x22;ping,&#x22; &#x22;ls,&#x22; &#x22;ipconfig,&#x22; or the hardware and software implementing the monitoring port of an Ethernet switch).</ATTRIBUTE_DATA>
+This requirement applies to hardware/software diagnostic test equipment or tools. This requirement does not cover hardware/software components that may support information system maintenance, yet are a part of the system (e.g., the software implementing &quot;ping,&quot; &quot;ls,&quot; &quot;ipconfig,&quot; or the hardware and software implementing the monitoring port of an Ethernet switch).</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -19440,7 +20158,7 @@ If the application does not deny access after each user session has exceeded the
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19448,7 +20166,7 @@ If the application does not deny access after each user session has exceeded the
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not provide non-local maintenance and diagnostic capability.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -19461,13 +20179,17 @@ If the application does not deny access after each user session has exceeded the
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222567r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222567r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -19553,7 +20275,7 @@ Validate that variable values do not change while a switch event is occurring.</
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19565,7 +20287,7 @@ Validate that variable values do not change while a switch event is occurring.</
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Code review by SonarCloud tests reveal no race conditions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -19578,13 +20300,17 @@ Validate that variable values do not change while a switch event is occurring.</
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000190</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222568r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222568r879622_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -19620,11 +20346,11 @@ Identify any documented exceptions to the requirement and review associated miti
 
 If the application provides a management interface for controlling or monitoring application network sessions, access that management interface.  Monitor application network activity.  
 
-If the application utilizes the underlying OS to control network connections, access the command prompt of the OS.  Run the OS command for observing network connections at the OS.  For Windows and Unix OS&#x27;s, use the &#x22;netstat&#x22; command.  Include command parameters that identify the application and/or process ID. netstat /? or -h provides the list of available parameters.
+If the application utilizes the underlying OS to control network connections, access the command prompt of the OS.  Run the OS command for observing network connections at the OS.  For Windows and Unix OS&apos;s, use the &quot;netstat&quot; command.  Include command parameters that identify the application and/or process ID. netstat /? or -h provides the list of available parameters.
 
 Observe network activity and associate application processes with network connections.  Repeat use of the command to identify changing network state.
 
-Determine if application session network connections are being terminated at the end of the session by observing the &#x22;state&#x22; column of the netstat command output with each iteration.
+Determine if application session network connections are being terminated at the end of the session by observing the &quot;state&quot; column of the netstat command output with each iteration.
 
 If the application does not terminate network connections when application sessions end, this is a finding.
 
@@ -19672,7 +20398,7 @@ If exceptions are documented with no mitigation this is a finding.</ATTRIBUTE_DA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19680,74 +20406,46 @@ If exceptions are documented with no mitigation this is a finding.</ATTRIBUTE_DA
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The application relies on the underlying OS to control the network connection aspect of the application which is perfectly acceptable.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
       <VULN>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>V-222569</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>V-222570</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SRG-APP-000416</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SRG-APP-000514</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222569r561293_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222570r879885_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>APSC-DV-002010</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>APSC-DV-002020</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The application must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>The application must utilize FIPS-validated cryptographic modules when signing application components.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect classified data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.
- 
-Advanced Encryption Standard (AES)
-Symmetric block cipher used for information protection
-FIPS Pub 197
-Use 256 bit keys to protect up to TOP SECRET
-
-Elliptic Curve Diffie-Hellman (ECDH) Key Exchange
-Asymmetric algorithm used for key establishment
-NIST SP 800-56A
-Use Curve P-384 to protect up to TOP SECRET.
-
-Elliptic Curve Digital Signature Algorithm (ECDSA)
-Asymmetric algorithm used for digital signatures
-FIPS Pub 186-4
-Use Curve P-384 to protect up to TOP SECRET.
-
-Secure Hash Algorithm (SHA)
-Algorithm used for computing a condensed representation of information
-FIPS Pub 180-4
-
-Use SHA-384 to protect up to TOP SECRET.
- 
-Diffie-Hellman (DH) Key Exchange
-Asymmetric algorithm used for key establishment
-IETF RFC 3526 
-Minimum 3072-bit modulus to protect up to TOP SECRET
+          <ATTRIBUTE_DATA>Applications that distribute components of the application must sign the components to provide an identity assurance to consumers of the application component. Components can include application messages or application code.
 
-RSA
-Asymmetric algorithm used for key establishment
-NIST SP 800-56B rev 1
-Minimum 3072-bit modulus to protect up to TOP SECRET
+Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to validate the author of application components. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance the modules have been tested and validated.
 
-RSA 
-Asymmetric algorithm used for digital signatures
-FIPS PUB 186-4
-Minimum 3072 bit-modulus to protect up to TOP SECRET.</ATTRIBUTE_DATA>
+If the application resides on a National Security System (NSS) it must not use algorithms weaker than SHA-384.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -19755,27 +20453,23 @@ Minimum 3072 bit-modulus to protect up to TOP SECRET.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review the application documentation, system security plan and interview the application administrator to determine if the application processes classified data.
+          <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator to identify the cryptographic modules used by the application.
 
-If the application does not process classified data, this requirement is not applicable.
+Review the application components and application requirements. Interview application developers and application admins to determine if code signing is performed on distributable application components, files or packages.  
 
-Identify the data classifications and the cryptographic protections established to protect the application data.
+For example, a developer may sign application code components or an admin may sign application files or packages in order to provide application consumers with integrity assurances.
 
-Verify the application is configured to utilize the appropriate encryption based upon data classification, cryptographic tasks that need to be performed (information protection, hashing, signing) and information protection requirements.
+If signing has been identified in the application security plan as not being required and if a documented acceptance of risk is provided, this is not a finding.
 
-NIST-certified cryptography must be used to store classified non-Sources and Methods Intelligence (SAMI) information if required by the information owner.
+Have the application admin or the developer demonstrate how the signing algorithms are used and how signing of components including files, code and packages is performed.
 
-NSA-validated type-1 encryption must be used for all SAMI data stored in the enclave.
+While SHA1 is currently FIPS-140-2 approved, due to known vulnerabilities with this algorithm, DoD PKI policy prohibits the use of SHA1 as of December 2016.  See DoD CIO Memo Subject: Revised Schedule to Update DoD Public Key Infrastructure Certificates to Secure Hash Algorithm-256. 
 
-If the application is not configured to utilize the NSA-approved cryptographic modules in accordance with data protection requirements specified in the security plan, this is a finding.</ATTRIBUTE_DATA>
+If the application signing process does not use FIPS validated cryptographic modules, or if the signing process includes SHA1 or MD5 hashing algorithms, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Configure application to encrypt stored classified information; Ensure encryption is performed using NIST FIPS 140-2-validated encryption.
-
-Encrypt stored, non-SAMI classified information using NIST FIPS 140-2-validated encryption.
-
-Implement NSA-validated type-1 encryption of all SAMI data stored in the enclave.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Utilize FIPS-validated algorithms when signing application components.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -19815,50 +20509,52 @@ Implement NSA-validated type-1 encryption of all SAMI data stored in the enclave
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>The project expects other layers to provide appropriate data protection via compliant cryptography. It supports interactions with the Data Storage layer via TLS. The project containers are read-only, stateless builds.</FINDING_DETAILS>
-        <COMMENTS/>
+        <STATUS>NotAFinding</STATUS>
+        <FINDING_DETAILS>Container images are signed via Docker Content Trust, which uses SHA256 digests.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
       <VULN>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>V-222570</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>V-222571</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000514</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222570r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222571r879885_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>APSC-DV-002020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>APSC-DV-002030</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The application must utilize FIPS-validated cryptographic modules when signing application components.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Applications that distribute components of the application must sign the components to provide an identity assurance to consumers of the application component. Components can include application messages or application code.
-
-Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to validate the author of application components. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance the modules have been tested and validated.
+          <ATTRIBUTE_DATA>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.
 
-If the application resides on a National Security System (NSS) it must not use algorithms weaker than SHA-384.</ATTRIBUTE_DATA>
+If the application resides on a National Security System (NSS) it must not use a hashing algorithm weaker than SHA-384.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -19866,23 +20562,23 @@ If the application resides on a National Security System (NSS) it must not use a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator to identify the cryptographic modules used by the application.
-
-Review the application components and application requirements. Interview application developers and application admins to determine if code signing is performed on distributable application components, files or packages.  
+          <ATTRIBUTE_DATA>Review the application components and the application requirements to determine if the application is capable of generating cryptographic hashes.
 
-For example, a developer may sign application code components or an admin may sign application files or packages in order to provide application consumers with integrity assurances.
+Review the application documentation and interview the application developer or administrator to identify the cryptographic modules used by the application.
 
-If signing has been identified in the application security plan as not being required and if a documented acceptance of risk is provided, this is not a finding.
+If hashing of application components has been identified in the application security plan as not being required and if a documented acceptance of risk is provided, this is not a finding.
 
-Have the application admin or the developer demonstrate how the signing algorithms are used and how signing of components including files, code and packages is performed.
+Have the application admin or the developer demonstrate how the application generates hashes and what hashing algorithms are used when generating a hash value.
 
 While SHA1 is currently FIPS-140-2 approved, due to known vulnerabilities with this algorithm, DoD PKI policy prohibits the use of SHA1 as of December 2016.  See DoD CIO Memo Subject: Revised Schedule to Update DoD Public Key Infrastructure Certificates to Secure Hash Algorithm-256. 
 
-If the application signing process does not use FIPS validated cryptographic modules, or if the signing process includes SHA1 or MD5 hashing algorithms, this is a finding.</ATTRIBUTE_DATA>
+If the application resides on a National Security System (NSS) and uses an algorithm weaker than SHA-384, this is a finding.
+
+If FIPS-validated cryptographic modules are not used when generating hashes or if the application is configured to use the MD5 or SHA1 hashing algorithm, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Utilize FIPS-validated algorithms when signing application components.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Configure the application to use a FIPS-validated hashing algorithm when creating a cryptographic hash.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -19922,7 +20618,7 @@ If the application signing process does not use FIPS validated cryptographic mod
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -19930,123 +20626,22 @@ If the application signing process does not use FIPS validated cryptographic mod
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Container images are signed via Docker Content Trust, which uses SHA256 digests.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
       <VULN>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>V-222571</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>V-222572</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
-          <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SRG-APP-000514</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222571r508029_rule</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>APSC-DV-002030</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes.</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.
-
-If the application resides on a National Security System (NSS) it must not use a hashing algorithm weaker than SHA-384.</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Review the application components and the application requirements to determine if the application is capable of generating cryptographic hashes.
-
-Review the application documentation and interview the application developer or administrator to identify the cryptographic modules used by the application.
-
-If hashing of application components has been identified in the application security plan as not being required and if a documented acceptance of risk is provided, this is not a finding.
-
-Have the application admin or the developer demonstrate how the application generates hashes and what hashing algorithms are used when generating a hash value.
-
-While SHA1 is currently FIPS-140-2 approved, due to known vulnerabilities with this algorithm, DoD PKI policy prohibits the use of SHA1 as of December 2016.  See DoD CIO Memo Subject: Revised Schedule to Update DoD Public Key Infrastructure Certificates to Secure Hash Algorithm-256. 
-
-If the application resides on a National Security System (NSS) and uses an algorithm weaker than SHA-384, this is a finding.
-
-If FIPS-validated cryptographic modules are not used when generating hashes or if the application is configured to use the MD5 or SHA1 hashing algorithm, this is a finding.</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Configure the application to use a FIPS-validated hashing algorithm when creating a cryptographic hash.</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA/>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>Container images are signed via Docker Content Trust, which uses SHA256 digests.</FINDING_DETAILS>
-        <COMMENTS/>
-        <SEVERITY_OVERRIDE/>
-        <SEVERITY_JUSTIFICATION/>
-      </VULN>
-      <VULN>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>V-222572</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
@@ -20054,7 +20649,7 @@ If FIPS-validated cryptographic modules are not used when generating hashes or i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222572r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222572r879885_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20126,7 +20721,7 @@ If the application is using cryptographic modules that are not FIPS-validated to
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20134,7 +20729,7 @@ If the application is using cryptographic modules that are not FIPS-validated to
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Conformant data protection techniques should be implemented by the Data Storage service, and/or by Ingress configuration of the Container Platform.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20147,13 +20742,17 @@ If the application is using cryptographic modules that are not FIPS-validated to
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000514</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222573r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222573r879885_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20229,7 +20828,7 @@ If the application is using cryptographic modules that are not FIPS-validated wh
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20237,7 +20836,7 @@ If the application is using cryptographic modules that are not FIPS-validated wh
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The project does not use SAML assertions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20250,13 +20849,17 @@ If the application is using cryptographic modules that are not FIPS-validated wh
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000211</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222574r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222574r879631_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20330,7 +20933,7 @@ If the application user interface and the application management interface are s
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20338,7 +20941,7 @@ If the application user interface and the application management interface are s
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Web application is logically separated from data storage layer.  Authorization for privileged access determined by the OIDC Provider, also logically separated. Web application offers no application configuration functionality in the application itself.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20351,13 +20954,17 @@ If the application user interface and the application management interface are s
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000219</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222575r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222575r879636_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20399,9 +21006,9 @@ Access the application website and establish an application session.
 
 Access the page that sets the session cookie.
 
-Press &#x201C;F12&#x201D; to open Developer Tools.
+Press “F12” to open Developer Tools.
 
-Select &#x22;cache&#x22; and then &#x22;view cookie information&#x22;.
+Select &quot;cache&quot; and then &quot;view cookie information&quot;.
 
 Identify the session cookies. An example of an HTTPOnly session cookie is as follows:
 
@@ -20451,7 +21058,7 @@ If the application does not set the HTTPOnly flag on session cookies or if the a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20459,7 +21066,7 @@ If the application does not set the HTTPOnly flag on session cookies or if the a
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20472,13 +21079,17 @@ If the application does not set the HTTPOnly flag on session cookies or if the a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000219</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222576r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222576r879636_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20515,11 +21126,11 @@ To manually perform the check, open a web browser, logon to the web application
 The procedures used for viewing and clearing browser cookies will vary based upon the web browser used.  Providing steps for every browser is outside the scope of the STIG.  There are numerous sites that document how to view cookies using various web browsers.
 
 For IE11:
-Alt-X &#x3E;&#x3E; Internet options &#x3E;&#x3E; General &#x3E;&#x3E; Settings &#x3E;&#x3E; View Files
+Alt-X &gt;&gt; Internet options &gt;&gt; General &gt;&gt; Settings &gt;&gt; View Files
 
 A windows explorer box will open that contains the contents of the Temporary Internet Files.  Browse the folder and locate the application session cookie(s).  View the contents of the cookie(s).
 
-If the &#x22;secure&#x22; flag is not set on the session cookie, or if the vulnerability scan results indicate the application does not set the secure flag on cookies, this is a finding.</ATTRIBUTE_DATA>
+If the &quot;secure&quot; flag is not set on the session cookie, or if the vulnerability scan results indicate the application does not set the secure flag on cookies, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
@@ -20563,7 +21174,7 @@ If the &#x22;secure&#x22; flag is not set on the session cookie, or if the vulne
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20571,7 +21182,7 @@ If the &#x22;secure&#x22; flag is not set on the session cookie, or if the vulne
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20584,13 +21195,17 @@ If the &#x22;secure&#x22; flag is not set on the session cookie, or if the vulne
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000219</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222577r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222577r879636_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20672,7 +21287,7 @@ If the session IDs are unencrypted across network segments, this is a finding.</
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20680,7 +21295,7 @@ If the session IDs are unencrypted across network segments, this is a finding.</
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20693,13 +21308,17 @@ If the session IDs are unencrypted across network segments, this is a finding.</
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000220</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222578r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222578r879637_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20713,7 +21332,7 @@ If the session IDs are unencrypted across network segments, this is a finding.</
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Many web development frameworks such as PHP, .NET, and ASP include their own mechanisms for session management. Whenever possible it is recommended to utilize the provided session management framework.
 
-Session cookies contain application session information that can be used to impersonate the web application user or hijack their application session. Once the user&#x27;s session has terminated, these session IDs must be destroyed and not reused.</ATTRIBUTE_DATA>
+Session cookies contain application session information that can be used to impersonate the web application user or hijack their application session. Once the user&apos;s session has terminated, these session IDs must be destroyed and not reused.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -20725,7 +21344,7 @@ Session cookies contain application session information that can be used to impe
 
 Identify how the application destroys session IDs.
 
-If using a web development framework, ask the application administrator to provide details on the framework&#x27;s session configuration.
+If using a web development framework, ask the application administrator to provide details on the framework&apos;s session configuration.
 
 Review framework configuration setting to determine how the session identifiers are destroyed.
 
@@ -20775,7 +21394,7 @@ If the session IDs and associated cookies are not destroyed on logoff or browser
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20783,7 +21402,7 @@ If the session IDs and associated cookies are not destroyed on logoff or browser
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20796,13 +21415,17 @@ If the session IDs and associated cookies are not destroyed on logoff or browser
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000223</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222579r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222579r879638_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20814,7 +21437,7 @@ If the session IDs and associated cookies are not destroyed on logoff or browser
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Session fixation allows an attacker to hijack a valid user&#x2019;s application session. The attack focuses on the manner in which a web application manages the user&#x2019;s session ID. Applications become vulnerable when they do not assign a new session ID when authenticating users thereby using the existing session ID.
+          <ATTRIBUTE_DATA>Session fixation allows an attacker to hijack a valid user’s application session. The attack focuses on the manner in which a web application manages the user’s session ID. Applications become vulnerable when they do not assign a new session ID when authenticating users thereby using the existing session ID.
 
 Many web development frameworks such as PHP, .NET, and ASP include their own mechanisms for session management. Whenever possible it is recommended to utilize the provided session management framework.
 
@@ -20882,7 +21505,7 @@ If the session testing results indicate application session IDs are re-used afte
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20890,7 +21513,7 @@ If the session testing results indicate application session IDs are re-used afte
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -20903,13 +21526,17 @@ If the session testing results indicate application session IDs are re-used afte
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000223</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222580r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222580r879638_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -20933,7 +21560,7 @@ If the session testing results indicate application session IDs are re-used afte
 
 Identify how the application validates session IDs.
 
-If using a web development framework, ask the application administrator to provide details on the framework&#x27;s session configuration as it relates to session validation.
+If using a web development framework, ask the application administrator to provide details on the framework&apos;s session configuration as it relates to session validation.
 
 If the application is not configured to validate user session identifiers, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -20979,7 +21606,7 @@ If the application is not configured to validate user session identifiers, this
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -20987,7 +21614,7 @@ If the application is not configured to validate user session identifiers, this
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21000,13 +21627,17 @@ If the application is not configured to validate user session identifiers, this
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000223</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222581r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222581r879638_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21034,7 +21665,7 @@ Using cookies to establish session ID information is desired.</ATTRIBUTE_DATA>
 
 Identify how the application generates session IDs.
 
-If using a web development framework, ask the application administrator to provide details on the framework&#x27;s session configuration.
+If using a web development framework, ask the application administrator to provide details on the framework&apos;s session configuration.
 
 Review the framework configuration setting to determine how the session identifiers are created.
 
@@ -21084,7 +21715,7 @@ If the framework or the application is configured to transmit cookies within the
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21092,7 +21723,7 @@ If the framework or the application is configured to transmit cookies within the
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21105,13 +21736,17 @@ If the framework or the application is configured to transmit cookies within the
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000223</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222582r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222582r879638_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21125,7 +21760,7 @@ If the framework or the application is configured to transmit cookies within the
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Many web development frameworks such as PHP, .NET, and ASP include their own mechanisms for session management. Whenever possible it is recommended to utilize the provided session management framework.
 
-Session identifiers are assigned to application users so they can be uniquely identified. This allows the user to customize their web application experience and also allows the developer to differentiate between users thereby providing the opportunity to customize the user&#x2019;s features and functions.
+Session identifiers are assigned to application users so they can be uniquely identified. This allows the user to customize their web application experience and also allows the developer to differentiate between users thereby providing the opportunity to customize the user’s features and functions.
 
 Once a user has logged out of the application or had their session terminated, their session IDs should not be re-used. Session IDs should also not be used for other purposes such as creating unique file names and they should also not be re-assigned to other users once the original user has logged out or otherwise quit the application.
 
@@ -21193,7 +21828,7 @@ If the session testing results indicate application session IDs are re-used afte
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21201,7 +21836,7 @@ If the session testing results indicate application session IDs are re-used afte
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application does not set session cookies. OIDC Provider must be configured appropriately.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21214,13 +21849,17 @@ If the session testing results indicate application session IDs are re-used afte
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000224</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222583r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222583r879639_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21300,7 +21939,7 @@ If the application does not use FIPS 140-2-approved encryption algorithms, this
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21308,7 +21947,7 @@ If the application does not use FIPS 140-2-approved encryption algorithms, this
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The web application expects OAuth2 tokens to be signed by the OIDC Provider using FIP-140-2 validated algorithms .</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21321,13 +21960,17 @@ If the application does not use FIPS 140-2-approved encryption algorithms, this
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000427</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222584r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222584r879798_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21357,15 +22000,15 @@ This requirement applies to applications that utilize communications sessions. T
 
 Internet Explorer can be used to view certificate information:
 
-Select &#x201C;Tools&#x201D;
-Select &#x201C;Internet Options&#x201D;
-Select &#x201C;Content&#x201D; tab
-Select &#x201C;Certificates&#x201D;
+Select “Tools”
+Select “Internet Options”
+Select “Content” tab
+Select “Certificates”
 Select the certificate used for authentication:
 
-Click &#x201C;View&#x201D;
-Select &#x201C;Details&#x201D; tab
-Select &#x201C;Issuer&#x201D;
+Click “View”
+Select “Details” tab
+Select “Issuer”
 
 If the application utilizes PKI certificates other than DoD-approved PKI and ECA certificates, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -21411,7 +22054,7 @@ If the application utilizes PKI certificates other than DoD-approved PKI and ECA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21419,7 +22062,7 @@ If the application utilizes PKI certificates other than DoD-approved PKI and ECA
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects DoD-approved CAs to be referenced by the OIDC Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21432,13 +22075,17 @@ If the application utilizes PKI certificates other than DoD-approved PKI and ECA
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000225</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222585r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222585r879640_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21532,7 +22179,7 @@ If the application fails in such a way that the application security controls ar
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21540,7 +22187,7 @@ If the application fails in such a way that the application security controls ar
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects fail-safe procedures to be implemented by the Container Platform (i.e, k8s).  The web application is provided as a stateless container that caches no data and will not respond with data to requests when components are inoperable or inaccessible.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21553,13 +22200,17 @@ If the application fails in such a way that the application security controls ar
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000226</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222586r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222586r879641_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21631,7 +22282,7 @@ If the application does not log the data required to determine root cause of app
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21639,7 +22290,7 @@ If the application does not log the data required to determine root cause of app
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects fail-safe procedures to be implemented by the Container Platform (i.e, k8s).  The web application is provided as a stateless container that caches no data and will not respond with data to requests when components are inoperable or inaccessible.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21652,13 +22303,17 @@ If the application does not log the data required to determine root cause of app
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000231</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222587r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222587r879642_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21742,7 +22397,7 @@ If the application processes classified data or if the data owner has specified
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21750,7 +22405,7 @@ If the application processes classified data or if the data owner has specified
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects conformant data storage procedures to be implemented by the Data Storage layer.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21763,13 +22418,17 @@ If the application processes classified data or if the data owner has specified
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000428</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222588r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222588r879799_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21781,7 +22440,7 @@ If the application processes classified data or if the data owner has specified
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Applications handling data requiring &#x22;data at rest&#x22; protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
+          <ATTRIBUTE_DATA>Applications handling data requiring &quot;data at rest&quot; protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
 
 Selection of a cryptographic mechanism is based on the need to protect the integrity of organizational information. The strength of the mechanism is commensurate with the security category and/or classification of the information. Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields).</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -21853,7 +22512,7 @@ Encrypt data according to DoD policy or data owner requirements.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21861,7 +22520,7 @@ Encrypt data according to DoD policy or data owner requirements.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects conformant data storage procedures to be implemented by the Data Storage layer.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21874,13 +22533,17 @@ Encrypt data according to DoD policy or data owner requirements.</ATTRIBUTE_DATA
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000429</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222589r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222589r879800_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -21892,7 +22555,7 @@ Encrypt data according to DoD policy or data owner requirements.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Applications handling data requiring &#x22;data at rest&#x22; protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
+          <ATTRIBUTE_DATA>Applications handling data requiring &quot;data at rest&quot; protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
 
 Selection of a cryptographic mechanism is based on the need to protect the confidentiality of organizational information. The strength of mechanism is commensurate with the security category and/or classification of the information. Organizations have the flexibility to either encrypt all information on storage devices (i.e., full disk encryption) or encrypt specific data structures (e.g., files, records, or fields).
 
@@ -21966,7 +22629,7 @@ Encrypt classified data using Type 1, Suite B, or other NSA-approved encryption
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -21974,7 +22637,7 @@ Encrypt classified data using Type 1, Suite B, or other NSA-approved encryption
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects conformant data storage procedures to be implemented by the Data Storage layer.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -21987,13 +22650,17 @@ Encrypt classified data using Type 1, Suite B, or other NSA-approved encryption
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000233</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222590r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222590r879643_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22069,7 +22736,7 @@ If the application does not protect security functions that enforce security pol
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22077,7 +22744,7 @@ If the application does not protect security functions that enforce security pol
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The project RBAC is described in the documentation.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22090,13 +22757,17 @@ If the application does not protect security functions that enforce security pol
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000431</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222591r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222591r879802_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22168,7 +22839,7 @@ If the application does not maintain a separate execution domain for each execut
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22176,7 +22847,7 @@ If the application does not maintain a separate execution domain for each execut
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The project should be deployed as an immutable, stateless container that runs in a single, isolated execution domain.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22189,13 +22860,17 @@ If the application does not maintain a separate execution domain for each execut
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000243</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222592r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222592r879649_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22269,7 +22944,7 @@ If the application does not prevent unauthorized and unintended information tran
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22277,7 +22952,7 @@ If the application does not prevent unauthorized and unintended information tran
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The project should be deployed as an immutable, stateless container that is isolated from other host processes (i.e, k8s)</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22290,13 +22965,17 @@ If the application does not prevent unauthorized and unintended information tran
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000435</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222593r561254_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222593r879806_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22388,15 +23067,15 @@ If the application administrator cannot demonstrate how these protections are im
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002385</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The project uses the library &#x27;fast-xml-parser&#x27; a maintained library whose development pipeline tests itself against XML based attacks.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The project uses the library &apos;fast-xml-parser&apos; a maintained library whose development pipeline tests itself against XML based attacks.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22409,13 +23088,17 @@ If the application administrator cannot demonstrate how these protections are im
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000246</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222594r561257_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222594r879650_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22499,7 +23182,7 @@ If the test results indicate the application is susceptible to DoS attacks or ca
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22507,7 +23190,7 @@ If the test results indicate the application is susceptible to DoS attacks or ca
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that resists DoS attacks.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22520,13 +23203,17 @@ If the test results indicate the application is susceptible to DoS attacks or ca
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000247</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222595r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222595r879651_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22610,7 +23297,7 @@ If the application has been designated as high availability but the architecture
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22618,7 +23305,7 @@ If the application has been designated as high availability but the architecture
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that provides high-availability services.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22631,13 +23318,17 @@ If the application has been designated as high availability but the architecture
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000439</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222596r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222596r879810_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22653,7 +23344,7 @@ If the application has been designated as high availability but the architecture
 
 This requirement applies  to those applications that transmit data, or allow access to data non-locally. Application and data owners have a responsibility for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process. 
 
-Application and data owners need to identify the data that requires cryptographic protection. If no data protection requirements are defined as to what specific data must be encrypted and what data is non-sensitive and doesn&#x27;t require encryption, all data must be encrypted.
+Application and data owners need to identify the data that requires cryptographic protection. If no data protection requirements are defined as to what specific data must be encrypted and what data is non-sensitive and doesn&apos;t require encryption, all data must be encrypted.
  
 When transmitting data, applications need to leverage transmission protection mechanisms, such as TLS, SSL VPNs, or IPSEC.
 
@@ -22721,7 +23412,7 @@ If the application does not utilize TLS, IPsec or other approved encryption mech
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22729,7 +23420,7 @@ If the application does not utilize TLS, IPsec or other approved encryption mech
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that protects the confidentiality and integrity of transmitted information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22742,13 +23433,17 @@ If the application does not utilize TLS, IPsec or other approved encryption mech
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000440</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222597r561260_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222597r879811_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22764,7 +23459,7 @@ If the application does not utilize TLS, IPsec or other approved encryption mech
 
 All transmitted information means that the protections are not restricted to just the data itself. Protection mechanisms must be extended to include data labels, security parameters, or metadata if data protection requirements specify.
 
-Modern web application data transfer methods can be complex and are not necessarily just point-to-point in nature. Service-Oriented Architecture (SOA) and RESTFUL web services allow for XML-based application data to be transmitted in a manner similar to network traffic wherein the application data is transmitted along multiple servers&#x27; hops.
+Modern web application data transfer methods can be complex and are not necessarily just point-to-point in nature. Service-Oriented Architecture (SOA) and RESTFUL web services allow for XML-based application data to be transmitted in a manner similar to network traffic wherein the application data is transmitted along multiple servers&apos; hops.
 
 In such cases, point-to-point protection methods like TLS or SSL may not be the best choice for ensuring data integrity and alternative data integrity protection methods like XML Integrity Signature protections where the XML payload itself is signed may be required as part of the application design.
 
@@ -22830,7 +23525,7 @@ If the application is not configured to provide cryptographic protections to app
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22838,7 +23533,7 @@ If the application is not configured to provide cryptographic protections to app
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that protects the confidentiality and integrity of transmitted information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22851,13 +23546,17 @@ If the application is not configured to provide cryptographic protections to app
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000441</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222598r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222598r879812_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22869,7 +23568,7 @@ If the application is not configured to provide cryptographic protections to app
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Data is subject to manipulation and other integrity related attacks whenever that data is transferred across a network. To protect data integrity during transmission, the application must implement mechanisms to ensure the integrity of all transmitted information. All transmitted information means that the protections are not restricted to just the data itself. Protection mechanisms must be extended to include data labels, security parameters or metadata if data protection requirements specify. Modern web application data transfer methods can be complex and are not necessarily just point-to-point in nature. Service-Oriented Architecture (SOA) and RESTFUL web services allow for XML-based application data to be transmitted in a manner similar to network traffic wherein the application data is transmitted along multiple servers&#x27; hops. In such cases, point-to-point protection methods like TLS or SSL may not be the best choice for ensuring data integrity and alternative data integrity protection methods like XML Integrity Signature protections where the XML payload itself is signed may be required as part of the application design. Overall application design and architecture must always be taken into account when establishing data integrity protection mechanisms. Custom-developed solutions that provide a file transfer capability should implement data integrity checks for incoming and outgoing files. Transmitted information requires mechanisms to ensure the data integrity (e.g., digital signatures, SSL, TLS, or cryptographic hashing).</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Data is subject to manipulation and other integrity related attacks whenever that data is transferred across a network. To protect data integrity during transmission, the application must implement mechanisms to ensure the integrity of all transmitted information. All transmitted information means that the protections are not restricted to just the data itself. Protection mechanisms must be extended to include data labels, security parameters or metadata if data protection requirements specify. Modern web application data transfer methods can be complex and are not necessarily just point-to-point in nature. Service-Oriented Architecture (SOA) and RESTFUL web services allow for XML-based application data to be transmitted in a manner similar to network traffic wherein the application data is transmitted along multiple servers&apos; hops. In such cases, point-to-point protection methods like TLS or SSL may not be the best choice for ensuring data integrity and alternative data integrity protection methods like XML Integrity Signature protections where the XML payload itself is signed may be required as part of the application design. Overall application design and architecture must always be taken into account when establishing data integrity protection mechanisms. Custom-developed solutions that provide a file transfer capability should implement data integrity checks for incoming and outgoing files. Transmitted information requires mechanisms to ensure the data integrity (e.g., digital signatures, SSL, TLS, or cryptographic hashing).</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -22931,7 +23630,7 @@ If the application does not utilize TLS to protect the confidentiality and integ
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -22939,7 +23638,7 @@ If the application does not utilize TLS to protect the confidentiality and integ
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that protects the confidentiality and integrity of transmitted information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -22952,13 +23651,17 @@ If the application does not utilize TLS to protect the confidentiality and integ
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000442</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222599r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222599r879813_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -22970,7 +23673,7 @@ If the application does not utilize TLS to protect the confidentiality and integ
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Data is subject to manipulation and other integrity related attacks whenever that data is transferred across a network. To protect data integrity during transmission, the application must implement mechanisms to ensure the integrity of all transmitted information. All transmitted information means that the protections are not restricted to just the data itself. Protection mechanisms must be extended to include data labels, security parameters or metadata if data protection requirements specify. Modern web application data transfer methods can be complex and are not necessarily just point-to-point in nature. Service-Oriented Architecture (SOA) and RESTFUL web services allow for XML-based application data to be transmitted in a manner similar to network traffic wherein the application data is transmitted along multiple servers&#x27; hops. In such cases, point-to-point protection methods like TLS or SSL may not be the best choice for ensuring data integrity and alternative data integrity protection methods like XML Integrity Signature protections where the XML payload itself is signed may be required as part of the application design. Overall application design and architecture must always be taken into account when establishing data integrity protection mechanisms. Custom-developed solutions that provide a file transfer capability should implement data integrity checks for incoming and outgoing files. Transmitted information requires mechanisms to ensure the data integrity (e.g., digital signatures, SSL, TLS, or cryptographic hashing).</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Data is subject to manipulation and other integrity related attacks whenever that data is transferred across a network. To protect data integrity during transmission, the application must implement mechanisms to ensure the integrity of all transmitted information. All transmitted information means that the protections are not restricted to just the data itself. Protection mechanisms must be extended to include data labels, security parameters or metadata if data protection requirements specify. Modern web application data transfer methods can be complex and are not necessarily just point-to-point in nature. Service-Oriented Architecture (SOA) and RESTFUL web services allow for XML-based application data to be transmitted in a manner similar to network traffic wherein the application data is transmitted along multiple servers&apos; hops. In such cases, point-to-point protection methods like TLS or SSL may not be the best choice for ensuring data integrity and alternative data integrity protection methods like XML Integrity Signature protections where the XML payload itself is signed may be required as part of the application design. Overall application design and architecture must always be taken into account when establishing data integrity protection mechanisms. Custom-developed solutions that provide a file transfer capability should implement data integrity checks for incoming and outgoing files. Transmitted information requires mechanisms to ensure the data integrity (e.g., digital signatures, SSL, TLS, or cryptographic hashing).</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -23032,7 +23735,7 @@ If the application does not utilize TLS to protect the confidentiality and integ
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23040,7 +23743,7 @@ If the application does not utilize TLS to protect the confidentiality and integ
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that protects the confidentiality and integrity of transmitted information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23053,13 +23756,17 @@ If the application does not utilize TLS to protect the confidentiality and integ
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000441</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222600r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222600r879812_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23137,7 +23844,7 @@ If the application displays any application technical data such as database vers
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23145,7 +23852,7 @@ If the application displays any application technical data such as database vers
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Error messages addressed by Issue #483</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23158,13 +23865,17 @@ If the application displays any application technical data such as database vers
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000441</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222601r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222601r879812_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23180,7 +23891,7 @@ If the application displays any application technical data such as database vers
 
 However, hidden fields are not secure and can be easily manipulated by users.  Information requiring confidentiality or integrity protections must not be placed in a hidden field.   If data that is sensitive must be stored in a hidden field, it must be encrypted.
 
-Furthermore, hidden fields used to control access decisions can lead to a complete compromise of access control mechanisms allowing immediate compromise of the user&#x27;s application session.</ATTRIBUTE_DATA>
+Furthermore, hidden fields used to control access decisions can lead to a complete compromise of access control mechanisms allowing immediate compromise of the user&apos;s application session.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -23240,7 +23951,7 @@ Encrypt sensitive information stored in hidden fields using DoD-approved encrypt
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23249,7 +23960,7 @@ Encrypt sensitive information stored in hidden fields using DoD-approved encrypt
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>No sensitive authentication or session data is stored in hidden fields. 
 SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23262,13 +23973,17 @@ SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222602r561263_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222602r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23282,11 +23997,11 @@ SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabi
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>XSS attacks are essentially code injection attacks against the various language interpreters contained within the browser. XSS can be executed via HTML, JavaScript, VBScript, ActiveX; essentially any scripting language a browser is capable of processing.
 
-XSS vulnerabilities are created when a website does not properly sanitize, escape, or encode user input. For example, &#x22;&#x26;lt;&#x22; is the HTML encoding for the &#x22;&#x3C;&#x22; character. If the encoding is performed, the script code will not execute.
+XSS vulnerabilities are created when a website does not properly sanitize, escape, or encode user input. For example, &quot;&lt;&quot; is the HTML encoding for the &quot;&lt;&quot; character. If the encoding is performed, the script code will not execute.
 
 There are 3 parties involved in an XSS attack, the attacker, the trusted and vulnerable website, and the victim. An attacker will take advantage of a vulnerable website that does not properly validate user input by inserting malicious code into any data entry field.
 
-When the victim visits the trusted website and clicks on the malicious link left by the attacker, the attacker&#x2019;s script is executed in the victims browser with the trust permissions assigned to the site.
+When the victim visits the trusted website and clicks on the malicious link left by the attacker, the attacker’s script is executed in the victims browser with the trust permissions assigned to the site.
 
 There are several different types of XSS attack and the complete details regarding XSS cannot be described completely here.
 
@@ -23305,7 +24020,7 @@ The site is available by pointing your browser to https://www.owasp.org.</ATTRIB
           <ATTRIBUTE_DATA>Review the application documentation and the vulnerability assessment scan results from automated vulnerability assessment tools.
 
 Verify scan configuration settings include web-based applications settings which include XSS tests.
- 
+
 Review scan results for XSS vulnerabilities.
 
 If the scan results indicate aspects of the application are vulnerable to XSS, request subsequent scan data that shows the XSS vulnerabilities previously detected have been fixed.
@@ -23318,8 +24033,8 @@ Navigate through the web application as a regular user and identify any data ent
 
 Input the following strings:
 
-&#x3C;script&#x3E;alert(&#x27;hello&#x27;)&#x3C;/script&#x3E;
-&#x3C;img src=x onerror=&#x22;alert(document.cookie);&#x22;
+&lt;script&gt;alert(&apos;hello&apos;)&lt;/script&gt;
+&lt;img src=x onerror=&quot;alert(document.cookie);&quot;
 
 If the script pop up box is displayed, or if scan reports show unremediated XSS results and no mitigating steps have been taken, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -23367,15 +24082,15 @@ Develop your application using a web template system or a web application develo
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001310</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>SonarCloud scans, OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23388,13 +24103,17 @@ Develop your application using a web template system or a web application develo
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222603r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222603r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23408,7 +24127,7 @@ Develop your application using a web template system or a web application develo
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Cross-Site Request Forgery (CSRF) is an attack where a website user is forced to execute an unwanted action on a website that he or she is currently authenticated to. An attacker, through social engineering (e.g., e-mail or chat) creates a hyperlink which executes unwanted actions on the website the victim is authenticated to and sends it to the victim. If the victim clicks on the link, the action is executed unbeknownst to the victim.
 
-A CSRF attack executes a website request on behalf of the user which can lead to a compromise of the user&#x2019;s data. What is needed to be successful is for the attacker to know the URL, an authenticated application user, and trick the user into clicking the malicious link.
+A CSRF attack executes a website request on behalf of the user which can lead to a compromise of the user’s data. What is needed to be successful is for the attacker to know the URL, an authenticated application user, and trick the user into clicking the malicious link.
 
 While XSS is not needed for a CSRF attack to work, XSS vulnerabilities can provide the attacker with a vector to obtain information from the user that may be used in mitigating the risk. The application must not be vulnerable to XSS as an XSS attack can be used to help defeat token, double-submit cookie, referrer and origin-based CSRF defenses.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -23476,7 +24195,7 @@ If application scan results show an unremediated CSRF vulnerability, or if no sc
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23484,7 +24203,7 @@ If application scan results show an unremediated CSRF vulnerability, or if no sc
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23497,13 +24216,17 @@ If application scan results show an unremediated CSRF vulnerability, or if no sc
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222604r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222604r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23527,13 +24250,13 @@ http://sitename/cgi-bin/userData.pl?doc=user1.txt
 Example URL modified: 
 http://sitename/cgi-bin/userData.pl?doc=/bin/ls|
 
-The result is the execution of the command &#x201C;/bin/ls&#x201D; which could allow the attacker to list contents of the directory via the browser.
+The result is the execution of the command “/bin/ls” which could allow the attacker to list contents of the directory via the browser.
 
 The following is a list of functions vulnerable to command injection sorted according to language.  
 
 Language Functions/Characters
 - C/C++  - system(), popen(), execlp(), execvp(), ShellExecute(), ShellExecuteEx(), _wsystem()
-- Perl - system, exec, &#x60;,open, |, eval, /e
+- Perl - system, exec, `,open, |, eval, /e
 - Python - exec, eval, os.system, os.popen, execfile, input, compile
 - Java - Class.forName(), Class.newInstance(), Runtime.exec()</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -23601,7 +24324,7 @@ If testing results are not provided demonstrating the vulnerability does not exi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23609,7 +24332,7 @@ If testing results are not provided demonstrating the vulnerability does not exi
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23622,13 +24345,17 @@ If testing results are not provided demonstrating the vulnerability does not exi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222605r561266_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222605r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23666,21 +24393,21 @@ Review web server and application configuration.
 
 The OWASP website provides the following test procedures:
 
-&#x22;Investigate the web application to determine if it asserts an internal code page, locale, or culture.
+&quot;Investigate the web application to determine if it asserts an internal code page, locale, or culture.
 
 If the default character set, locale is not asserted it will be one of the following:
 
-    HTTP Posts. Interesting tidbit: All HTTP posts are required to be ISO 8859-1, which will lose data for most double byte character sets. You must test your application with your supported browsers to determine if they pass in fully encoded double byte characters safely
+HTTP Posts. Interesting tidbit: All HTTP posts are required to be ISO 8859-1, which will lose data for most double byte character sets. You must test your application with your supported browsers to determine if they pass in fully encoded double byte characters safely
 
-    HTTP Gets. Depends on the previously rendered page and per-browser implementations, but URL encoding is not properly defined for double byte character sets. IE can be optionally forced to do all submits as UTF-8 which is then properly canonicalized on the server
+HTTP Gets. Depends on the previously rendered page and per-browser implementations, but URL encoding is not properly defined for double byte character sets. IE can be optionally forced to do all submits as UTF-8 which is then properly canonicalized on the server
 
-    .NET: Unicode (little endian)
+.NET: Unicode (little endian)
 
-    JSP implementations, such as Tomcat: UTF8 - see &#x201C;javaEncoding&#x201D; in web.xml by many servlet containers
+JSP implementations, such as Tomcat: UTF8 - see “javaEncoding” in web.xml by many servlet containers
 
-    Java: Unicode (UTF-16, big endian, or depends on the OS during JVM startup)
+Java: Unicode (UTF-16, big endian, or depends on the OS during JVM startup)
 
-    PHP: Set in php.ini, ISO 8859-1&#x201D;
+PHP: Set in php.ini, ISO 8859-1”
 
 If the results are not provided or the application representative cannot demonstrate that the application does not use Unicode encoding, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -23728,15 +24455,15 @@ Security checks should be carried out after decoding is completed. Moreover, it
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001310</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>SonarCloud scans, OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23749,13 +24476,17 @@ Security checks should be carried out after decoding is completed. Moreover, it
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222606r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222606r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23847,7 +24578,7 @@ If test results include input validation errors, or if no test results exist, th
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23855,7 +24586,7 @@ If test results include input validation errors, or if no test results exist, th
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>API input is validated against the OAS definition. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23868,13 +24599,17 @@ If test results include input validation errors, or if no test results exist, th
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222607r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222607r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -23968,7 +24703,7 @@ If the application is vulnerable to SQL injection attack, contains SQL injection
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -23976,7 +24711,7 @@ If the application is vulnerable to SQL injection attack, contains SQL injection
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>All SQL queries that process user input are parameterized. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -23989,13 +24724,17 @@ If the application is vulnerable to SQL injection attack, contains SQL injection
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000251</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222608r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222608r879652_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24085,7 +24824,7 @@ Patch the application components when vulnerabilities are discovered.</ATTRIBUTE
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24093,7 +24832,7 @@ Patch the application components when vulnerabilities are discovered.</ATTRIBUTE
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>SonarCloud scans are run regularly to identify XML vulnerabilities. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24106,13 +24845,17 @@ Patch the application components when vulnerabilities are discovered.</ATTRIBUTE
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000447</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222609r561269_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222609r879818_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24220,7 +24963,7 @@ Remediate identified vulnerabilities and obtain documented risk acceptance for t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24228,7 +24971,7 @@ Remediate identified vulnerabilities and obtain documented risk acceptance for t
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>All user input is validated on both the client and the server. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24241,13 +24984,17 @@ Remediate identified vulnerabilities and obtain documented risk acceptance for t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000266</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222610r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222610r879655_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24259,7 +25006,7 @@ Remediate identified vulnerabilities and obtain documented risk acceptance for t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization&#x27;s operational state or can identify application components. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+          <ATTRIBUTE_DATA>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization&apos;s operational state or can identify application components. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
 The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
 
@@ -24325,7 +25072,7 @@ Use generic error messages.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24333,7 +25080,7 @@ Use generic error messages.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Error messages addressed by Issue #483</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24346,13 +25093,17 @@ Use generic error messages.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000267</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222611r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222611r879656_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24364,7 +25115,7 @@ Use generic error messages.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization&#x27;s operational state or can identify application components. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+          <ATTRIBUTE_DATA>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization&apos;s operational state or can identify application components. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
 The structure and content of error messages must be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements.
 
@@ -24434,7 +25185,7 @@ Use generic error messages for non-privileged users.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24442,7 +25193,7 @@ Use generic error messages for non-privileged users.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Error messages addressed by Issue #483</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24455,13 +25206,17 @@ Use generic error messages for non-privileged users.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000450</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222612r561272_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222612r879821_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24495,7 +25250,7 @@ A code review, static code analysis or active vulnerability or fuzz testing are
 
 Interview the application admin and identify the most recent code testing and analysis that has been conducted.
 
-Review the test results; verify configuration of analysis tools are set to check for the existence of overflows.  This includes but is not limited to buffer overflows, stack overflows, heap overflows, integer overflows and format string overflows.
+Review the test results; verify configuration of analysis tools are set to check for the existence of overflows. This includes but is not limited to buffer overflows, stack overflows, heap overflows, integer overflows and format string overflows.
 
 If overflows are identified in the test results, verify the latest test results are being used, if not, ensure remediation has been completed.
 
@@ -24551,15 +25306,15 @@ Patch applications when overflows are identified in vendor products.</ATTRIBUTE_
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-002824</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>SonarCloud scans, OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24572,13 +25327,17 @@ Patch applications when overflows are identified in vendor products.</ATTRIBUTE_
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000454</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222613r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222613r879825_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24648,7 +25407,7 @@ If old versions of the application or components are still installed on the syst
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24656,7 +25415,7 @@ If old versions of the application or components are still installed on the syst
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Dependabot services provided by GitHub to identify vulnerable software components. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24669,13 +25428,17 @@ If old versions of the application or components are still installed on the syst
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000456</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222614r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222614r879827_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24693,7 +25456,7 @@ Organization-defined time periods for updating security-relevant software may va
 
 This requirement will apply to software patch management solutions that are used to install patches across the enclave and also to applications themselves that are not part of that patch management solution. For example, many browsers today provide the capability to install their own patch software. Patch criticality, as well as system criticality will vary. Therefore, the tactical situations regarding the patch management process will also vary. This means that the time period utilized must be a configurable parameter. Time frames for application of security-relevant software updates may be dependent upon the Information Assurance Vulnerability Management (IAVM) process.
 
-The application, or the patch management solution that is configured to patch the application, must be configured to check for and install security-relevant software updates and patches at least weekly. Patches must be applied immediately or in accordance with POA&#x26;Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources.</ATTRIBUTE_DATA>
+The application, or the patch management solution that is configured to patch the application, must be configured to check for and install security-relevant software updates and patches at least weekly. Patches must be applied immediately or in accordance with POA&amp;Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -24707,11 +25470,11 @@ Interview the application administrator and inquire about patching process.
 
 Review IAVMs and CTOs to determine if the application is being updated in accordance with authoritative sources.
 
-If application updates are not checked on at least on a weekly basis and applied immediately or in accordance with POA&#x26;Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources, this is a finding.</ATTRIBUTE_DATA>
+If application updates are not checked on at least on a weekly basis and applied immediately or in accordance with POA&amp;Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Check for application updates at least weekly and apply patches immediately or in accordance with POA&#x26;Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Check for application updates at least weekly and apply patches immediately or in accordance with POA&amp;Ms, IAVMs, CTOs, DTMs or other authoritative patching guidelines or sources.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -24751,7 +25514,7 @@ If application updates are not checked on at least on a weekly basis and applied
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24759,7 +25522,7 @@ If application updates are not checked on at least on a weekly basis and applied
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Dependabot services provided by GitHub to identify vulnerable software components. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Advisories page on GitHub for any known vulnerabilities.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24772,13 +25535,17 @@ If application updates are not checked on at least on a weekly basis and applied
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000472</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222615r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222615r879843_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24854,7 +25621,7 @@ If the application is designed to perform security function testing and does not
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24862,7 +25629,7 @@ If the application is designed to perform security function testing and does not
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The application is not designed or intended to perform security function testing.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24875,13 +25642,17 @@ If the application is designed to perform security function testing and does not
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000473</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222616r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222616r879844_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -24959,7 +25730,7 @@ If the application is designed to perform security function testing and does not
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -24967,7 +25738,7 @@ If the application is designed to perform security function testing and does not
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The application is not designed or intended to perform security function testing.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -24980,13 +25751,17 @@ If the application is designed to perform security function testing and does not
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000275</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222617r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222617r879661_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25068,7 +25843,7 @@ If the application is designed to perform security function testing and does not
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -25076,7 +25851,7 @@ If the application is designed to perform security function testing and does not
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>The application is not designed or intended to perform security function testing.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25089,13 +25864,17 @@ If the application is designed to perform security function testing and does not
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000206</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222618r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222618r879627_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25127,13 +25906,13 @@ When JavaScript and VBScript execute within the browser they are Category 3, how
 
 If the application does not contain mobile code, or if the mobile code executes within the client browser, this is not applicable.
 
-The URL of the application must be added to the Trusted Sites zone. This is accomplished via the Tools, Internet Options, and &#x201C;Security&#x201D; Tab.
+The URL of the application must be added to the Trusted Sites zone. This is accomplished via the Tools, Internet Options, and “Security” Tab.
 
-Select the &#x201C;Trusted Sites&#x201D; zone.
-Click the &#x201C;sites&#x201D; button.
-Enter the URL into the text box below the &#x201C;Add this site to this zone&#x201D; message.
-Click &#x22;Add&#x201D;.
-Click &#x201C;OK&#x201D;.
+Select the “Trusted Sites” zone.
+Click the “sites” button.
+Enter the URL into the text box below the “Add this site to this zone” message.
+Click &quot;Add”.
+Click “OK”.
 
 Note: This requires administrator privileges to add URL to sites on a STIG compliant workstation.
 
@@ -25185,7 +25964,7 @@ If the code has not been signed or the application warns that a control cannot b
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -25193,7 +25972,7 @@ If the code has not been signed or the application warns that a control cannot b
         </STIG_DATA>
         <STATUS>Not_Applicable</STATUS>
         <FINDING_DETAILS>No Category 1A present in the application. The SPA mobile code executes within the client browser.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25206,13 +25985,17 @@ If the code has not been signed or the application warns that a control cannot b
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222619r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222619r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25280,11 +26063,7 @@ If a documented account management process does not exist or unauthorized users
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -25292,7 +26071,7 @@ If a documented account management process does not exist or unauthorized users
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Account management services are provided by the external OpenID Connect (OIDC) Provider.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25305,13 +26084,17 @@ If a documented account management process does not exist or unauthorized users
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222620r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222620r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25412,11 +26195,7 @@ If the application is tiered and the network infrastructure hosting the applicat
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -25424,7 +26203,7 @@ If the application is tiered and the network infrastructure hosting the applicat
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Determined by deployment configuration.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25437,13 +26216,17 @@ If the application is tiered and the network infrastructure hosting the applicat
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222621r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222621r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25509,19 +26292,15 @@ If audit logs have not been retained for one year or five years for SAMI data, t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000167</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25534,13 +26313,17 @@ If audit logs have not been retained for one year or five years for SAMI data, t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222622r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222622r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25608,19 +26391,15 @@ Maintain a log or records of dates and times audit logs are reviewed.</ATTRIBUTE
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001872</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Dependent on organizational compliance.  Application log entries are written to the container&#x27;s STDOUT, to be captured by the deployment&#x27;s preferred and compliant logging solution.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Dependent on organizational compliance.  Application log entries are written to the container&apos;s STDOUT, to be captured by the deployment&apos;s preferred and compliant logging solution.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25633,13 +26412,17 @@ Maintain a log or records of dates and times audit logs are reviewed.</ATTRIBUTE
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222623r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222623r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25705,19 +26488,15 @@ If there is no policy for reporting IA violations, this is a finding.</ATTRIBUTE
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000149</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25730,13 +26509,17 @@ If there is no policy for reporting IA violations, this is a finding.</ATTRIBUTE
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222624r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222624r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25748,7 +26531,7 @@ If there is no policy for reporting IA violations, this is a finding.</ATTRIBUTE
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Use of automated scanning tools accompanied with manual testing/validation which confirms or expands on the automated test results is an accepted best practice when performing application security testing. Automated scanning tools expedite and help to standardize security testing, they can incorporate known attack methods and procedures, test for libraries and other software modules known to be vulnerable to attack and utilize a test method known as &#x22;fuzz testing&#x22;. Fuzz testing is a testing process where the application is provided invalid, unexpected, or random data. Poorly designed and coded applications will become unstable or crash. Properly designed and coded applications will reject improper and unexpected data input from application clients and remain stable.
+          <ATTRIBUTE_DATA>Use of automated scanning tools accompanied with manual testing/validation which confirms or expands on the automated test results is an accepted best practice when performing application security testing. Automated scanning tools expedite and help to standardize security testing, they can incorporate known attack methods and procedures, test for libraries and other software modules known to be vulnerable to attack and utilize a test method known as &quot;fuzz testing&quot;. Fuzz testing is a testing process where the application is provided invalid, unexpected, or random data. Poorly designed and coded applications will become unstable or crash. Properly designed and coded applications will reject improper and unexpected data input from application clients and remain stable.
 
 Many vulnerability scanning tools provide automated fuzz testing capabilities for the testing of web applications. All of these tools help to identify a wide range of application vulnerabilities including, but not limited to; buffer overflows, cross-site scripting flaws, denial of service format bugs and SQL injection, all of which can lead to a successful compromise of the system or result in a denial of service.
 
@@ -25830,19 +26613,15 @@ Address discovered vulnerabilities.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000256</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25855,13 +26634,17 @@ Address discovered vulnerabilities.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222625r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222625r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -25943,7 +26726,7 @@ If deadlock issues are not being addressed via documented web service configurat
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -25955,7 +26738,7 @@ If deadlock issues are not being addressed via documented web service configurat
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>By design, the application web service is not subject to deadlocking as it does not call the client.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -25968,13 +26751,17 @@ If deadlock issues are not being addressed via documented web service configurat
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222626r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222626r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26048,19 +26835,15 @@ If the application user data is located in the same directory as the application
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000345</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application is provided as a stateless container.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26073,13 +26856,17 @@ If the application user data is located in the same directory as the application
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222627r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222627r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26160,19 +26947,15 @@ or vendor literature and lock down guides, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000363</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.  Deployment and security guidance available in project documentation.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26185,13 +26968,17 @@ or vendor literature and lock down guides, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222628r561275_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222628r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26277,11 +27064,7 @@ Verify that all ports, protocols, and services are used in accordance with the D
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -26289,7 +27072,7 @@ Verify that all ports, protocols, and services are used in accordance with the D
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26303,12 +27086,16 @@ Verify that all ports, protocols, and services are used in accordance with the D
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
-          <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222629r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222629r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26374,11 +27161,7 @@ If the application requires registration, and is not registered or all ports use
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -26386,7 +27169,7 @@ If the application requires registration, and is not registered or all ports use
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26399,13 +27182,17 @@ If the application requires registration, and is not registered or all ports use
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222630r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222630r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26483,11 +27270,7 @@ If CM repository is not at the latest security patch level and is not operating
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -26495,7 +27278,7 @@ If CM repository is not at the latest security patch level and is not operating
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Configuration management dependent on organizational compliance and processes.  Application code hosted on GitHub according to Code.mil guidance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26508,13 +27291,17 @@ If CM repository is not at the latest security patch level and is not operating
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222631r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222631r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26596,19 +27383,15 @@ If CM access privileges have not been reviewed within the last three months, thi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-001795</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>Configuration management dependent on organizational compliance and processes.  Application code hosted on GitHub according to Code.mil guidance. Codebase access restricted to repository administrators, which are publicly listed on the project&#x27;s GitHub site.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>Configuration management dependent on organizational compliance and processes.  Application code hosted on GitHub according to Code.mil guidance. Codebase access restricted to repository administrators, which are publicly listed on the project&apos;s GitHub site.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26621,13 +27404,17 @@ If CM access privileges have not been reviewed within the last three months, thi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222632r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222632r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26838,11 +27625,7 @@ If the CMR does not audit for modifications, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -26850,7 +27633,7 @@ If the CMR does not audit for modifications, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Configuration management dependent on organizational compliance and processes.  All project artifacts are publicly available on the GitHub site, in accordance with Code.mil guidance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26863,13 +27646,17 @@ If the CMR does not audit for modifications, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222633r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222633r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -26881,7 +27668,7 @@ If the CMR does not audit for modifications, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Software Configuration Management (SCM) is very important in tracking code releases, baselines, and managing access to the configuration management repository. An SCM plan or charter identifies what should be under configuration management control. Without an SCM plan and a CCB, application releases can&#x27;t be tracked and vulnerabilities can be inserted intentionally or unintentionally into the code base of the application.
+          <ATTRIBUTE_DATA>Software Configuration Management (SCM) is very important in tracking code releases, baselines, and managing access to the configuration management repository. An SCM plan or charter identifies what should be under configuration management control. Without an SCM plan and a CCB, application releases can&apos;t be tracked and vulnerabilities can be inserted intentionally or unintentionally into the code base of the application.
 
 This requirement is intended to be applied to application developers or organizations responsible for code management or who have and operate an application CM repository.</ATTRIBUTE_DATA>
         </STIG_DATA>
@@ -26949,11 +27736,7 @@ If there is no evidence of CCB activity or meetings prior to the last release cy
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -26961,7 +27744,7 @@ If there is no evidence of CCB activity or meetings prior to the last release cy
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Configuration management dependent on organizational compliance and processes.  All project artifacts are publicly available on the GitHub site, in accordance with Code.mil guidance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -26974,13 +27757,17 @@ If there is no evidence of CCB activity or meetings prior to the last release cy
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000387</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222634r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222634r879760_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27048,7 +27835,7 @@ If the application environment is not compliant with all DoD IPv6 Standards Prof
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27056,7 +27843,7 @@ If the application environment is not compliant with all DoD IPv6 Standards Prof
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on specific deployment. Web application is a Node.js application that includes support for IPv6.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27069,13 +27856,17 @@ If the application environment is not compliant with all DoD IPv6 Standards Prof
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222635r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222635r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27145,11 +27936,7 @@ If a mission critical application is deployed onto the same server as non-missio
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27157,7 +27944,7 @@ If a mission critical application is deployed onto the same server as non-missio
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27170,13 +27957,17 @@ If a mission critical application is deployed onto the same server as non-missio
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222636r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222636r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27248,11 +28039,7 @@ If the disaster recovery/continuity plan does not exist or does not meet the sev
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27260,7 +28047,7 @@ If the disaster recovery/continuity plan does not exist or does not meet the sev
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27273,13 +28060,17 @@ If the disaster recovery/continuity plan does not exist or does not meet the sev
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222637r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222637r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27293,7 +28084,7 @@ If the disaster recovery/continuity plan does not exist or does not meet the sev
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Without a disaster recovery plan, the application is susceptible to interruption in service due to damage within the processing site.
 
-If the application is part of the site&#x2019;s disaster recovery plan, ensure that the plan contains detailed instructions pertaining to the application. Verify that recovery procedures indicate the steps needed for secure and trusted recovery.</ATTRIBUTE_DATA>
+If the application is part of the site’s disaster recovery plan, ensure that the plan contains detailed instructions pertaining to the application. Verify that recovery procedures indicate the steps needed for secure and trusted recovery.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -27307,7 +28098,7 @@ Verify that a disaster recovery plan is in place for the application.
 
 Verify that the recovery procedures include any special considerations for trusted recovery.
 
-If the application is not part of the site&#x2019;s disaster recovery plan, or if any special considerations for trusted recovery are not documented, this is a finding.</ATTRIBUTE_DATA>
+If the application is not part of the site’s disaster recovery plan, or if any special considerations for trusted recovery are not documented, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
@@ -27351,11 +28142,7 @@ If the application is not part of the site&#x2019;s disaster recovery plan, or i
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27363,7 +28150,7 @@ If the application is not part of the site&#x2019;s disaster recovery plan, or i
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27376,13 +28163,17 @@ If the application is not part of the site&#x2019;s disaster recovery plan, or i
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222638r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222638r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27476,11 +28267,7 @@ If any of the requirements above for the associated risk level of the applicatio
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27488,7 +28275,7 @@ If any of the requirements above for the associated risk level of the applicatio
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27501,13 +28288,17 @@ If any of the requirements above for the associated risk level of the applicatio
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222639r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222639r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27583,11 +28374,7 @@ If back-up copies of the application software or source code are not stored in a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27595,7 +28382,7 @@ If back-up copies of the application software or source code are not stored in a
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application codebase is stored in a GitHub repository (offsite).</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27608,13 +28395,17 @@ If back-up copies of the application software or source code are not stored in a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222640r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222640r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27626,7 +28417,7 @@ If back-up copies of the application software or source code are not stored in a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Protection of backup and restoration assets is essential for the successful restore of operations after a catastrophic failure or damage to the system or data files. Failure to follow proper procedures may result in the permanent loss of system data and/or the loss of system capability resulting in failure of the customer&#x2019;s mission.</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Protection of backup and restoration assets is essential for the successful restore of operations after a catastrophic failure or damage to the system or data files. Failure to follow proper procedures may result in the permanent loss of system data and/or the loss of system capability resulting in failure of the customer’s mission.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
@@ -27682,11 +28473,7 @@ If backup and restoration devices are not included in the recovery procedures, t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27694,7 +28481,7 @@ If backup and restoration devices are not included in the recovery procedures, t
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27707,13 +28494,17 @@ If backup and restoration devices are not included in the recovery procedures, t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222641r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222641r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27783,19 +28574,15 @@ If the application does not implement encryption for key exchange, this is a fin
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000201</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
-        </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects other layers to provide appropriate data protection via compliant cryptography.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27808,13 +28595,17 @@ If the application does not implement encryption for key exchange, this is a fin
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222642r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222642r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27886,7 +28677,7 @@ The finding details should note specifically where the offending credentials or
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -27894,7 +28685,7 @@ The finding details should note specifically where the offending credentials or
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>No passwords, certificates, or sensitive data are included in the source code.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -27907,13 +28698,17 @@ The finding details should note specifically where the offending credentials or
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222643r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222643r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -27935,11 +28730,11 @@ The finding details should note specifically where the offending credentials or
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>Review the application documentation and interview the application administrator.
 
-Ask the application representative for the application&#x2019;s classification guide. This guide should document the data elements and their classification.
+Ask the application representative for the application’s classification guide. This guide should document the data elements and their classification.
 
 Determine which application functions to examine, giving preference to report generation capabilities and the most common user transactions that involve sensitive data (FOUO, secret or above).
 
-Log on to the application and perform these in sequence, printing output when applicable. The application representative&#x2019;s assistance may be required to perform these steps. For each function, note whether the appropriate markings appear on the displayed and printed output. If a classification document does not exist, data must be marked at the highest classification of the system.
+Log on to the application and perform these in sequence, printing output when applicable. The application representative’s assistance may be required to perform these steps. For each function, note whether the appropriate markings appear on the displayed and printed output. If a classification document does not exist, data must be marked at the highest classification of the system.
 
 Appropriate markings for an application are as follows: For classified data, markings are required at a minimum at the top and the bottom of screens and reports.
 
@@ -27953,7 +28748,7 @@ If it is not technically feasible to meet the minimum marking requirement and no
 
 In any case of a finding, the finding details should specify which functions failed to produce the desired results.
 
-After completing the test, destroy all printed output using the site&#x2019;s preferred method for disposal. For example: utilizing a shredder or disposal in burn bags.</ATTRIBUTE_DATA>
+After completing the test, destroy all printed output using the site’s preferred method for disposal. For example: utilizing a shredder or disposal in burn bags.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
@@ -27997,11 +28792,7 @@ After completing the test, destroy all printed output using the site&#x2019;s pr
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28009,7 +28800,7 @@ After completing the test, destroy all printed output using the site&#x2019;s pr
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The application interface indicates its configured classification, and all exports are marked with the configured classification.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28022,13 +28813,17 @@ After completing the test, destroy all printed output using the site&#x2019;s pr
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222644r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222644r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28098,11 +28893,7 @@ If test plans, procedures, and results do not exist, or are not updated for each
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28110,7 +28901,7 @@ If test plans, procedures, and results do not exist, or are not updated for each
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Github workflows test functionality and access controls before release.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28123,13 +28914,17 @@ If test plans, procedures, and results do not exist, or are not updated for each
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222645r561278_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222645r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28155,19 +28950,19 @@ Prior to release of the application receiving an ATO/IATO for deployment into a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Ask the application representative to demonstrate their cryptographic hash validation process or provide process documentation. The validation process will vary based upon the operating system used as there are numerous clients available that will display a file&#x27;s cryptographic hash for validation purposes.
+          <ATTRIBUTE_DATA>Ask the application representative to demonstrate their cryptographic hash validation process or provide process documentation. The validation process will vary based upon the operating system used as there are numerous clients available that will display a file&apos;s cryptographic hash for validation purposes.
 
-Linux operating systems include the &#x22;sha256sum&#x22; utility. For Linux systems using sha256sum command syntax is:  sha256sum [OPTION]... [FILE]...
+Linux operating systems include the &quot;sha256sum&quot; utility. For Linux systems using sha256sum command syntax is: sha256sum [OPTION]... [FILE]...
 
-Recent Windows PowerShell versions include the &#x22;get-filehash&#x22; PowerShell cmdlet. The default algorithm value used is SHA256.
+Recent Windows PowerShell versions include the &quot;get-filehash&quot; PowerShell cmdlet. The default algorithm value used is SHA256.
 
 Syntax is: 
 Get-FileHash
-   [-Path] &#x3C;String[]&#x3E;
-   [-Algorithm &#x3C;String&#x3E;]
-   [&#x3C;CommonParameters&#x3E;] 
+[-Path] &lt;String[]&gt;
+[-Algorithm &lt;String&gt;]
+[&lt;CommonParameters&gt;] 
 
-A validation process involves obtaining the application files&#x2019; cryptographic hash value from the programs author or other authoritative source such as the application&#x27;s website. A utility like the &#x22;sha256sum&#x22; utility is then run using the downloaded application file name as the argument. The output is the files&#x27; hash value. The two hash values are compared and if they match, then file integrity is ensured.
+A validation process involves obtaining the application files’ cryptographic hash value from the programs author or other authoritative source such as the application&apos;s website. A utility like the &quot;sha256sum&quot; utility is then run using the downloaded application file name as the argument. The output is the files&apos; hash value. The two hash values are compared and if they match, then file integrity is ensured.
 
 If the application being reviewed is a COTS product and the vendor used a SHA1 or MD5 algorithm to generate a hash value, this is not a finding.
 
@@ -28219,19 +29014,15 @@ Application Admins validate cryptographic hashes prior to deploying the applicat
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-000698</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>The application is offered as containerized API/Web Client builds that are signed using Docker Content Trust.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>The application is offered as containerized API/Web Client builds that are signed using Docker Content Trust. Signed containers are also available on Iron Bank.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28244,13 +29035,17 @@ Application Admins validate cryptographic hashes prior to deploying the applicat
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222646r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222646r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28322,11 +29117,7 @@ If the organization has not designated personnel to conduct security testing, th
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28334,7 +29125,7 @@ If the organization has not designated personnel to conduct security testing, th
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Automated feature and access control tests are run against every commit to the release branch. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Policy for more information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28347,13 +29138,17 @@ If the organization has not designated personnel to conduct security testing, th
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222647r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222647r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28425,11 +29220,7 @@ If annual testing procedures do not exist, or if administrators are unable to pr
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28437,7 +29228,7 @@ If annual testing procedures do not exist, or if administrators are unable to pr
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28450,13 +29241,17 @@ If annual testing procedures do not exist, or if administrators are unable to pr
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222648r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222648r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28562,11 +29357,7 @@ If the organization does not conduct code reviews on the application that attemp
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28574,7 +29365,7 @@ If the organization does not conduct code reviews on the application that attemp
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>SonarCloud scans, including OWASP tests and code reviews, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Policy for more information.  Application source code is publicly available, and may be scanned at any time by any organization.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28587,13 +29378,17 @@ If the organization does not conduct code reviews on the application that attemp
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222649r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222649r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28673,11 +29468,7 @@ If these code coverage statistics do not exist, this is a finding.</ATTRIBUTE_DA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28685,7 +29476,7 @@ If these code coverage statistics do not exist, this is a finding.</ATTRIBUTE_DA
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Code coverage assessed for development using Node.js c8 and newman tests. Reports available upon request.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28698,13 +29489,17 @@ If these code coverage statistics do not exist, this is a finding.</ATTRIBUTE_DA
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222650r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222650r918120_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28776,19 +29571,15 @@ If there is no configuration management repository or the code review flaws are
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-003197</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>CCI-003161</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>All known code defects are tracked as Issues on the project&#x27;s GitHub site, or developer&#x27;s SonarCloud management page.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>All known code defects are tracked as Issues on the project&apos;s GitHub site, or developer&apos;s SonarCloud management page.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28801,13 +29592,17 @@ If there is no configuration management repository or the code review flaws are
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222651r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222651r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28877,11 +29672,7 @@ If IA impact analysis is not performed, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28889,7 +29680,7 @@ If IA impact analysis is not performed, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -28902,13 +29693,17 @@ If IA impact analysis is not performed, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222652r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222652r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -28982,11 +29777,7 @@ If security flaws are not addressed in the project plan or there is no process t
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -28994,7 +29785,7 @@ If security flaws are not addressed in the project plan or there is no process t
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Policy page on GitHub for more info.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29007,13 +29798,17 @@ If security flaws are not addressed in the project plan or there is no process t
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222653r561281_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222653r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29052,15 +29847,15 @@ Introducing coding standards can help increase the consistency, reliability, and
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>This requirement is meant to apply to developers or organizations that are doing application development work. If the organization operating the application under review is not doing the development or managing the development of the application, the requirement is not applicable.
 
-Ask the application representative about their coding standards.  Ask for a coding standards document, review the document and ask the developers if they are aware of and if they use the coding standards.  Make a determination if the application developers follow the coding standard. 
+Ask the application representative about their coding standards. Ask for a coding standards document, review the document and ask the developers if they are aware of and if they use the coding standards. Make a determination if the application developers follow the coding standard. 
 
 If the developers do not follow a coding standard, or if a coding standard document does not exist, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Create and maintain a coding standard process and documentation for developers to follow.  
+          <ATTRIBUTE_DATA>Create and maintain a coding standard process and documentation for developers to follow. 
 
-Include programming best practices based on the languages being used for application development.  Include items that should be standardized across the team that that deal with how developers write their application code.</ATTRIBUTE_DATA>
+Include programming best practices based on the languages being used for application development. Include items that should be standardized across the team that deals with how developers write their application code.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
@@ -29100,19 +29895,16 @@ Include programming best practices based on the languages being used for applica
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-003233</ATTRIBUTE_DATA>
         </STIG_DATA>
-        <STATUS>Not_Reviewed</STATUS>
-        <FINDING_DETAILS>SonarCloud scans, including OWASP tests, and tests for coding standards, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Policy page on GitHub for more info.</FINDING_DETAILS>
-        <COMMENTS/>
+        <STATUS>NotAFinding</STATUS>
+        <FINDING_DETAILS>SonarCloud scans, OWASP tests, and tests for coding standards, are run regularly to identify vulnerabilities.  Manual testing also performed. 
+ SonarLint and SonarCloud quality gates are also used.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29125,13 +29917,17 @@ Include programming best practices based on the languages being used for applica
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222654r561284_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222654r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29227,11 +30023,7 @@ If the design document is incomplete, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -29239,7 +30031,7 @@ If the design document is incomplete, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Requires organizational compliance, project documentation, and project Security Policy.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29252,13 +30044,17 @@ If the design document is incomplete, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222655r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222655r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29358,11 +30154,7 @@ If the described threat model documentation does not exist, this is a finding.</
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -29370,7 +30162,7 @@ If the described threat model documentation does not exist, this is a finding.</
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Requires organizational compliance, project documentation, and project Security Policy.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29383,13 +30175,17 @@ If the described threat model documentation does not exist, this is a finding.</
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222656r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222656r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29465,11 +30261,7 @@ If no test results are available for review, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -29477,7 +30269,7 @@ If no test results are available for review, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Automated feature and access control tests are run against every commit to the release branch. SonarCloud scans, including OWASP tests, are run regularly to identify vulnerabilities.  Manual testing also performed. See project Security Policy for more information.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29490,13 +30282,17 @@ If no test results are available for review, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222657r561287_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222657r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29526,7 +30322,7 @@ This requirement is meant to be applied when reviewing an application with the d
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>If the application is a COTS application and the development team is not accessible to interview this requirement is not applicable.
 
-Interview the application development team members.  Request and review the application incident response plan. 
+Interview the application development team members. Request and review the application incident response plan. 
 
 Ensure the plan includes an implemented process that:
 
@@ -29584,19 +30380,15 @@ If the application incident response plan does not exist and at a minimum does n
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>CCI-003289</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
-        <FINDING_DETAILS>See project documentation and Security Policy.</FINDING_DETAILS>
-        <COMMENTS/>
+        <FINDING_DETAILS>See project documentation and Security Policy attached to the project repository on GitHub.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29609,13 +30401,17 @@ If the application incident response plan does not exist and at a minimum does n
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222658r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222658r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29693,11 +30489,7 @@ If any of the software components are not supported by a COTS vendor or a GOTS o
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -29705,7 +30497,7 @@ If any of the software components are not supported by a COTS vendor or a GOTS o
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application is currently being actively maintained and supported.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29718,13 +30510,17 @@ If any of the software components are not supported by a COTS vendor or a GOTS o
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222659r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222659r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29792,11 +30588,7 @@ If the application or any of the application components are not being maintained
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -29804,7 +30596,7 @@ If the application or any of the application components are not being maintained
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application is currently being actively maintained and supported.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29817,13 +30609,17 @@ If the application or any of the application components are not being maintained
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222660r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222660r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29891,11 +30687,7 @@ If provisions are not in place to notify users when an application is decommissi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -29903,7 +30695,7 @@ If provisions are not in place to notify users when an application is decommissi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -29916,13 +30708,17 @@ If provisions are not in place to notify users when an application is decommissi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222661r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222661r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -29998,11 +30794,7 @@ If these accounts are not necessary to run the application, or if the accounts a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30010,7 +30802,7 @@ If these accounts are not necessary to run the application, or if the accounts a
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application has no built-in user accounts.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30023,13 +30815,17 @@ If these accounts are not necessary to run the application, or if the accounts a
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>high</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222662r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222662r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30049,7 +30845,7 @@ If these accounts are not necessary to run the application, or if the accounts a
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Identify the application name and version and do an Internet search for the product name and the string &#x22;default password&#x22;.
+          <ATTRIBUTE_DATA>Identify the application name and version and do an Internet search for the product name and the string &quot;default password&quot;.
 
 If default passwords are found, attempt to authenticate with the published default passwords.
 
@@ -30097,11 +30893,7 @@ If authentication is successful, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30109,7 +30901,7 @@ If authentication is successful, this is a finding.</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application has no default passwords.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30122,13 +30914,17 @@ If authentication is successful, this is a finding.</ATTRIBUTE_DATA>
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222663r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222663r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30248,11 +31044,7 @@ Verify the application configuration guide is distributed along  with the applic
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30260,7 +31052,7 @@ Verify the application configuration guide is distributed along  with the applic
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Project Documentation is provided.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30273,13 +31065,17 @@ Verify the application configuration guide is distributed along  with the applic
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222664r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222664r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30369,11 +31165,7 @@ If the security classification guide does not exist, or does not contain applica
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30381,7 +31173,7 @@ If the security classification guide does not exist, or does not contain applica
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30394,13 +31186,17 @@ If the security classification guide does not exist, or does not contain applica
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222665r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222665r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30502,11 +31298,7 @@ If uncategorized mobile code types are found, ask the application administrator
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30514,7 +31306,7 @@ If uncategorized mobile code types are found, ask the application administrator
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Application uses only Category 3 mobile code. (Javascript that runs client side in a web browser)</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30527,13 +31319,17 @@ If uncategorized mobile code types are found, ask the application administrator
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222666r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222666r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30605,11 +31401,7 @@ If any database exports include sensitive data and that data is not sanitized or
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30617,7 +31409,7 @@ If any database exports include sensitive data and that data is not sanitized or
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30630,13 +31422,17 @@ If any database exports include sensitive data and that data is not sanitized or
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222667r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222667r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30708,11 +31504,7 @@ If mitigations for DoS attacks are identified in the threat model but are not im
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30720,7 +31512,7 @@ If mitigations for DoS attacks are identified in the threat model but are not im
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Threat model dependent on organizational requirements. The project expects to be deployed in a Container Platform that resists DoS attacks.  DoS mitigations expected to be implemented at Container Platform Ingress layer or otherwise fulfilled by specific deployment configurations.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30733,13 +31525,17 @@ If mitigations for DoS attacks are identified in the threat model but are not im
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222668r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222668r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30807,11 +31603,7 @@ If this monitoring capability does not exist, this is a finding.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30819,7 +31611,7 @@ If this monitoring capability does not exist, this is a finding.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>The project expects to be deployed in a Container Platform that monitors resource conditions.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30832,13 +31624,17 @@ If this monitoring capability does not exist, this is a finding.</ATTRIBUTE_DATA
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222669r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222669r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -30908,11 +31704,7 @@ If no deployment personnel are registered to receive the alerts, this is a findi
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -30920,7 +31712,7 @@ If no deployment personnel are registered to receive the alerts, this is a findi
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organization compliance.  Update notifications are available by subscription on GitHub project page.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -30933,13 +31725,17 @@ If no deployment personnel are registered to receive the alerts, this is a findi
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222670r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222670r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -31019,11 +31815,7 @@ Include a description of the issue, a summary of risk as well as potential mitig
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -31031,7 +31823,7 @@ Include a description of the issue, a summary of risk as well as potential mitig
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>Update notifications are available by subscription on GitHub project page.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -31044,13 +31836,17 @@ Include a description of the issue, a summary of risk as well as potential mitig
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222671r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222671r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -31116,11 +31912,7 @@ If the application is publicly accessible and traffic is not being routed throug
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -31128,7 +31920,7 @@ If the application is publicly accessible and traffic is not being routed throug
         </STIG_DATA>
         <STATUS>Not_Reviewed</STATUS>
         <FINDING_DETAILS>Dependent on organizational compliance.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -31141,13 +31933,17 @@ If the application is publicly accessible and traffic is not being routed throug
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>low</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000506</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222672r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222672r879877_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -31221,7 +32017,7 @@ If the application does not create an audit record when concurrent logons occur
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -31229,7 +32025,7 @@ If the application does not create an audit record when concurrent logons occur
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>When logging endpoint requests, the API emits audit records that include the original source IP address.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
@@ -31242,13 +32038,17 @@ If the application does not create an audit record when concurrent logons occur
           <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
         </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
           <ATTRIBUTE_DATA>SRG-APP-000516</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>SV-222673r508029_rule</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>SV-222673r879887_rule</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
@@ -31335,11 +32135,7 @@ If there is no evidence of security training, this is a finding.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 1 Benchmark Date: 23 Oct 2020</ATTRIBUTE_DATA>
-        </STIG_DATA>
-        <STIG_DATA>
-          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
-          <ATTRIBUTE_DATA>CCI-000366</ATTRIBUTE_DATA>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
         </STIG_DATA>
         <STIG_DATA>
           <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
@@ -31347,7 +32143,154 @@ If there is no evidence of security training, this is a finding.</ATTRIBUTE_DATA
         </STIG_DATA>
         <STATUS>NotAFinding</STATUS>
         <FINDING_DETAILS>The current developers are subject to annual security training requirements.</FINDING_DETAILS>
-        <COMMENTS/>
+        <COMMENTS></COMMENTS>
+        <SEVERITY_OVERRIDE/>
+        <SEVERITY_JUSTIFICATION/>
+      </VULN>
+      <VULN>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Vuln_Num</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>V-254803</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Severity</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>medium</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Weight</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>10.0</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Group_Title</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>APSC-DV-002010</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Rule_ID</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>SV-254803r865217_rule</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Rule_Ver</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>APSC-DV-002010</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Rule_Title</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>The application must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Vuln_Discuss</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect classified data. The application must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.
+ 
+Advanced Encryption Standard (AES)
+Symmetric block cipher used for information protection
+FIPS Pub 197
+Use 256 bit keys to protect up to TOP SECRET
+
+Elliptic Curve Diffie-Hellman (ECDH) Key Exchange
+Asymmetric algorithm used for key establishment
+NIST SP 800-56A
+Use Curve P-384 to protect up to TOP SECRET.
+
+Elliptic Curve Digital Signature Algorithm (ECDSA)
+Asymmetric algorithm used for digital signatures
+FIPS Pub 186-4
+Use Curve P-384 to protect up to TOP SECRET.
+
+Secure Hash Algorithm (SHA)
+Algorithm used for computing a condensed representation of information
+FIPS Pub 180-4
+
+Use SHA-384 to protect up to TOP SECRET.
+ 
+Diffie-Hellman (DH) Key Exchange
+Asymmetric algorithm used for key establishment
+IETF RFC 3526 
+Minimum 3072-bit modulus to protect up to TOP SECRET
+
+RSA
+Asymmetric algorithm used for key establishment
+NIST SP 800-56B rev 1
+Minimum 3072-bit modulus to protect up to TOP SECRET
+
+RSA 
+Asymmetric algorithm used for digital signatures
+FIPS PUB 186-4
+Minimum 3072 bit-modulus to protect up to TOP SECRET.</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>IA_Controls</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Check_Content</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>Review the application documentation, system security plan and interview the application administrator to determine if the application processes classified data.
+
+If the application does not process classified data, this requirement is not applicable.
+
+Identify the data classifications and the cryptographic protections established to protect the application data.
+
+Verify the application is configured to utilize the appropriate encryption based upon data classification, cryptographic tasks that need to be performed (information protection, hashing, signing) and information protection requirements.
+
+NIST-certified cryptography must be used to store classified non-Sources and Methods Intelligence (SAMI) information if required by the information owner.
+
+NSA-validated type-1 encryption must be used for all SAMI data stored in the enclave.
+
+If the application is not configured to utilize the NSA-approved cryptographic modules in accordance with data protection requirements specified in the security plan, this is a finding.</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Fix_Text</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>Configure application to encrypt stored classified information; Ensure encryption is performed using NIST FIPS 140-2-validated encryption.
+
+Encrypt stored, non-SAMI classified information using NIST FIPS 140-2-validated encryption.
+
+Implement NSA-validated type-1 encryption of all SAMI data stored in the enclave.</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>False_Positives</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>False_Negatives</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Documentable</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>false</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Mitigations</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Potential_Impact</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Third_Party_Tools</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Mitigation_Control</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Responsibility</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>Security_Override_Guidance</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA/>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>STIGRef</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>Application Security and Development Security Technical Implementation Guide :: Version 5, Release: 3 Benchmark Date: 26 Jul 2023</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STIG_DATA>
+          <VULN_ATTRIBUTE>CCI_REF</VULN_ATTRIBUTE>
+          <ATTRIBUTE_DATA>CCI-002450</ATTRIBUTE_DATA>
+        </STIG_DATA>
+        <STATUS>Not_Reviewed</STATUS>
+        <FINDING_DETAILS>The project expects other layers to provide appropriate data protection via compliant cryptography. It supports interactions with the Data Storage layer via TLS. The project containers are read-only, stateless builds.</FINDING_DETAILS>
+        <COMMENTS></COMMENTS>
         <SEVERITY_OVERRIDE/>
         <SEVERITY_JUSTIFICATION/>
       </VULN>
diff --git a/docs/assets/images/meta-collection-dashboard-collections-tab.png b/docs/assets/images/meta-collection-dashboard-collections-tab.png
new file mode 100644
index 000000000..4ce431ecf
Binary files /dev/null and b/docs/assets/images/meta-collection-dashboard-collections-tab.png differ
diff --git a/docs/assets/images/meta-collection-dashboard-stigs-tab.png b/docs/assets/images/meta-collection-dashboard-stigs-tab.png
new file mode 100644
index 000000000..31027c27c
Binary files /dev/null and b/docs/assets/images/meta-collection-dashboard-stigs-tab.png differ
diff --git a/docs/assets/images/meta-collection-dashboard.png b/docs/assets/images/meta-collection-dashboard.png
new file mode 100644
index 000000000..af7962987
Binary files /dev/null and b/docs/assets/images/meta-collection-dashboard.png differ
diff --git a/docs/assets/images/meta-collection-icon.png b/docs/assets/images/meta-collection-icon.png
new file mode 100644
index 000000000..660cefd20
Binary files /dev/null and b/docs/assets/images/meta-collection-icon.png differ
diff --git a/docs/assets/images/meta-collection-panel-overview-filters.png b/docs/assets/images/meta-collection-panel-overview-filters.png
new file mode 100644
index 000000000..1ddce2255
Binary files /dev/null and b/docs/assets/images/meta-collection-panel-overview-filters.png differ
diff --git a/docs/conf.py b/docs/conf.py
index be04fa72f..c29391245 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -19,7 +19,7 @@
 # -- Project information -----------------------------------------------------
 
 project = 'STIG Manager'
-copyright = '2023 U.S. Federal Government (in countries where recognized)'
+copyright = '2024 U.S. Federal Government (in countries where recognized)'
 author = 'cd-rite'
 
 
diff --git a/docs/the-project/clients.rst b/docs/the-project/clients.rst
index 86c9048ce..96ba79eaa 100644
--- a/docs/the-project/clients.rst
+++ b/docs/the-project/clients.rst
@@ -14,10 +14,13 @@ STIG Manager OSS Reference GUI
 ---------------------------------
 A GUI client that makes use of the Project API is available in our Repo.  Its features are described elsewhere in this documentation. 
 
+See the client `README.md <https://github.com/NUWCDIVNPT/stig-manager/tree/main/client/README.md>`_ for more information on developing or building the client.
+
+
 
 STIG Manager Watcher
 -------------------------
-A command-line client that will monitor a file-system directory and upload .ckls or XCCDF results to a STIG Manager API instance: `STIG Manger Watcher. <https://github.com/NUWCDIVNPT/stigman-watcher>`_  It is maintained by the main STIGMan OSS dev group, and also available as `an npm package. <https://www.npmjs.com/package/stigman-watcher>`_  Check the gitHub repo's `wiki for further documentation. <https://github.com/NUWCDIVNPT/stigman-watcher/wiki>`_
+A command-line client that will monitor a file-system directory and upload .ckl/.cklb or XCCDF results to a STIG Manager API instance: `STIG Manger Watcher. <https://github.com/NUWCDIVNPT/stigman-watcher>`_  It is maintained by the main STIGMan OSS dev group, and also available as `an npm package. <https://www.npmjs.com/package/stigman-watcher>`_  Check the gitHub repo's `wiki for further documentation. <https://github.com/NUWCDIVNPT/stigman-watcher/wiki>`_
 
 Proposed Clients
 ====================
@@ -35,8 +38,21 @@ Several additional Clients may be found useful, but are not a priority for devel
 Create a new Client for the STIG Manager API
 ==================================================
 
-STIG Manager API was created so that other clients could take advantage of the data it manages, though currently, the only one available is the Client provided as part of the project repo.
+The STIG Manager API was created so that other clients could take advantage of the data it manages. `The API is fully defined using the OpenAPI 3.0.1 specification here. <https://github.com/NUWCDIVNPT/stig-manager/blob/main/api/source/specification/stig-manager.yaml>`_ 
+
+Clients will need to authenticate with the OpenID Connect Identity provider their target API is configured to use.  Particular authentication flows and configurations supported may vary by deployment. 
+
+
+Client Development Resources
+==================================================
+
+The STIG Manager team maintains a separate repository containing useful javascript modules for developing clients.  These modules are used in both the STIG Manager GUI and STIGMan Watcher, and are provided as a resource to assist the creation of clients that import checklist files or batch updates to the API. 
 
-For now, please use our existing Clients as a reference for how to do this.  If more information is required, please let us know in an Issue on our Repo and we will do our best to assist.
+These modules are available `in the stig-manager-client-modules repository. <https://github.com/NUWCDIVNPT/stig-manager-client-modules>`_  Check the gitHub repo's README.md and documentation for more specific information about using them.
 
+ - `ReviewParser.js` Provides parsers for .ckl, .cklb, and XCCDF data.  These modules will process data in the checklist format specified, and return a JSON object that can be used to create or update Assets, STIG Assignments, and Reviews in the STIG Manager API. The parsers incorporate processing that will ensure Reviews conform to the Import Options specified by the target Collections in the API, if specified.  
+    - reviewsFromCkl
+    - reviewsFromCklb
+    - reviewsFromXccdf
+ - `TaskObject.js` Takes parsed checklist data, as well as the current state of a Collection's Assets and the STIGs available in the system, and create a TaskObject. The TaskObject defines Assets and Assignments that need to be created or updated, as well as the Reviews that were identified in the parsed checklist data for those Assets.
 
diff --git a/docs/the-project/related-repos.rst b/docs/the-project/related-repos.rst
index 1a05c30d8..5a02e0d0b 100644
--- a/docs/the-project/related-repos.rst
+++ b/docs/the-project/related-repos.rst
@@ -29,3 +29,17 @@ The STIG Manager Demonstration Orchestration offers a sample configuration for a
 See the `STIGMan Orchestration <https://github.com/NUWCDIVNPT/stigman-orchestration>`_ for more details. 
 
 
+STIGMan Client Modules
+==================================================
+
+The STIG Manager team maintains a separate repository containing useful javascript modules for developing clients.  These modules are used in both the STIG Manager GUI and STIGMan Watcher, and are provided as a resource to assist the creation of clients that import checklist files or batch updates to the API. 
+
+These modules are available `in the stig-manager-client-modules repository. <https://github.com/NUWCDIVNPT/stig-manager-client-modules>`_  Check the gitHub repo's README.md and documentation for more specific information about using them.
+
+ - `ReviewParser.js` Provides parsers for .ckl, .cklb, and XCCDF data.  These modules will process data in the checklist format specified, and return a JSON object that can be used to create or update Assets, STIG Assignments, and Reviews in the STIG Manager API. The parsers incorporate processing that will ensure Reviews conform to the Import Options specified by the target Collections in the API, if specified.  
+    - reviewsFromCkl
+    - reviewsFromCklb
+    - reviewsFromXccdf
+ - `TaskObject.js` Takes parsed checklist data, as well as the current state of a Collection's Assets and the STIGs available in the system, and create a TaskObject. The TaskObject defines Assets and Assignments that need to be created or updated, as well as the Reviews that were identified in the parsed checklist data for those Assets.
+
+
diff --git a/docs/the-project/testing.rst b/docs/the-project/testing.rst
index d65a5936a..447f3ac45 100644
--- a/docs/the-project/testing.rst
+++ b/docs/the-project/testing.rst
@@ -1,12 +1,10 @@
 .. _testing:
 
 
-Testing Guide
+API Testing Guide
 ########################################
 
 
-
-
 The STIG Manager project currently tests its API using a Postman Collection and specific test data, which can be found in the repo.
 
 The Postman Collection tests are run automatically with Newman whenever a Pull Request is made to the project.
@@ -16,5 +14,7 @@ The tests run in several iterations, simulating Users accessing the system with
 
 
 
+Running the API Tests Locally
+=============================================
 
-
+See the test `README.md <https://github.com/NUWCDIVNPT/stig-manager/tree/main/test/api/README.md>`_ for more information on running the tests and test data.
\ No newline at end of file
diff --git a/docs/user-guide/user-guide.rst b/docs/user-guide/user-guide.rst
index c92e6a37e..23a47d30b 100644
--- a/docs/user-guide/user-guide.rst
+++ b/docs/user-guide/user-guide.rst
@@ -430,7 +430,7 @@ STIGs Tab
 The STIGs tab on the right of the Collection Dashboard provides a list of every STIG that is assigned to at least one Asset in this Collection (that the User has access to). 
 
 
-Double-clock a STIG, or click the Shield icon when hovering over a STIG, to access to the :ref:`Collection Review Workspace`, from which the User can review ALL the assets they have access to for the STIG selected.
+Double-click a STIG, or click the Shield icon when hovering over a STIG, to access to the :ref:`Collection Review Workspace`, from which the User can review ALL the assets they have access to for the STIG selected.
 
 See :ref:`Collection Review Workspace` for more info.
 
@@ -487,8 +487,81 @@ Double-click on a STIG, or click on the Shield icon, to access the :ref:`Asset R
 
 
 
+===================================
+
+.. index::
+   single: Meta Collection Dashboard
+
+.. _meta collection dashboard:
+
+Meta-Collection Dashboard 
+======================================
+
+The Meta Dashboard provides totals and metrics for some or all of your Collections at a glance. The Collections Tab shows top-level metrics for each Collection, while the STIGs tab shows metrics for each STIG across Collections. The dashboard also allows you to open up individual Collection, Asset, or STIG Review Workspaces.
+
+Access the Meta Dashboard by clicking on the Report icon in the top-level Collections node of the Navigation Tree.
+
+
+.. thumbnail:: /assets/images/meta-collection-icon.png
+      :width: 50% 
+      :show_caption: True
+      :title: Click to open the Meta Dashboard
+
+|
+
+.. thumbnail:: /assets/images/meta-collection-dashboard.png
+      :width: 50% 
+      :show_caption: True
+      :title: The Meta Dashboard
+
+
+|      
+
+
+Meta-Collection Overview 
+----------------------------
+
+The Meta-Collection Overview section at the left of the Meta Dashboard provides high-level statistics about your Collections. 
+
+The Collections presented in the Meta-Collection Dashboard can be filtered by clicking on the Collection icon at the top of the Overview Panel. 
 
 
+.. note::
+      Any filters applied to the Meta Dashboard Overview panel carry forward to the presentation of Collections, STIGs, and Assets on the right of the Dashboard. 
+      
+      .. thumbnail:: /assets/images/meta-collection-panel-overview-filters.png
+                  :width: 25% 
+                  :show_caption: True
+                  :title: Meta-Collection Overview with Filters
+
+|
+
+
+Collections Tab
+----------------------
+
+The Collections Tab on the right of the Collection Dashboard provides a list of every Collection that the User has been granted access to in the system.  Select a Collection to populate the STIGs panel with every STIG assigned to any Asset in that Collection. Select a STIG to see the Assets assigned that STIG.
+
+.. thumbnail:: /assets/images/meta-collection-dashboard-collections-tab.png
+      :width: 50% 
+      :show_caption: True
+      :title: Collections Tab of the Meta-Collection Dashboard
+
+|
+
+
+STIGs Tab
+-------------------------
+
+The STIGs tab on the right of the Collection Dashboard provides a list of every STIG that is assigned to any Asset in any Collection that the User has access to. Clicking on a STIG will load any Collections that contain Assets that have been assigned that STIG into the center panel. Selecting a Collection from the center panel will populate the Assets panel with a list of every Asset in that Collection that has been assigned the selected STIG.
+
+.. thumbnail:: /assets/images/meta-collection-dashboard-stigs-tab.png
+      :width: 50% 
+      :show_caption: True
+      :title: Collections Tab of the Meta-Collection Dashboard
+
+|
+
 ===================================
 
 .. index::
diff --git a/release-notes.rst b/release-notes.rst
index 5d87ba51a..2ff6f6db2 100644
--- a/release-notes.rst
+++ b/release-notes.rst
@@ -1,3 +1,15 @@
+1.4.2
+-----
+
+Changes:
+
+  - (API/UI) Meta-Collection Dashboard feature
+  - (Docs) Documentation updates
+  - (Demo/Docs) Demo data updates, include STIGs for demo data.
+  - (API) Code cleanup
+  - (API/Dependency) Dependency updates
+
+  
 1.4.1
 -----
 
diff --git a/test/api/README.md b/test/api/README.md
index 11d45aff5..569778297 100644
--- a/test/api/README.md
+++ b/test/api/README.md
@@ -3,9 +3,10 @@
 ## Required tooling
 - Node.js
 - [newman](https://www.npmjs.com/package/newman) (global install)
+- [newman-reporter-htmlextra](https://www.npmjs.com/package/newman-reporter-htmlextra)
+
 
 ## Optional tooling
-- [newman-reporter-htmlextra](https://www.npmjs.com/package/newman-reporter-htmlextra)
 - [Postman](https://www.postman.com/downloads/)
 
 ## Runtime environment
@@ -18,7 +19,6 @@ Run ***ONE*** of the following:
    ```
   
 
-
 - An HTTP server on port 8080 that accepts requests for the content in `./mock-keycloak`
 
    > Example with Python3:
@@ -42,7 +42,8 @@ Run ***ONE*** of the following:
    ```
 
 ### API
-- Run the API so it can communicate with the Authentication Server and database and is listening on port 64001
+- Run the API so it answering requests at `localhost:64001/api`, and can communicate with the Authentication Server and database.
+- The API can be run in a dev environment such as Visual Studio Code or in a container
 
    > Example with docker
    ```
@@ -53,25 +54,35 @@ Run ***ONE*** of the following:
 
 ## Running the Tests
 
+### From the Command Line Using newman
+- Ensure the newman npm module is installed. If not, run `npm install -g newman`
+- From the /test/api folder of the project repo, run the `runFailsOnly.sh` bash script.
+- Test result summaries are output to the console, and detailed test reports are output to the `/test/api/newman`` directory.
+
+### From Postman UI
+
+- Open Postman and import the collection and environment files from the `/test/api` directory of the project repo.
+- Run requests individually, or as part of a Collection or Folder "run" using the `collectionRunnerData.json` file, if user iterations are needed.
+
+
+## Test Components
+
+Located in the `/test/api directory of the project repo:
+
+- `postman_collection.json`  The Postman Collection of API tests.
+- `postman_environment.json`  The Postman Environment for the API tests.
+- `collectionRunnerData.json`  The data file used by the newman/Postman Collection Runner to run iterations of the tests. Each iteration is specific to a user with different levels of access and grants to Collections maintained by the API. 
+- `runFailsOnly.sh`  A bash script that runs the tests using newman, and outputs a summary of the results to the console. Detailed test reports are output to the /test/api/newman directory.  Tests are run in groups defined by the top-level folders of the Postman Collection. 
+- `form-data-files/*`  Test data files sent by Postman/newman to the API. Includes several sets of data to populate the API with data the tests expect, and several reference STIGs to use in the tests.  If using the Postman UI, you may need to adjust Postman settings to allow access to this folder locally. 
+
+## Test Policy
+
+- All PRs to the project repo must pass all API tests before they will be accepted.
+- All PRs to the project repo should include new or updated API tests that cover the changes made by the PR to the API.
 
-```
-newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 1 \
-  --folder "LoadTestData" -r cli,htmlextra  \
-  --reporter-htmlextra-export \
-  ./newman/dataPreloadReport.html
+## Test Coverage
 
-newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 7 \
-  --folder "GETs" -r cli,htmlextra \
-  --reporter-htmlextra-export \
-  ./newman/GetsReport.html
+- The API tests cover all endpoints of the API, and all HTTP methods supported by the API.
+- The PR Workflow running the tests will also generate a coverage report showing how much of the API code is covered by the tests.
 
-newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 7 \
-  --folder "POSTS, Puts, Patches, and Deletes" -r cli,htmlextra \
-  --reporter-htmlextra-export \
-  ./newman/PPPDReport.html
 
-newman run postman_collection.json -e postman_environment.json -d collectionRunnerData.json -n 2 \
---folder "STIGS" -r cli,htmlextra \
---reporter-htmlextra-export \
-./newman/stigsReport.html
-```
\ No newline at end of file
diff --git a/test/api/form-data-files/appdata-meta-metrics-with-pin.json b/test/api/form-data-files/appdata-meta-metrics-with-pin.json
new file mode 100644
index 000000000..6a53003c8
--- /dev/null
+++ b/test/api/form-data-files/appdata-meta-metrics-with-pin.json
@@ -0,0 +1 @@
+{"users":[{"userId":"87","username":"admin","email":null,"displayName":"Admin Burke","statistics":{"created":"2024-01-18T02:49:09Z","lastAccess":1705861395,"lastClaims":{"aud":["realm-management","account"],"azp":"stig-manager","exp":1705861695,"iat":1705861395,"iss":"http://localhost:8080/realms/stigman","jti":"070a420c-e50f-45ab-9b45-17898db947f7","sid":"631198c7-5cbe-48a3-a0dd-873c2081b0f6","sub":"bf87a16f-39e6-46d9-8971-f0ef51dd3f85","typ":"Bearer","name":"Admin Burke","nonce":"78e156cf-b67b-4f13-a0af-fe3d9f281469","scope":"stig-manager:collection stig-manager:stig:read stig-manager:user:read stig-manager:op stig-manager:user stig-manager:stig","auth_time":1705858315,"client_id":"admin","given_name":"Admin","family_name":"Burke","realm_access":{"roles":["create_collection","default-roles-stigman","admin","user"]},"session_state":"631198c7-5cbe-48a3-a0dd-873c2081b0f6","resource_access":{"account":{"roles":["manage-account","manage-account-links","view-profile"]},"realm-management":{"roles":["view-users","query-groups","query-users"]}},"preferred_username":"admin"},"collectionGrantCount":2}},{"userId":"86","username":"bizarroLvl1","email":null,"displayName":"bizarroLvl1","statistics":{"created":"2024-01-18T02:49:09Z","lastAccess":null,"lastClaims":{},"collectionGrantCount":1}},{"userId":"82","username":"collectioncreator","email":null,"displayName":"collection creator","statistics":{"created":"2024-01-18T02:49:09Z","lastAccess":1705546498,"lastClaims":{"acr":"0","aud":["realm-management","account"],"azp":"stig-manager","exp":1864709200,"iat":1670568400,"iss":"http://localhost:8080/auth/realms/stigman","jti":"da751cd7-b1bd-481d-9e81-57a47a6f4eb8","sid":"b6dcf279-8fb4-444b-8506-2f48d2a763bd","sub":"dd48f19e-81f0-44cf-a418-c4de98b6b783","typ":"Bearer","name":"collection creator","nonce":"227ee242-1bbb-4b56-86fa-67ef646edc93","scope":"openid stig-manager:collection stig-manager:stig:read stig-manager:user:read stig-manager:collection:read","auth_time":1670568400,"given_name":"collection","family_name":"creator","realm_access":{"roles":["create_collection","default-roles-stigman"]},"session_state":"b6dcf279-8fb4-444b-8506-2f48d2a763bd","resource_access":{"account":{"roles":["manage-account","manage-account-links","view-profile"]},"realm-management":{"roles":["view-users","query-groups","query-users"]}},"preferred_username":"collectioncreator"},"collectionGrantCount":0}},{"userId":"85","username":"lvl1","email":null,"displayName":"restricted","statistics":{"created":"2024-01-18T02:49:09Z","lastAccess":1705546498,"lastClaims":{"acr":"1","aud":["realm-management","account"],"azp":"stig-manager","exp":1864708984,"iat":1670568184,"iss":"http://localhost:8080/auth/realms/stigman","jti":"108f0760-0bf9-4df1-b143-96836bfbc363","sid":"b4a3acf1-9dc7-45e1-98f8-d35362aec4c7","sub":"e3ae27b8-da20-4c42-9df8-6089f70f763b","typ":"Bearer","name":"restricted","nonce":"14fa9d7d-0fe0-4426-8fd9-69d74a6f3464","scope":"openid stig-manager:collection stig-manager:stig:read stig-manager:user:read stig-manager:collection:read","auth_time":1670568184,"given_name":"restricted","realm_access":{"roles":["default-roles-stigman"]},"session_state":"b4a3acf1-9dc7-45e1-98f8-d35362aec4c7","resource_access":{"account":{"roles":["manage-account","manage-account-links","view-profile"]},"realm-management":{"roles":["view-users","query-groups","query-users"]}},"preferred_username":"lvl1"},"collectionGrantCount":1}},{"userId":"21","username":"lvl2","email":null,"displayName":"lvl2","statistics":{"created":"2024-01-18T02:49:09Z","lastAccess":1705546498,"lastClaims":{"acr":"0","aud":["realm-management","account"],"azp":"stig-manager","exp":1864709074,"iat":1670568275,"iss":"http://localhost:8080/auth/realms/stigman","jti":"03f49efc-cc71-4712-9ac7-14f9c6b475da","sid":"c6e2e826-1333-4f07-9788-79410c9f2d06","sub":"c137d637-f056-4c72-9bef-ec2af7c1abc7","typ":"Bearer","name":"lvl2","nonce":"49369e7f-a2df-491a-8b44-a042caf238ec","scope":"openid stig-manager:collection stig-manager:stig:read stig-manager:user:read stig-manager:collection:read","auth_time":1670568274,"given_name":"lvl2","realm_access":{"roles":["default-roles-stigman"]},"session_state":"c6e2e826-1333-4f07-9788-79410c9f2d06","resource_access":{"account":{"roles":["manage-account","manage-account-links","view-profile"]},"realm-management":{"roles":["view-users","query-groups","query-users"]}},"preferred_username":"lvl2"},"collectionGrantCount":1}},{"userId":"44","username":"lvl3","email":null,"displayName":"lvl3","statistics":{"created":"2024-01-18T02:49:09Z","lastAccess":1705546498,"lastClaims":{"acr":"0","aud":["realm-management","account"],"azp":"stig-manager","exp":1864709125,"iat":1670568325,"iss":"http://localhost:8080/auth/realms/stigman","jti":"852926ff-1c38-4006-960b-d9a4bca271f9","sid":"318d8cff-0ce5-4739-812c-b5b467e1d6c1","sub":"35fabc06-076e-4ff4-8bde-f325ea7dd4fb","typ":"Bearer","nonce":"416c0bbd-2f69-4fd0-82a5-7cd0f6de7535","scope":"openid stig-manager:collection stig-manager:stig:read stig-manager:user:read stig-manager:collection:read","auth_time":1670568325,"realm_access":{"roles":["default-roles-stigman"]},"session_state":"318d8cff-0ce5-4739-812c-b5b467e1d6c1","resource_access":{"account":{"roles":["manage-account","manage-account-links","view-profile"]},"realm-management":{"roles":["view-users","query-groups","query-users"]}},"preferred_username":"lvl3"},"collectionGrantCount":1}},{"userId":"45","username":"lvl4","email":null,"displayName":"lvl4","statistics":{"created":"2024-01-18T02:49:09Z","lastAccess":1705546498,"lastClaims":{"acr":"0","aud":["realm-management","account"],"azp":"stig-manager","exp":1864709163,"iat":1670568364,"iss":"http://localhost:8080/auth/realms/stigman","jti":"7180f59c-d4d3-442f-b5e5-76f120a947aa","sid":"bf4ccf4c-7e40-47b6-b02b-cfd09d71989f","sub":"902cfa46-61b3-49a7-8e8a-6f70a93c2a97","typ":"Bearer","name":"lvl4","nonce":"1eaa8441-dafb-4a93-87ff-1d73437e0eca","scope":"openid stig-manager:collection stig-manager:stig:read stig-manager:user:read stig-manager:collection:read","auth_time":1670568363,"given_name":"lvl4","realm_access":{"roles":["default-roles-stigman"]},"session_state":"bf4ccf4c-7e40-47b6-b02b-cfd09d71989f","resource_access":{"account":{"roles":["manage-account","manage-account-links","view-profile"]},"realm-management":{"roles":["view-users","query-groups","query-users"]}},"preferred_username":"lvl4"},"collectionGrantCount":1}},{"userId":"1","username":"stigmanadmin","email":null,"displayName":"STIGMAN Admin","statistics":{"created":"2024-01-18T02:49:09Z","lastAccess":1705860313,"lastClaims":{"acr":"0","aud":["realm-management","account"],"azp":"stig-manager","exp":1864681035,"iat":1670540236,"iss":"http://localhost:8080/auth/realms/stigman","jti":"47f9aa7d-bac4-4098-9be8-ace75513aa7f","sid":"87365b33-2c76-4b3c-8485-fba5dbff4b9f","sub":"b7c78a62-b84f-4578-a983-2ebc66fd9efe","typ":"Bearer","name":"STIGMAN Admin","nonce":"3378daff-0404-43b3-b4ab-ee31ff7340ac","scope":"openid stig-manager:collection stig-manager:stig:read stig-manager:user:read stig-manager:op stig-manager:collection:read stig-manager:op:read stig-manager:user stig-manager stig-manager:stig","auth_time":1670540235,"given_name":"STIGMAN","family_name":"Admin","realm_access":{"roles":["create_collection","default-roles-stigman","admin"]},"session_state":"87365b33-2c76-4b3c-8485-fba5dbff4b9f","resource_access":{"account":{"roles":["manage-account","manage-account-links","view-profile"]},"realm-management":{"roles":["view-users","query-groups","query-users"]}},"preferred_username":"stigmanadmin"},"collectionGrantCount":2}},{"userId":"22","username":"wf-test","email":null,"displayName":"wf-test","statistics":{"created":"2024-01-18T02:49:09Z","lastAccess":null,"lastClaims":{},"collectionGrantCount":0}},{"userId":"43","username":"workforce-60","email":null,"displayName":"workforce-60","statistics":{"created":"2024-01-18T02:49:09Z","lastAccess":null,"lastClaims":{},"collectionGrantCount":0}}],"collections":[{"collectionId":"21","name":"Collection X","description":null,"settings":{"fields":{"detail":{"enabled":"always","required":"always"},"comment":{"enabled":"always","required":"findings"}},"status":{"canAccept":true,"resetCriteria":"result","minAcceptGrant":3},"history":{"maxReviews":15}},"metadata":{"reqRar":"true","pocName":"poc2Patched","pocEmail":"pocEmail@email.com","pocPhone":"12342"},"stigs":[{"ruleCount":81,"benchmarkId":"VPN_SRG_TEST","revisionStr":"V1R1","benchmarkDate":"2019-07-19","revisionPinned":false},{"ruleCount":287,"benchmarkId":"Windows_10_STIG_TEST","revisionStr":"V1R23","benchmarkDate":"2020-06-17","revisionPinned":false}],"grants":[{"accessLevel":1,"userId":"86"},{"accessLevel":1,"userId":"85"},{"accessLevel":2,"userId":"21"},{"accessLevel":3,"userId":"44"},{"accessLevel":4,"userId":"87"},{"accessLevel":4,"userId":"1"},{"accessLevel":4,"userId":"45"}],"labels":[{"labelId":"755b8a28-9a68-11ec-b1bc-0242ac110002","name":"test-label-full","description":"","color":"FF99CC","uses":2},{"labelId":"5130dc84-9a68-11ec-b1bc-0242ac110002","name":"test-label-lvl1","description":"","color":"99CCFF","uses":1}]},{"collectionId":"83","name":"Collection Y","description":null,"settings":{"fields":{"detail":{"enabled":"always","required":"always"},"comment":{"enabled":"findings","required":"findings"}},"status":{"canAccept":true,"resetCriteria":"result","minAcceptGrant":3},"history":{"maxReviews":15}},"metadata":{"reqRar":"true","pocName":"string","pocEmail":"string","pocPhone":"string"},"stigs":[{"ruleCount":81,"benchmarkId":"VPN_SRG_TEST","revisionStr":"V1R0","benchmarkDate":"2010-07-19","revisionPinned":true}],"grants":[{"accessLevel":4,"userId":"87"},{"accessLevel":4,"userId":"1"}],"labels":[]}],"assets":[{"assetId":"29","name":"ACHERNAR_Collection_X_asset","fqdn":null,"description":"","ip":"10.0.0.18","labelIds":[],"mac":null,"noncomputing":false,"metadata":{},"stigGrants":[],"collectionId":"21"},{"assetId":"42","name":"Collection_X_lvl1_asset-1","fqdn":null,"description":"","ip":"","labelIds":["755b8a28-9a68-11ec-b1bc-0242ac110002","5130dc84-9a68-11ec-b1bc-0242ac110002"],"mac":null,"noncomputing":true,"metadata":{},"stigGrants":[{"benchmarkId":"VPN_SRG_TEST","userIds":["85"]},{"benchmarkId":"Windows_10_STIG_TEST","userIds":["86"]}],"collectionId":"21"},{"assetId":"62","name":"Collection_X_asset","fqdn":null,"description":"","ip":"10.1.1.1","labelIds":["755b8a28-9a68-11ec-b1bc-0242ac110002"],"mac":null,"noncomputing":false,"metadata":{},"stigGrants":[{"benchmarkId":"VPN_SRG_TEST","userIds":[]},{"benchmarkId":"Windows_10_STIG_TEST","userIds":[]}],"collectionId":"21"},{"assetId":"153","name":"Collection_Y_lvl_1_asset-1","fqdn":null,"description":"","ip":"","labelIds":[],"mac":null,"noncomputing":false,"metadata":{},"stigGrants":[{"benchmarkId":"VPN_SRG_TEST","userIds":[]}],"collectionId":"83"},{"assetId":"240","name":"Collection_Y_asset-noGrants","fqdn":null,"description":"","ip":"","labelIds":[],"mac":null,"noncomputing":false,"metadata":{},"stigGrants":[{"benchmarkId":"VPN_SRG_TEST","userIds":[]}],"collectionId":"83"}],"reviews":[{"assetId":"42","ruleId":"SV-106179r1_rule","result":"pass","resultEngine":null,"detail":"test\nvisible to lvl1","comment":"idk","userId":"1","ts":"2021-07-16T03:34:02Z","touchTs":"2021-07-16T03:34:02Z","status":{"ts":"2021-07-16T03:34:02Z","text":null,"label":"submitted","userId":"1"},"metadata":{"testkey":"testvalue"},"history":[{"ts":"2020-08-11T23:37:45Z","detail":"test\nvisible to lvl1","result":"pass","ruleId":"SV-106179r1_rule","status":{"ts":"2020-08-11T23:37:45Z","text":null,"label":"submitted","userId":"1"},"userId":"1","comment":null,"touchTs":"2020-08-11T23:37:45Z","resultEngine":null},{"ts":"2020-08-11T23:37:45Z","detail":"test\nvisible to lvl1","result":"pass","ruleId":"SV-106179r1_rule","status":{"ts":"2020-08-11T23:37:45Z","text":null,"label":"saved","userId":"87"},"userId":"1","comment":null,"touchTs":"2020-08-11T23:37:45Z","resultEngine":null}]},{"assetId":"42","ruleId":"SV-106181r1_rule","result":"notapplicable","resultEngine":null,"detail":"test\nvisible to lvl1\nhas history","comment":"","userId":"87","ts":"2022-02-03T00:07:05Z","touchTs":"2022-02-03T00:07:07Z","status":{"ts":"2022-02-03T00:07:07Z","text":null,"label":"submitted","userId":"87"},"metadata":{},"history":[{"ts":"2020-08-11T22:26:50Z","detail":"test\nvisible to lvl1","result":"notapplicable","ruleId":"SV-106181r1_rule","status":{"ts":"2020-08-11T22:26:50Z","text":null,"label":"submitted","userId":"1"},"userId":"1","comment":null,"touchTs":"2020-08-11T22:26:50Z","resultEngine":null},{"ts":"2020-08-11T22:26:50Z","detail":"test\nvisible to lvl1","result":"notapplicable","ruleId":"SV-106181r1_rule","status":{"ts":"2020-08-11T22:26:50Z","text":null,"label":"saved","userId":"87"},"userId":"1","comment":null,"touchTs":"2020-08-11T22:26:50Z","resultEngine":null},{"ts":"2022-02-03T00:07:05Z","detail":"test\nvisible to lvl1\nhas history","result":"notapplicable","ruleId":"SV-106181r1_rule","status":{"ts":"2022-02-03T00:07:05Z","text":null,"label":"saved","userId":"87"},"userId":"87","comment":"","touchTs":"2022-02-03T00:07:05Z","resultEngine":null}]},{"assetId":"42","ruleId":"SV-106183r1_rule","result":"fail","resultEngine":null,"detail":"test\nvisible to lvl1","comment":"test\nvisible to lvl1","userId":"1","ts":"2020-08-11T22:27:26Z","touchTs":"2020-08-11T22:27:26Z","status":{"ts":"2020-08-11T22:27:26Z","text":null,"label":"submitted","userId":"1"},"metadata":{},"history":[]},{"assetId":"42","ruleId":"SV-106185r1_rule","result":"fail","resultEngine":null,"detail":"test\nvisible to lvl1","comment":"test\nvisible to lvl1","userId":"1","ts":"2020-08-11T22:28:27Z","touchTs":"2020-08-11T22:28:27Z","status":{"ts":"2020-08-11T22:28:27Z","text":null,"label":"submitted","userId":"1"},"metadata":{},"history":[]},{"assetId":"42","ruleId":"SV-106187r1_rule","result":"fail","resultEngine":null,"detail":"test\nvisible to lvl1","comment":"test\nvisible to lvl1","userId":"1","ts":"2020-08-11T22:28:17Z","touchTs":"2020-08-11T22:28:17Z","status":{"ts":"2020-08-11T22:28:17Z","text":null,"label":"submitted","userId":"1"},"metadata":{},"history":[]},{"assetId":"42","ruleId":"SV-106189r1_rule","result":"pass","resultEngine":null,"detail":"test\nvisible to lvl1\nunbumitted\n","comment":null,"userId":"1","ts":"2020-08-11T22:28:42Z","touchTs":"2020-08-11T22:28:42Z","status":{"ts":"2020-08-11T22:28:42Z","text":null,"label":"saved","userId":"1"},"metadata":{},"history":[]},{"assetId":"42","ruleId":"SV-77809r3_rule","result":"pass","resultEngine":null,"detail":"test\nvisible to lvl2 and above","comment":null,"userId":"1","ts":"2020-08-11T22:29:16Z","touchTs":"2020-08-11T22:29:16Z","status":{"ts":"2020-08-11T22:29:16Z","text":null,"label":"saved","userId":"1"},"metadata":{},"history":[]},{"assetId":"42","ruleId":"SV-77811r1_rule","result":"pass","resultEngine":null,"detail":"test\nvisible to lvl2 and above","comment":null,"userId":"1","ts":"2020-08-11T22:29:30Z","touchTs":"2020-08-11T22:29:30Z","status":{"ts":"2020-08-11T22:29:30Z","text":null,"label":"submitted","userId":"1"},"metadata":{},"history":[]},{"assetId":"42","ruleId":"SV-77813r6_rule","result":"fail","resultEngine":null,"detail":"test\nlvl2","comment":"test\nlvl2","userId":"1","ts":"2020-08-18T20:48:29Z","touchTs":"2020-08-18T20:48:29Z","status":{"ts":"2020-08-18T20:48:29Z","text":null,"label":"submitted","userId":"1"},"metadata":{},"history":[]},{"assetId":"62","ruleId":"SV-106179r1_rule","result":"notapplicable","resultEngine":null,"detail":"test\nvisible to lvl1","comment":"","userId":"87","ts":"2022-01-26T01:23:06Z","touchTs":"2022-01-26T01:23:06Z","status":{"ts":"2022-01-26T01:23:06Z","text":null,"label":"submitted","userId":"87"},"metadata":{},"history":[]},{"assetId":"62","ruleId":"SV-106181r1_rule","result":"notapplicable","resultEngine":null,"detail":"test\nvisible to lvl1","comment":null,"userId":"1","ts":"2020-08-11T23:37:48Z","touchTs":"2020-08-11T23:37:48Z","status":{"ts":"2020-08-11T23:37:48Z","text":null,"label":"submitted","userId":"1"},"metadata":{},"history":[]},{"assetId":"62","ruleId":"SV-106183r1_rule","result":"fail","resultEngine":null,"detail":"test\nvisible to lvl1","comment":null,"userId":"1","ts":"2020-08-11T23:37:53Z","touchTs":"2020-08-11T23:37:53Z","status":{"ts":"2020-08-11T23:37:53Z","text":null,"label":"saved","userId":"1"},"metadata":{},"history":[]},{"assetId":"153","ruleId":"SV-106179r1_rule","result":"pass","resultEngine":null,"detail":"test\nvisible to lvl1","comment":null,"userId":"1","ts":"2020-08-18T02:22:56Z","touchTs":"2020-08-18T02:22:56Z","status":{"ts":"2020-08-18T02:22:56Z","text":null,"label":"submitted","userId":"1"},"metadata":{},"history":[]},{"assetId":"240","ruleId":"SV-106179r1_rule","result":"pass","resultEngine":null,"detail":"test\nno one but admin users should see this.","comment":null,"userId":"1","ts":"2020-08-18T02:22:23Z","touchTs":"2020-08-18T02:22:23Z","status":{"ts":"2020-08-18T02:22:23Z","text":null,"label":"saved","userId":"1"},"metadata":{},"history":[]}]}
\ No newline at end of file
diff --git a/test/api/postman_collection.json b/test/api/postman_collection.json
index c0e84cc06..384a6071f 100644
--- a/test/api/postman_collection.json
+++ b/test/api/postman_collection.json
@@ -1185,6 +1185,153 @@
 		{
 			"name": "GETs",
 			"item": [
+				{
+					"name": "load standard test data Copy",
+					"item": [
+						{
+							"name": "Import and overwrite application data (as elevated Admin)",
+							"event": [
+								{
+									"listen": "test",
+									"script": {
+										"exec": [
+											"let user = pm.environment.get(\"user\");\r",
+											"console.log(\"user: \" + user);\r",
+											"\r",
+											"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+											"    user = \"elevated\";\r",
+											"    console.log(\"setting user to 'elevated'\");\r",
+											"}\r",
+											"\r",
+											"if (user == \"elevated\") { //placeholder for \"users\" that should fail\r",
+											"    pm.test(\"Status should be is 200 for elevated stigmanadmin user\", function () {\r",
+											"        pm.response.to.have.status(200);\r",
+											"    });\r",
+											"}\r",
+											"else {\r",
+											"    pm.test(\"Status code is 403\", function () {\r",
+											"        pm.response.to.have.status(403);\r",
+											"    });\r",
+											"}\r",
+											"if (pm.response.code !== 200) {\r",
+											"    return;\r",
+											"}\r",
+											"\r",
+											"\r",
+											"let response = pm.response.text();\r",
+											"console.log(response)\r",
+											"\r",
+											"pm.test(\"Body contains string\",() => {\r",
+											"  pm.expect(response).to.include(\"Commit successful\");\r",
+											"});"
+										],
+										"type": "text/javascript"
+									}
+								}
+							],
+							"request": {
+								"auth": {
+									"type": "oauth2",
+									"oauth2": [
+										{
+											"key": "accessToken",
+											"value": "{{token.stigmanadmin}}",
+											"type": "string"
+										}
+									]
+								},
+								"method": "POST",
+								"header": [
+									{
+										"key": "Content-Type",
+										"value": "multipart/form-data"
+									}
+								],
+								"body": {
+									"mode": "formdata",
+									"formdata": [
+										{
+											"key": "importFile",
+											"type": "file",
+											"src": "./{{formDataFiles}}/{{appDataFile}}"
+										}
+									]
+								},
+								"url": {
+									"raw": "{{baseUrl}}/op/appdata?elevate=true",
+									"host": [
+										"{{baseUrl}}"
+									],
+									"path": [
+										"op",
+										"appdata"
+									],
+									"query": [
+										{
+											"key": "elevate",
+											"value": "true",
+											"description": "Elevate the user context for this request if user is permitted (canAdmin)"
+										}
+									]
+								}
+							},
+							"response": []
+						},
+						{
+							"name": "Deletes the specified revision of a STIG v1r0 - with force - could fail if not present, so no tests",
+							"event": [
+								{
+									"listen": "test",
+									"script": {
+										"exec": [
+											""
+										],
+										"type": "text/javascript"
+									}
+								}
+							],
+							"request": {
+								"method": "DELETE",
+								"header": [],
+								"url": {
+									"raw": "{{baseUrl}}/stigs/:benchmarkId/revisions/:revisionStr?elevate=true&force=true",
+									"host": [
+										"{{baseUrl}}"
+									],
+									"path": [
+										"stigs",
+										":benchmarkId",
+										"revisions",
+										":revisionStr"
+									],
+									"query": [
+										{
+											"key": "elevate",
+											"value": "true"
+										},
+										{
+											"key": "force",
+											"value": "true"
+										}
+									],
+									"variable": [
+										{
+											"key": "benchmarkId",
+											"value": "{{testBenchmark}}",
+											"description": "(Required) A path parameter that indentifies a STIG"
+										},
+										{
+											"key": "revisionStr",
+											"value": "V1R0",
+											"description": "(Required) A path parameter that indentifies a STIG revision [ V{version_num}R{release_num} | 'latest' ]"
+										}
+									]
+								}
+							},
+							"response": []
+						}
+					]
+				},
 				{
 					"name": "Collection GET",
 					"item": [
@@ -21354,64 +21501,7307 @@
 															"                pm.expect(item.metrics.results.pass.total).to.equal(metricsReferenceCommon.results.pass.total);\r",
 															"            });        \r",
 															"\r",
-															"            pm.test(\"Check some stats - results - fail\", function () {\r",
-															"                pm.expect(item.metrics.results.fail.total).to.equal(metricsReferenceCommon.results.fail.total);\r",
-															"            });     \r",
-															"            pm.test(\"Check some stats - results - informational\", function () {\r",
-															"                pm.expect(item.metrics.results.informational.total).to.equal(metricsReferenceCommon.results.informational.total);\r",
-															"            });                 \r",
-															"            pm.test(\"Check some stats - results - notchecked\", function () {\r",
-															"                pm.expect(item.metrics.results.notchecked.total).to.equal(metricsReferenceCommon.results.notchecked.total);\r",
-															"            });                 \r",
-															"            pm.test(\"Check some stats - results - notselected\", function () {\r",
-															"                pm.expect(item.metrics.results.notselected.total).to.equal(metricsReferenceCommon.results.notselected.total);\r",
-															"            });                 \r",
-															"            pm.test(\"Check some stats - results - error\", function () {\r",
-															"                pm.expect(item.metrics.results.error.total).to.equal(metricsReferenceCommon.results.error.total);\r",
-															"            });    \r",
-															"            pm.test(\"Check some stats - results - fixed\", function () {\r",
-															"                pm.expect(item.metrics.results.fixed.total).to.equal(metricsReferenceCommon.results.fixed.total);\r",
-															"            });                 \r",
+															"            pm.test(\"Check some stats - results - fail\", function () {\r",
+															"                pm.expect(item.metrics.results.fail.total).to.equal(metricsReferenceCommon.results.fail.total);\r",
+															"            });     \r",
+															"            pm.test(\"Check some stats - results - informational\", function () {\r",
+															"                pm.expect(item.metrics.results.informational.total).to.equal(metricsReferenceCommon.results.informational.total);\r",
+															"            });                 \r",
+															"            pm.test(\"Check some stats - results - notchecked\", function () {\r",
+															"                pm.expect(item.metrics.results.notchecked.total).to.equal(metricsReferenceCommon.results.notchecked.total);\r",
+															"            });                 \r",
+															"            pm.test(\"Check some stats - results - notselected\", function () {\r",
+															"                pm.expect(item.metrics.results.notselected.total).to.equal(metricsReferenceCommon.results.notselected.total);\r",
+															"            });                 \r",
+															"            pm.test(\"Check some stats - results - error\", function () {\r",
+															"                pm.expect(item.metrics.results.error.total).to.equal(metricsReferenceCommon.results.error.total);\r",
+															"            });    \r",
+															"            pm.test(\"Check some stats - results - fixed\", function () {\r",
+															"                pm.expect(item.metrics.results.fixed.total).to.equal(metricsReferenceCommon.results.fixed.total);\r",
+															"            });                 \r",
+															"\r",
+															"            // pm.test(\"Check some stats - results - unassessed\", function () {\r",
+															"            //     pm.expect(item.metrics.results.unassessed).to.equal(metricsReferenceCommon.results.unassessed.total);\r",
+															"            // });                   \r",
+															"\r",
+															"            pm.test(\"Check some stats - status - saved\", function () {\r",
+															"                pm.expect(item.metrics.statuses.saved.total).to.equal(metricsReferenceCommon.statuses.saved.total);\r",
+															"            });   \r",
+															"\r",
+															"            pm.test(\"Check some stats - status - submitted\", function () {\r",
+															"                pm.expect(item.metrics.statuses.submitted.total).to.equal(metricsReferenceCommon.statuses.submitted.total);\r",
+															"            });  \r",
+															"            pm.test(\"Check some stats - status - accepted\", function () {\r",
+															"                pm.expect(item.metrics.statuses.accepted.total).to.equal(metricsReferenceCommon.statuses.accepted.total);\r",
+															"            });                   \r",
+															"            pm.test(\"Check some stats - status - rejected\", function () {\r",
+															"                pm.expect(item.metrics.statuses.rejected.total).to.equal(metricsReferenceCommon.statuses.rejected.total);\r",
+															"            });      \r",
+															"\r",
+															"            pm.test(\"Check some stats - assessments\", function () {\r",
+															"                pm.expect(item.metrics.assessments).to.equal(metricsReferenceCommon.assessments);\r",
+															"            });             \r",
+															"            pm.test(\"Check some stats - assessed\", function () {\r",
+															"                pm.expect(item.metrics.assessed).to.equal(metricsReferenceCommon.assessed);\r",
+															"            });                          \r",
+															"\r",
+															"        }\r",
+															"\r",
+															"    }\r",
+															"\r",
+															"\r",
+															"}\r",
+															"\r",
+															"\r",
+															"   \r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															"\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/:collectionId/metrics/detail",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														":collectionId",
+														"metrics",
+														"detail"
+													],
+													"variable": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}"
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "Return detailed metrics for the specified Collection - with params",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"collectioncreator\" || user == \"bizarroLvl1\" ) {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"\r",
+															"pm.test(\"Response JSON is an array\", function () {\r",
+															"    pm.expect(jsonData).to.be.an('array');\r",
+															"});\r",
+															"\r",
+															"\r",
+															"let testAsset = pm.environment.get(\"testAsset\");\r",
+															"let testBenchmark = pm.environment.get(\"testBenchmark\");\r",
+															"let testLabel = pm.environment.get(\"testLabel\");\r",
+															"let testLabelName = pm.environment.get(\"testLabelName\");\r",
+															"\r",
+															"let testChecklistLength = parseInt(pm.environment.get(\"checklistLength\"));\r",
+															"\r",
+															"\r",
+															"\r",
+															"// pm.test(\"Check that proper assets are returned\", function () {\r",
+															"    for (let item of jsonData){\r",
+															"            console.log( \"testing: \" + item.name) \r",
+															"\r",
+															"        let assetMatchString = pm.environment.get(\"assetMatchString\");\r",
+															"        var regex = new RegExp(assetMatchString);\r",
+															"        pm.test(\"Check that proper assets are returned: \" + assetMatchString, function () {\r",
+															"            pm.expect(item.name).to.match(regex);\r",
+															"        });\r",
+															"\r",
+															"        if (pm.request.url.getQueryString().match(/benchmarkId=/)) {\r",
+															"            pm.test(\"verify parameter restricted response properly - benchmark\", function () {\r",
+															"                pm.expect(item.benchmarkId).to.eql(testBenchmark);\r",
+															"            })\r",
+															"        }\r",
+															"        if (pm.request.url.getQueryString().match(/assetId=/)) {\r",
+															"            pm.test(\"verify parameter restricted response properly - assetId\", function () {\r",
+															"                pm.expect(item.assetId).to.eql(testAsset);\r",
+															"            })\r",
+															"        }   \r",
+															"\r",
+															"        if (pm.request.url.getQueryString().match(/labelId=/)) {\r",
+															"            pm.test(\"verify parameter restricted response properly - labelId\", function () {\r",
+															"                let responseLabels = [];\r",
+															"                for (let label of item.labels) {\r",
+															"                    responseLabels.push(label.labelId)\r",
+															"                }\r",
+															"                pm.expect(responseLabels).to.include(testLabel);\r",
+															"            })\r",
+															"        }           \r",
+															"\r",
+															"        if (pm.request.url.getQueryString().match(/labelName=/)) {\r",
+															"            pm.test(\"verify parameter restricted response properly - labelName\", function () {\r",
+															"                let responseLabels = [];\r",
+															"                for (let label of item.labels) {\r",
+															"                    responseLabels.push(label.name)\r",
+															"                }\r",
+															"                pm.expect(responseLabels).to.include(testLabelName);\r",
+															"            })\r",
+															"        }              \r",
+															"\r",
+															"    if (item.assetId ==  testAsset && item.benchmarkId == testBenchmark) {\r",
+															"        // if (item.assetId ==  testAsset ) {\r",
+															"            console.log( \"found Collection_X_lvl1_asset\") \r",
+															"\r",
+															"            pm.test(\"Check some stats - findings, low\", function () {\r",
+															"                pm.expect(item.metrics.findings.low).to.equal(1);\r",
+															"            });\r",
+															"\r",
+															"            pm.test(\"Check some stats - results - NA\", function () {\r",
+															"                pm.expect(item.metrics.results.notapplicable.total).to.equal(1);\r",
+															"            });        \r",
+															"            pm.test(\"Check some stats - results - pass\", function () {\r",
+															"                pm.expect(item.metrics.results.pass.total).to.equal(2);\r",
+															"            });        \r",
+															"\r",
+															"        pm.test(\"Check some stats - results - fail\", function () {\r",
+															"                pm.expect(item.metrics.results.fail.total).to.equal(3);\r",
+															"            });        \r",
+															"\r",
+															"        pm.test(\"Check some stats - status - submitted\", function () {\r",
+															"                pm.expect(item.metrics.statuses.submitted.total).to.equal(5);\r",
+															"            });     \r",
+															"        pm.test(\"Check some stats - assessments\", function () {\r",
+															"                pm.expect(item.metrics.assessments).to.equal(testChecklistLength);\r",
+															"            });             \r",
+															"        pm.test(\"Check some stats - assessed\", function () {\r",
+															"                pm.expect(item.metrics.assessed).to.equal(6);\r",
+															"            });                          \r",
+															"\r",
+															"        }\r",
+															"    }\r",
+															"   \r",
+															"\r",
+															"\r",
+															"\r",
+															"    \r",
+															"\r",
+															"    \r",
+															"// }\r",
+															"\r",
+															"return;\r",
+															"\r",
+															"// if (pm.request.url.getQueryString().match(/projection=stigs/)) {\r",
+															"//     pm.expect(jsonData.stigs).to.exist;\r",
+															"// }\r",
+															"// if (pm.request.url.getQueryString().match(/projection=history/)) {\r",
+															"//     pm.expect(jsonData.history).to.exist;\r",
+															"// }\r",
+															"// if (pm.request.url.getQueryString().match(/projection=rule/)) {\r",
+															"//     pm.expect(jsonData.rule).to.exist;\r",
+															"// }\r",
+															"// if (pm.request.url.getQueryString().match(/projection=metadata/)) {\r",
+															"//     pm.expect(jsonData.metadata).to.exist;\r",
+															"// }\r",
+															"// pm.test(\"Check if object contains all provided keys\", function () {\r",
+															"//     // pm.expect(jsonData).to.have.all.keys(reviewKeys);\r",
+															"// });\r",
+															"\r",
+															"// pm.test(\"Check if object contains proper ruleId\", function () {\r",
+															"//     let testRuleId = pm.environment.get(\"testRuleId\");\r",
+															"//     pm.expect(jsonData.ruleId).to.eql(testRuleId);\r",
+															"// });\r",
+															"\r",
+															"// pm.test(\"Check review comment for regex match string\", function () {\r",
+															"//     let reviewMatchString = pm.environment.get(\"reviewMatchString\");\r",
+															"//     var regex = new RegExp(reviewMatchString);\r",
+															"//     pm.expect(jsonData.detail).to.match(regex);\r",
+															"// });\r",
+															"\r",
+															"\r",
+															"\r",
+															"// pm.test(\"Response has requested properties and values\", function () {\r",
+															"//     // for (let item of jsonData){\r",
+															"//     let collectionMatchString = pm.environment.get(\"collectionMatchString\");\r",
+															"//     var regex = new RegExp(collectionMatchString);\r",
+															"//     pm.test(\"Check that proper Collections are returned\", function () {\r",
+															"//         pm.expect(jsonData.name).to.match(regex);\r",
+															"//     });\r",
+															"\r",
+															"\r",
+															"//     if (pm.request.url.getQueryString().match(/projection=assets/)) {\r",
+															"//         pm.expect(jsonData.assets).to.exist;\r",
+															"\r",
+															"//         let assetMatchString = pm.environment.get(\"assetMatchString\");\r",
+															"//         var assetRegex = new RegExp(assetMatchString);\r",
+															"//         for (let asset of jsonData.assets){\r",
+															"//             // pm.expect(asset).to.have.property('name');\r",
+															"//             // pm.expect(asset).to.have.property('assetId');\r",
+															"//             pm.expect(asset.name).to.match(assetRegex);\r",
+															"//         }\r",
+															"//     }\r",
+															"\r",
+															"//     if (pm.request.url.getQueryString().match(/projection=grants/)) {\r",
+															"//         for (let grant of jsonData.grants){\r",
+															"//             pm.expect(jsonData.grants).to.exist;\r",
+															"\r",
+															"//             // pm.expect(grant).to.be(array);\r",
+															"//             // pm.expect(grant.user).to.be(object);\r",
+															"//         }\r",
+															"//     }\r",
+															"\r",
+															"//     if (pm.request.url.getQueryString().match(/projection=stigs/)) {\r",
+															"//         let validStigs = JSON.parse(pm.environment.get(\"stigs.valid\"));\r",
+															"\r",
+															"//         for (let stig of jsonData.stigs){\r",
+															"//             // pm.expect(stig).to.be(object);\r",
+															"//             pm.expect(stig.benchmarkId).to.be.oneOf(validStigs);\r",
+															"\r",
+															"//         }\r",
+															"//     }\r",
+															"\r",
+															"//     if (pm.request.url.getQueryString().match(/projection=owners/)) {\r",
+															"//         // console.log(\"checking owners projection\");\r",
+															"//         pm.expect(jsonData.owners).to.exist;\r",
+															"\r",
+															"//         for (let owner of jsonData.owners){\r",
+															"//             // pm.expect(owner).to.be(array);\r",
+															"//         }\r",
+															"//     }\r",
+															"\r",
+															"//     if (pm.request.url.getQueryString().match(/projection=statistics/)) {\r",
+															"//         // console.log(\"checking statistics projection\");\r",
+															"//         pm.expect(jsonData.statistics).to.exist;\r",
+															"//     }\r",
+															"\r",
+															"//     if (pm.request.url.getQueryString().match(/projection=labels/)) {\r",
+															"//         // console.log(\"checking statistics projection\");\r",
+															"//         pm.expect(jsonData.labels).to.exist;\r",
+															"//         if (user == \"lvl1\" ) {\r",
+															"//             pm.expect(jsonData.labels.length).to.equal(2);\r",
+															"//             pm.expect(jsonData.labels[0].uses).to.equal(1);\r",
+															"//             pm.expect(jsonData.labels[1].uses).to.equal(1);\r",
+															"\r",
+															"//         }\r",
+															"//         else{\r",
+															"//             pm.expect(jsonData.labels.length).to.equal(2);\r",
+															"\r",
+															"//         }            \r",
+															"\r",
+															"//     }\r",
+															"//     // };\r",
+															"\r",
+															"// });\r",
+															"\r",
+															"\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/:collectionId/metrics/detail?benchmarkId={{testBenchmark}}&assetId={{testAsset}}&labelName={{testLabelName-lvl1}}",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														":collectionId",
+														"metrics",
+														"detail"
+													],
+													"query": [
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}"
+														},
+														{
+															"key": "assetId",
+															"value": "{{testAsset}}"
+														},
+														{
+															"key": "labelId",
+															"value": "{{testLabel}}",
+															"disabled": true
+														},
+														{
+															"key": "labelName",
+															"value": "{{testLabelName-lvl1}}"
+														}
+													],
+													"variable": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}"
+														}
+													]
+												}
+											},
+											"response": []
+										}
+									]
+								}
+							]
+						},
+						{
+							"name": "meta",
+							"item": []
+						}
+					]
+				},
+				{
+					"name": "meta metrics GET",
+					"item": [
+						{
+							"name": "load test data Copy",
+							"item": [
+								{
+									"name": "Import a new STIG - VPN R1V0",
+									"event": [
+										{
+											"listen": "test",
+											"script": {
+												"exec": [
+													"let user = pm.environment.get(\"user\");\r",
+													"console.log(\"user: \" + user);\r",
+													"\r",
+													"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+													"    user = \"elevated\";\r",
+													"    console.log(\"setting user to 'elevated'\");\r",
+													"}\r",
+													"\r",
+													"// if (user == \"stigmanadmin\") { //placeholder for \"users\" that should fail\r",
+													"    pm.test(\"Status should be is 200 only for stigmanadmin user\", function () {\r",
+													"        pm.response.to.have.status(200);\r",
+													"    });\r",
+													"// }\r",
+													"// else {\r",
+													"//     pm.test(\"Status code is 403\", function () {\r",
+													"//         pm.response.to.have.status(403);\r",
+													"//     });\r",
+													"//     return;\r",
+													"// }\r",
+													"if (pm.response.code !== 200) {\r",
+													"    return;\r",
+													"}\r",
+													"\r",
+													"\r",
+													"\r",
+													"let response = pm.response.text();\r",
+													"console.log(response)\r",
+													"\r",
+													"// pm.test(\"Body contains string\",() => {\r",
+													"//   pm.expect(response).to.include(\"currentGroupRule\");\r",
+													"// });"
+												],
+												"type": "text/javascript"
+											}
+										}
+									],
+									"request": {
+										"auth": {
+											"type": "bearer",
+											"bearer": [
+												{
+													"key": "token",
+													"value": "{{token.stigmanadmin}}",
+													"type": "string"
+												}
+											]
+										},
+										"method": "POST",
+										"header": [
+											{
+												"key": "Content-Type",
+												"value": "multipart/form-data"
+											}
+										],
+										"body": {
+											"mode": "formdata",
+											"formdata": [
+												{
+													"key": "replace",
+													"value": "true",
+													"description": " (This can only be one of true,false)",
+													"type": "text",
+													"disabled": true
+												},
+												{
+													"key": "importFile",
+													"type": "file",
+													"src": "./{{formDataFiles}}/{{testStigFile}}",
+													"disabled": true
+												},
+												{
+													"key": "importFile",
+													"type": "file",
+													"src": "form-data-files/U_VPN_SRG_V1R0_Manual-xccdf.xml"
+												}
+											]
+										},
+										"url": {
+											"raw": "{{baseUrl}}/stigs?clobber=true",
+											"host": [
+												"{{baseUrl}}"
+											],
+											"path": [
+												"stigs"
+											],
+											"query": [
+												{
+													"key": "clobber",
+													"value": "true"
+												}
+											]
+										}
+									},
+									"response": []
+								},
+								{
+									"name": "Import and overwrite application data - META METRICS",
+									"event": [
+										{
+											"listen": "test",
+											"script": {
+												"exec": [
+													"let user = pm.environment.get(\"user\");\r",
+													"console.log(\"user: \" + user);\r",
+													"\r",
+													"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+													"    user = \"elevated\";\r",
+													"    console.log(\"setting user to 'elevated'\");\r",
+													"}\r",
+													"\r",
+													"if (user == \"elevated\") { //placeholder for \"users\" that should fail\r",
+													"    pm.test(\"Status should be is 200 for elevated stigmanadmin user\", function () {\r",
+													"        pm.response.to.have.status(200);\r",
+													"    });\r",
+													"}\r",
+													"else {\r",
+													"    pm.test(\"Status code is 403\", function () {\r",
+													"        pm.response.to.have.status(403);\r",
+													"    });\r",
+													"}\r",
+													"if (pm.response.code !== 200) {\r",
+													"    return;\r",
+													"}\r",
+													"\r",
+													"\r",
+													"let response = pm.response.text();\r",
+													"console.log(response)\r",
+													"\r",
+													"pm.test(\"Body contains string\",() => {\r",
+													"  pm.expect(response).to.include(\"Commit successful\");\r",
+													"});"
+												],
+												"type": "text/javascript"
+											}
+										}
+									],
+									"request": {
+										"auth": {
+											"type": "bearer",
+											"bearer": [
+												{
+													"key": "token",
+													"value": "{{token.stigmanadmin}}",
+													"type": "string"
+												}
+											]
+										},
+										"method": "POST",
+										"header": [
+											{
+												"key": "Content-Type",
+												"value": "multipart/form-data"
+											}
+										],
+										"body": {
+											"mode": "formdata",
+											"formdata": [
+												{
+													"key": "importFile",
+													"type": "file",
+													"src": "form-data-files/appdata-meta-metrics-with-pin.json"
+												}
+											]
+										},
+										"url": {
+											"raw": "{{baseUrl}}/op/appdata?elevate=true",
+											"host": [
+												"{{baseUrl}}"
+											],
+											"path": [
+												"op",
+												"appdata"
+											],
+											"query": [
+												{
+													"key": "elevate",
+													"value": "true",
+													"description": "Elevate the user context for this request if user is permitted (canAdmin)"
+												}
+											]
+										}
+									},
+									"response": []
+								}
+							]
+						},
+						{
+							"name": "summary",
+							"item": [
+								{
+									"name": "no-agg",
+									"item": [
+										{
+											"name": "meta metrics summary- no agg - no params",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"pm.test(\"Response JSON is an object\", function () {\r",
+															"    pm.expect(jsonData).to.be.an('object');\r",
+															"});\r",
+															"\r",
+															"let lvl234 = \r",
+															"{\r",
+															"    \"collections\": 1,\r",
+															"    \"assets\": 2,\r",
+															"    \"stigs\": 2,\r",
+															"    \"checklists\": 4,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": 5,\r",
+															"            \"pass\": 4,\r",
+															"            \"unassessed\": 0,\r",
+															"            \"notapplicable\": 3\r",
+															"        },\r",
+															"        \"assessed\": 12,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 4\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": 3,\r",
+															"            \"accepted\": 0,\r",
+															"            \"rejected\": 0,\r",
+															"            \"submitted\": 9\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 736\r",
+															"    }\r",
+															"}\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"        {\r",
+															"            \"collections\": 1,\r",
+															"            \"assets\": 1,\r",
+															"            \"stigs\": 1,\r",
+															"            \"checklists\": 1,\r",
+															"            \"metrics\": {\r",
+															"                \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"                \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"                \"results\": {\r",
+															"                    \"fail\": 3,\r",
+															"                    \"pass\": 2,\r",
+															"                    \"unassessed\": 0,\r",
+															"                    \"notapplicable\": 1\r",
+															"                },\r",
+															"                \"assessed\": 6,\r",
+															"                \"findings\": {\r",
+															"                    \"low\": 1,\r",
+															"                    \"high\": 0,\r",
+															"                    \"medium\": 2\r",
+															"                },\r",
+															"                \"statuses\": {\r",
+															"                    \"saved\": 1,\r",
+															"                    \"accepted\": 0,\r",
+															"                    \"rejected\": 0,\r",
+															"                    \"submitted\": 5\r",
+															"                },\r",
+															"                \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"                \"assessments\": 81\r",
+															"            }\r",
+															"        },\r",
+															"    collectioncreator:\r",
+															"        {\r",
+															"            \"collections\": 0,\r",
+															"            \"assets\": 0,\r",
+															"            \"stigs\": 0,\r",
+															"            \"checklists\": 0,\r",
+															"            \"metrics\": {\r",
+															"                \"maxTs\": null,\r",
+															"                \"minTs\": null,\r",
+															"                \"results\": {\r",
+															"                    \"fail\": 0,\r",
+															"                    \"pass\": 0,\r",
+															"                    \"unassessed\": 0,\r",
+															"                    \"notapplicable\": 0\r",
+															"                },\r",
+															"                \"assessed\": 0,\r",
+															"                \"findings\": {\r",
+															"                    \"low\": 0,\r",
+															"                    \"high\": 0,\r",
+															"                    \"medium\": 0\r",
+															"                },\r",
+															"                \"statuses\": {\r",
+															"                    \"saved\": 0,\r",
+															"                    \"accepted\": 0,\r",
+															"                    \"rejected\": 0,\r",
+															"                    \"submitted\": 0\r",
+															"                },\r",
+															"                \"maxTouchTs\": null,\r",
+															"                \"assessments\": 0\r",
+															"            }\r",
+															"        },        \r",
+															"    stigmanadmin :\r",
+															"{\r",
+															"    \"collections\": 2,\r",
+															"    \"assets\": 4,\r",
+															"    \"stigs\": 2,\r",
+															"    \"checklists\": 6,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": 5,\r",
+															"            \"pass\": 4,\r",
+															"            \"unassessed\": 0,\r",
+															"            \"notapplicable\": 3\r",
+															"        },\r",
+															"        \"assessed\": 12,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 4\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": 3,\r",
+															"            \"accepted\": 0,\r",
+															"            \"rejected\": 0,\r",
+															"            \"submitted\": 9\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 898\r",
+															"    }\r",
+															"}\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/summary",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"summary"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "meta metrics summary - no agg - collectionId param",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"pm.test(\"Response JSON is an object\", function () {\r",
+															"    pm.expect(jsonData).to.be.an('object');\r",
+															"});\r",
+															"\r",
+															"let lvl234 = \r",
+															"{\r",
+															"    \"collections\": 1,\r",
+															"    \"assets\": 2,\r",
+															"    \"stigs\": 2,\r",
+															"    \"checklists\": 4,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": 5,\r",
+															"            \"pass\": 4,\r",
+															"            \"unassessed\": 0,\r",
+															"            \"notapplicable\": 3\r",
+															"        },\r",
+															"        \"assessed\": 12,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 4\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": 3,\r",
+															"            \"accepted\": 0,\r",
+															"            \"rejected\": 0,\r",
+															"            \"submitted\": 9\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 736\r",
+															"    }\r",
+															"}\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"        {\r",
+															"            \"collections\": 1,\r",
+															"            \"assets\": 1,\r",
+															"            \"stigs\": 1,\r",
+															"            \"checklists\": 1,\r",
+															"            \"metrics\": {\r",
+															"                \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"                \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"                \"results\": {\r",
+															"                    \"fail\": 3,\r",
+															"                    \"pass\": 2,\r",
+															"                    \"unassessed\": 0,\r",
+															"                    \"notapplicable\": 1\r",
+															"                },\r",
+															"                \"assessed\": 6,\r",
+															"                \"findings\": {\r",
+															"                    \"low\": 1,\r",
+															"                    \"high\": 0,\r",
+															"                    \"medium\": 2\r",
+															"                },\r",
+															"                \"statuses\": {\r",
+															"                    \"saved\": 1,\r",
+															"                    \"accepted\": 0,\r",
+															"                    \"rejected\": 0,\r",
+															"                    \"submitted\": 5\r",
+															"                },\r",
+															"                \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"                \"assessments\": 81\r",
+															"            }\r",
+															"        },\r",
+															"    collectioncreator:\r",
+															"        {\r",
+															"            \"collections\": 0,\r",
+															"            \"assets\": 0,\r",
+															"            \"stigs\": 0,\r",
+															"            \"checklists\": 0,\r",
+															"            \"metrics\": {\r",
+															"                \"maxTs\": null,\r",
+															"                \"minTs\": null,\r",
+															"                \"results\": {\r",
+															"                    \"fail\": 0,\r",
+															"                    \"pass\": 0,\r",
+															"                    \"unassessed\": 0,\r",
+															"                    \"notapplicable\": 0\r",
+															"                },\r",
+															"                \"assessed\": 0,\r",
+															"                \"findings\": {\r",
+															"                    \"low\": 0,\r",
+															"                    \"high\": 0,\r",
+															"                    \"medium\": 0\r",
+															"                },\r",
+															"                \"statuses\": {\r",
+															"                    \"saved\": 0,\r",
+															"                    \"accepted\": 0,\r",
+															"                    \"rejected\": 0,\r",
+															"                    \"submitted\": 0\r",
+															"                },\r",
+															"                \"maxTouchTs\": null,\r",
+															"                \"assessments\": 0\r",
+															"            }\r",
+															"        },        \r",
+															"    stigmanadmin :\r",
+															"{\r",
+															"    \"collections\": 1,\r",
+															"    \"assets\": 2,\r",
+															"    \"stigs\": 2,\r",
+															"    \"checklists\": 4,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": 5,\r",
+															"            \"pass\": 4,\r",
+															"            \"unassessed\": 0,\r",
+															"            \"notapplicable\": 3\r",
+															"        },\r",
+															"        \"assessed\": 12,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 4\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": 3,\r",
+															"            \"accepted\": 0,\r",
+															"            \"rejected\": 0,\r",
+															"            \"submitted\": 9\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 736\r",
+															"    }\r",
+															"}\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/summary?collectionId={{testCollection}}",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"summary"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}"
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "meta metrics summary - no agg - benchmark param",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"pm.test(\"Response JSON is an object\", function () {\r",
+															"    pm.expect(jsonData).to.be.an('object');\r",
+															"});\r",
+															"\r",
+															"let lvl234 = \r",
+															"{\r",
+															"    \"collections\": 1,\r",
+															"    \"assets\": 2,\r",
+															"    \"stigs\": 1,\r",
+															"    \"checklists\": 2,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": 4,\r",
+															"            \"pass\": 2,\r",
+															"            \"unassessed\": 0,\r",
+															"            \"notapplicable\": 3\r",
+															"        },\r",
+															"        \"assessed\": 9,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 3\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": 2,\r",
+															"            \"accepted\": 0,\r",
+															"            \"rejected\": 0,\r",
+															"            \"submitted\": 7\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 162\r",
+															"    }\r",
+															"}\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"        {\r",
+															"            \"collections\": 1,\r",
+															"            \"assets\": 1,\r",
+															"            \"stigs\": 1,\r",
+															"            \"checklists\": 1,\r",
+															"            \"metrics\": {\r",
+															"                \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"                \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"                \"results\": {\r",
+															"                    \"fail\": 3,\r",
+															"                    \"pass\": 2,\r",
+															"                    \"unassessed\": 0,\r",
+															"                    \"notapplicable\": 1\r",
+															"                },\r",
+															"                \"assessed\": 6,\r",
+															"                \"findings\": {\r",
+															"                    \"low\": 1,\r",
+															"                    \"high\": 0,\r",
+															"                    \"medium\": 2\r",
+															"                },\r",
+															"                \"statuses\": {\r",
+															"                    \"saved\": 1,\r",
+															"                    \"accepted\": 0,\r",
+															"                    \"rejected\": 0,\r",
+															"                    \"submitted\": 5\r",
+															"                },\r",
+															"                \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"                \"assessments\": 81\r",
+															"            }\r",
+															"        },\r",
+															"    collectioncreator:\r",
+															"        {\r",
+															"            \"collections\": 0,\r",
+															"            \"assets\": 0,\r",
+															"            \"stigs\": 0,\r",
+															"            \"checklists\": 0,\r",
+															"            \"metrics\": {\r",
+															"                \"maxTs\": null,\r",
+															"                \"minTs\": null,\r",
+															"                \"results\": {\r",
+															"                    \"fail\": 0,\r",
+															"                    \"pass\": 0,\r",
+															"                    \"unassessed\": 0,\r",
+															"                    \"notapplicable\": 0\r",
+															"                },\r",
+															"                \"assessed\": 0,\r",
+															"                \"findings\": {\r",
+															"                    \"low\": 0,\r",
+															"                    \"high\": 0,\r",
+															"                    \"medium\": 0\r",
+															"                },\r",
+															"                \"statuses\": {\r",
+															"                    \"saved\": 0,\r",
+															"                    \"accepted\": 0,\r",
+															"                    \"rejected\": 0,\r",
+															"                    \"submitted\": 0\r",
+															"                },\r",
+															"                \"maxTouchTs\": null,\r",
+															"                \"assessments\": 0\r",
+															"            }\r",
+															"        },        \r",
+															"    stigmanadmin :\r",
+															"{\r",
+															"    \"collections\": 2,\r",
+															"    \"assets\": 4,\r",
+															"    \"stigs\": 1,\r",
+															"    \"checklists\": 4,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": 4,\r",
+															"            \"pass\": 2,\r",
+															"            \"unassessed\": 0,\r",
+															"            \"notapplicable\": 3\r",
+															"        },\r",
+															"        \"assessed\": 9,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 3\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": 2,\r",
+															"            \"accepted\": 0,\r",
+															"            \"rejected\": 0,\r",
+															"            \"submitted\": 7\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 324\r",
+															"    }\r",
+															"}\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/summary?benchmarkId={{testBenchmark}}",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"summary"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}"
+														}
+													]
+												}
+											},
+											"response": []
+										}
+									]
+								},
+								{
+									"name": "collection agg",
+									"item": [
+										{
+											"name": "Return meta metrics summary - collection agg - no params Copy",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"// pm.test(\"Response JSON is an object\", function () {\r",
+															"//     pm.expect(jsonData).to.be.an('object');\r",
+															"// });\r",
+															"\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 3,\r",
+															"        \"stigs\": 2,\r",
+															"        \"checklists\": 4,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 5,\r",
+															"                \"pass\": 4,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 12,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 4\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 3,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 9\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 736\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 1,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 1,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 3,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 1\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 1,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 5\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"[],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 3,\r",
+															"        \"stigs\": 2,\r",
+															"        \"checklists\": 4,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 5,\r",
+															"                \"pass\": 4,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 12,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 4\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 3,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 9\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 736\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"collectionId\": \"83\",\r",
+															"        \"name\": \"Collection Y\",\r",
+															"        \"assets\": 2,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 2,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": null,\r",
+															"            \"minTs\": null,\r",
+															"            \"results\": {\r",
+															"                \"fail\": 0,\r",
+															"                \"pass\": 0,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 0\r",
+															"            },\r",
+															"            \"assessed\": 0,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 0\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 0,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 0\r",
+															"            },\r",
+															"            \"maxTouchTs\": null,\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/summary/collection",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"summary",
+														"collection"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														},
+														{
+															"key": "revisionId",
+															"value": null,
+															"disabled": true
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "Return meta metrics summary - collection agg - collection param",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"// pm.test(\"Response JSON is an object\", function () {\r",
+															"//     pm.expect(jsonData).to.be.an('object');\r",
+															"// });\r",
+															"\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 3,\r",
+															"        \"stigs\": 2,\r",
+															"        \"checklists\": 4,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 5,\r",
+															"                \"pass\": 4,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 12,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 4\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 3,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 9\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 736\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 1,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 1,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 3,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 1\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 1,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 5\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"       [],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 3,\r",
+															"        \"stigs\": 2,\r",
+															"        \"checklists\": 4,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 5,\r",
+															"                \"pass\": 4,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 12,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 4\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 3,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 9\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 736\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/summary/collection?collectionId={{testCollection}}",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"summary",
+														"collection"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}"
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														},
+														{
+															"key": "revisionId",
+															"value": "",
+															"disabled": true
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "Return meta metrics summary - collection agg - benchmark param",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"// pm.test(\"Response JSON is an object\", function () {\r",
+															"//     pm.expect(jsonData).to.be.an('object');\r",
+															"// });\r",
+															"\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 2,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 2,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 4,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 2,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 7\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 1,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 1,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 3,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 1\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 1,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 5\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"[],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 2,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 2,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 4,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 2,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 7\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"collectionId\": \"83\",\r",
+															"        \"name\": \"Collection Y\",\r",
+															"        \"assets\": 2,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 2,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": null,\r",
+															"            \"minTs\": null,\r",
+															"            \"results\": {\r",
+															"                \"fail\": 0,\r",
+															"                \"pass\": 0,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 0\r",
+															"            },\r",
+															"            \"assessed\": 0,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 0\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 0,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 0\r",
+															"            },\r",
+															"            \"maxTouchTs\": null,\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/summary/collection?benchmarkId={{testBenchmark}}",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"summary",
+														"collection"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}"
+														},
+														{
+															"key": "revisionId",
+															"value": "",
+															"disabled": true
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "Return meta metrics summary - collection agg - rev param",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"// pm.test(\"Response JSON is an object\", function () {\r",
+															"//     pm.expect(jsonData).to.be.an('object');\r",
+															"// });\r",
+															"\r",
+															"let lvl234 = \r",
+															"[]\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"        [],\r",
+															"    collectioncreator:\r",
+															"[],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"83\",\r",
+															"        \"name\": \"Collection Y\",\r",
+															"        \"assets\": 2,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 2,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": null,\r",
+															"            \"minTs\": null,\r",
+															"            \"results\": {\r",
+															"                \"fail\": 0,\r",
+															"                \"pass\": 0,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 0\r",
+															"            },\r",
+															"            \"assessed\": 0,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 0\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 0,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 0\r",
+															"            },\r",
+															"            \"maxTouchTs\": null,\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/summary/collection?revisionId={{testBenchmark}}-1-0",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"summary",
+														"collection"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														},
+														{
+															"key": "revisionId",
+															"value": "{{testBenchmark}}-1-0"
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "Return meta metrics summary - collection agg - rev param Copy",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"// pm.test(\"Response JSON is an object\", function () {\r",
+															"//     pm.expect(jsonData).to.be.an('object');\r",
+															"// });\r",
+															"\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 2,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 2,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 4,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 2,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 7\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"     [\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 1,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 1,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 3,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 1\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 1,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 5\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"        [],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 2,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 2,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 4,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 2,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 7\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/summary/collection?revisionId={{testBenchmark}}-1-1",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"summary",
+														"collection"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														},
+														{
+															"key": "revisionId",
+															"value": "{{testBenchmark}}-1-1"
+														}
+													]
+												}
+											},
+											"response": []
+										}
+									]
+								},
+								{
+									"name": "stig agg",
+									"item": [
+										{
+											"name": "Return meta metrics summary - stig agg - no params Copy",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"// pm.test(\"Response JSON is an object\", function () {\r",
+															"//     pm.expect(jsonData).to.be.an('object');\r",
+															"// });\r",
+															"\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 4,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 2,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 7\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"benchmarkId\": \"Windows_10_STIG_TEST\",\r",
+															"        \"title\": \"Windows 10 Security Technical Implementation Guide\",\r",
+															"        \"revisionStr\": \"V1R23\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 287,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:29:16Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 1,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 0\r",
+															"            },\r",
+															"            \"assessed\": 3,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 1\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 1,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 2\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"assessments\": 574\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 1,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 3,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 1\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 1,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 5\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"       [],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R0\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": null,\r",
+															"            \"minTs\": null,\r",
+															"            \"results\": {\r",
+															"                \"fail\": 0,\r",
+															"                \"pass\": 0,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 0\r",
+															"            },\r",
+															"            \"assessed\": 0,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 0\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 0,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 0\r",
+															"            },\r",
+															"            \"maxTouchTs\": null,\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 4,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 2,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 7\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"benchmarkId\": \"Windows_10_STIG_TEST\",\r",
+															"        \"title\": \"Windows 10 Security Technical Implementation Guide\",\r",
+															"        \"revisionStr\": \"V1R23\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 287,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:29:16Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 1,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 0\r",
+															"            },\r",
+															"            \"assessed\": 3,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 1\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 1,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 2\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"assessments\": 574\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/summary/stig",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"summary",
+														"stig"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "Return meta metrics summary - stig agg - collection param",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"// pm.test(\"Response JSON is an object\", function () {\r",
+															"//     pm.expect(jsonData).to.be.an('object');\r",
+															"// });\r",
+															"\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 4,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 2,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 7\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"benchmarkId\": \"Windows_10_STIG_TEST\",\r",
+															"        \"title\": \"Windows 10 Security Technical Implementation Guide\",\r",
+															"        \"revisionStr\": \"V1R23\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 287,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:29:16Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 1,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 0\r",
+															"            },\r",
+															"            \"assessed\": 3,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 1\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 1,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 2\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"assessments\": 574\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 1,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 3,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 1\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 1,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 5\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"       [],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 4,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 2,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 7\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"benchmarkId\": \"Windows_10_STIG_TEST\",\r",
+															"        \"title\": \"Windows 10 Security Technical Implementation Guide\",\r",
+															"        \"revisionStr\": \"V1R23\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 287,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:29:16Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 1,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 0\r",
+															"            },\r",
+															"            \"assessed\": 3,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 1\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 1,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 2\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"assessments\": 574\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/summary/stig?collectionId={{testCollection}}",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"summary",
+														"stig"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}"
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "Return meta metrics summary - stig agg - benchmark param",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"// pm.test(\"Response JSON is an object\", function () {\r",
+															"//     pm.expect(jsonData).to.be.an('object');\r",
+															"// });\r",
+															"\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 4,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 2,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 7\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 1,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 3,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 1\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 1,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 5\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"        [],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R0\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": null,\r",
+															"            \"minTs\": null,\r",
+															"            \"results\": {\r",
+															"                \"fail\": 0,\r",
+															"                \"pass\": 0,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 0\r",
+															"            },\r",
+															"            \"assessed\": 0,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 0\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 0,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 0\r",
+															"            },\r",
+															"            \"maxTouchTs\": null,\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 4,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 2,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 7\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/summary/stig?benchmarkId={{testBenchmark}}",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"summary",
+														"stig"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}"
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "Return meta metrics summary - stig agg - coll and bench params",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"// pm.test(\"Response JSON is an object\", function () {\r",
+															"//     pm.expect(jsonData).to.be.an('object');\r",
+															"// });\r",
+															"\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 4,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 2,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 7\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 1,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 3,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 1\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 1,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 5\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"        [],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": 4,\r",
+															"                \"pass\": 2,\r",
+															"                \"unassessed\": 0,\r",
+															"                \"notapplicable\": 3\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": 2,\r",
+															"                \"accepted\": 0,\r",
+															"                \"rejected\": 0,\r",
+															"                \"submitted\": 7\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/summary/stig?collectionId={{testCollection}}&benchmarkId={{testBenchmark}}",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"summary",
+														"stig"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}"
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}"
+														}
+													]
+												}
+											},
+											"response": []
+										}
+									]
+								}
+							]
+						},
+						{
+							"name": "detail",
+							"item": [
+								{
+									"name": "no agg",
+									"item": [
+										{
+											"name": "meta metrics detail - no agg - no params",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"\r",
+															"\r",
+															"let lvl234 = \r",
+															"{\r",
+															"    \"collections\": 1,\r",
+															"    \"assets\": 2,\r",
+															"    \"stigs\": 2,\r",
+															"    \"checklists\": 4,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": {\r",
+															"                \"total\": 5,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"pass\": {\r",
+															"                \"total\": 4,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"error\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"fixed\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"unknown\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notchecked\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notselected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"informational\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notapplicable\": {\r",
+															"                \"total\": 3,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"assessed\": 12,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 4\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": {\r",
+															"                \"total\": 3,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"accepted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"rejected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"submitted\": {\r",
+															"                \"total\": 9,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 736,\r",
+															"        \"assessmentsBySeverity\": {\r",
+															"            \"low\": 50,\r",
+															"            \"high\": 74,\r",
+															"            \"medium\": 612\r",
+															"        }\r",
+															"    }\r",
+															"}\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"{\r",
+															"    \"collections\": 1,\r",
+															"    \"assets\": 1,\r",
+															"    \"stigs\": 1,\r",
+															"    \"checklists\": 1,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": {\r",
+															"                \"total\": 3,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"pass\": {\r",
+															"                \"total\": 2,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"error\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"fixed\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"unknown\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notchecked\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notselected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"informational\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notapplicable\": {\r",
+															"                \"total\": 1,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"assessed\": 6,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 2\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": {\r",
+															"                \"total\": 1,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"accepted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"rejected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"submitted\": {\r",
+															"                \"total\": 5,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 81,\r",
+															"        \"assessmentsBySeverity\": {\r",
+															"            \"low\": 7,\r",
+															"            \"high\": 11,\r",
+															"            \"medium\": 63\r",
+															"        }\r",
+															"    }\r",
+															"},\r",
+															"    collectioncreator:\r",
+															"{\r",
+															"    \"collections\": 0,\r",
+															"    \"assets\": 0,\r",
+															"    \"stigs\": 0,\r",
+															"    \"checklists\": 0,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": null,\r",
+															"        \"minTs\": null,\r",
+															"        \"results\": {\r",
+															"            \"fail\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"pass\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"error\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"fixed\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"unknown\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notchecked\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notselected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"informational\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notapplicable\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"assessed\": 0,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 0,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 0\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"accepted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"rejected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"submitted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"maxTouchTs\": null,\r",
+															"        \"assessments\": 0,\r",
+															"        \"assessmentsBySeverity\": {\r",
+															"            \"low\": 0,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 0\r",
+															"        }\r",
+															"    }\r",
+															"},        \r",
+															"    stigmanadmin :\r",
+															"{\r",
+															"    \"collections\": 2,\r",
+															"    \"assets\": 4,\r",
+															"    \"stigs\": 2,\r",
+															"    \"checklists\": 6,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": {\r",
+															"                \"total\": 5,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"pass\": {\r",
+															"                \"total\": 4,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"error\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"fixed\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"unknown\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notchecked\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notselected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"informational\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notapplicable\": {\r",
+															"                \"total\": 3,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"assessed\": 12,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 4\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": {\r",
+															"                \"total\": 3,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"accepted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"rejected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"submitted\": {\r",
+															"                \"total\": 9,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 898,\r",
+															"        \"assessmentsBySeverity\": {\r",
+															"            \"low\": 64,\r",
+															"            \"high\": 96,\r",
+															"            \"medium\": 738\r",
+															"        }\r",
+															"    }\r",
+															"}\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/detail",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"detail"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "meta metrics detail - no agg - coll param",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"\r",
+															"\r",
+															"let lvl234 = \r",
+															"{\r",
+															"    \"collections\": 1,\r",
+															"    \"assets\": 2,\r",
+															"    \"stigs\": 2,\r",
+															"    \"checklists\": 4,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": {\r",
+															"                \"total\": 5,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"pass\": {\r",
+															"                \"total\": 4,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"error\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"fixed\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"unknown\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notchecked\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notselected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"informational\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notapplicable\": {\r",
+															"                \"total\": 3,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"assessed\": 12,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 4\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": {\r",
+															"                \"total\": 3,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"accepted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"rejected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"submitted\": {\r",
+															"                \"total\": 9,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 736,\r",
+															"        \"assessmentsBySeverity\": {\r",
+															"            \"low\": 50,\r",
+															"            \"high\": 74,\r",
+															"            \"medium\": 612\r",
+															"        }\r",
+															"    }\r",
+															"}\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"       {\r",
+															"    \"collections\": 1,\r",
+															"    \"assets\": 1,\r",
+															"    \"stigs\": 1,\r",
+															"    \"checklists\": 1,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": {\r",
+															"                \"total\": 3,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"pass\": {\r",
+															"                \"total\": 2,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"error\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"fixed\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"unknown\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notchecked\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notselected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"informational\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notapplicable\": {\r",
+															"                \"total\": 1,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"assessed\": 6,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 2\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": {\r",
+															"                \"total\": 1,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"accepted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"rejected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"submitted\": {\r",
+															"                \"total\": 5,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 81,\r",
+															"        \"assessmentsBySeverity\": {\r",
+															"            \"low\": 7,\r",
+															"            \"high\": 11,\r",
+															"            \"medium\": 63\r",
+															"        }\r",
+															"    }\r",
+															"},\r",
+															"    collectioncreator:\r",
+															"{\r",
+															"    \"collections\": 0,\r",
+															"    \"assets\": 0,\r",
+															"    \"stigs\": 0,\r",
+															"    \"checklists\": 0,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": null,\r",
+															"        \"minTs\": null,\r",
+															"        \"results\": {\r",
+															"            \"fail\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"pass\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"error\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"fixed\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"unknown\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notchecked\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notselected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"informational\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notapplicable\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"assessed\": 0,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 0,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 0\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"accepted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"rejected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"submitted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"maxTouchTs\": null,\r",
+															"        \"assessments\": 0,\r",
+															"        \"assessmentsBySeverity\": {\r",
+															"            \"low\": 0,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 0\r",
+															"        }\r",
+															"    }\r",
+															"},        \r",
+															"    stigmanadmin :\r",
+															"{\r",
+															"    \"collections\": 1,\r",
+															"    \"assets\": 2,\r",
+															"    \"stigs\": 2,\r",
+															"    \"checklists\": 4,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": {\r",
+															"                \"total\": 5,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"pass\": {\r",
+															"                \"total\": 4,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"error\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"fixed\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"unknown\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notchecked\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notselected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"informational\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notapplicable\": {\r",
+															"                \"total\": 3,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"assessed\": 12,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 4\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": {\r",
+															"                \"total\": 3,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"accepted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"rejected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"submitted\": {\r",
+															"                \"total\": 9,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 736,\r",
+															"        \"assessmentsBySeverity\": {\r",
+															"            \"low\": 50,\r",
+															"            \"high\": 74,\r",
+															"            \"medium\": 612\r",
+															"        }\r",
+															"    }\r",
+															"}\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/detail?collectionId={{testCollection}}",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"detail"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}"
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "meta metrics detail - no agg - bench param",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"\r",
+															"\r",
+															"let lvl234 = \r",
+															"{\r",
+															"    \"collections\": 1,\r",
+															"    \"assets\": 2,\r",
+															"    \"stigs\": 1,\r",
+															"    \"checklists\": 2,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": {\r",
+															"                \"total\": 4,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"pass\": {\r",
+															"                \"total\": 2,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"error\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"fixed\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"unknown\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notchecked\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notselected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"informational\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notapplicable\": {\r",
+															"                \"total\": 3,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"assessed\": 9,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 3\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": {\r",
+															"                \"total\": 2,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"accepted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"rejected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"submitted\": {\r",
+															"                \"total\": 7,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 162,\r",
+															"        \"assessmentsBySeverity\": {\r",
+															"            \"low\": 14,\r",
+															"            \"high\": 22,\r",
+															"            \"medium\": 126\r",
+															"        }\r",
+															"    }\r",
+															"}\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															" {\r",
+															"    \"collections\": 1,\r",
+															"    \"assets\": 1,\r",
+															"    \"stigs\": 1,\r",
+															"    \"checklists\": 1,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": {\r",
+															"                \"total\": 3,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"pass\": {\r",
+															"                \"total\": 2,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"error\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"fixed\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"unknown\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notchecked\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notselected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"informational\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notapplicable\": {\r",
+															"                \"total\": 1,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"assessed\": 6,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 2\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": {\r",
+															"                \"total\": 1,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"accepted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"rejected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"submitted\": {\r",
+															"                \"total\": 5,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 81,\r",
+															"        \"assessmentsBySeverity\": {\r",
+															"            \"low\": 7,\r",
+															"            \"high\": 11,\r",
+															"            \"medium\": 63\r",
+															"        }\r",
+															"    }\r",
+															"},\r",
+															"    collectioncreator:\r",
+															"{\r",
+															"    \"collections\": 0,\r",
+															"    \"assets\": 0,\r",
+															"    \"stigs\": 0,\r",
+															"    \"checklists\": 0,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": null,\r",
+															"        \"minTs\": null,\r",
+															"        \"results\": {\r",
+															"            \"fail\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"pass\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"error\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"fixed\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"unknown\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notchecked\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notselected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"informational\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notapplicable\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"assessed\": 0,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 0,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 0\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"accepted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"rejected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"submitted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"maxTouchTs\": null,\r",
+															"        \"assessments\": 0,\r",
+															"        \"assessmentsBySeverity\": {\r",
+															"            \"low\": 0,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 0\r",
+															"        }\r",
+															"    }\r",
+															"},        \r",
+															"    stigmanadmin :\r",
+															"{\r",
+															"    \"collections\": 2,\r",
+															"    \"assets\": 4,\r",
+															"    \"stigs\": 1,\r",
+															"    \"checklists\": 4,\r",
+															"    \"metrics\": {\r",
+															"        \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"        \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"        \"results\": {\r",
+															"            \"fail\": {\r",
+															"                \"total\": 4,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"pass\": {\r",
+															"                \"total\": 2,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"error\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"fixed\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"unknown\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notchecked\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notselected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"informational\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"notapplicable\": {\r",
+															"                \"total\": 3,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"assessed\": 9,\r",
+															"        \"findings\": {\r",
+															"            \"low\": 1,\r",
+															"            \"high\": 0,\r",
+															"            \"medium\": 3\r",
+															"        },\r",
+															"        \"statuses\": {\r",
+															"            \"saved\": {\r",
+															"                \"total\": 2,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"accepted\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"rejected\": {\r",
+															"                \"total\": 0,\r",
+															"                \"resultEngine\": 0\r",
+															"            },\r",
+															"            \"submitted\": {\r",
+															"                \"total\": 7,\r",
+															"                \"resultEngine\": 0\r",
+															"            }\r",
+															"        },\r",
+															"        \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"        \"assessments\": 324,\r",
+															"        \"assessmentsBySeverity\": {\r",
+															"            \"low\": 28,\r",
+															"            \"high\": 44,\r",
+															"            \"medium\": 252\r",
+															"        }\r",
+															"    }\r",
+															"}\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/detail?benchmarkId={{testBenchmark}}",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"detail"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}"
+														}
+													]
+												}
+											},
+											"response": []
+										}
+									]
+								},
+								{
+									"name": "collection agg",
+									"item": [
+										{
+											"name": "meta metrics detail - collection agg - no params",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"\r",
+															"\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 3,\r",
+															"        \"stigs\": 2,\r",
+															"        \"checklists\": 4,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 5,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 12,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 4\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 9,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 736,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 50,\r",
+															"                \"high\": 74,\r",
+															"                \"medium\": 612\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 1,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 1,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 5,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 7,\r",
+															"                \"high\": 11,\r",
+															"                \"medium\": 63\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"[],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 3,\r",
+															"        \"stigs\": 2,\r",
+															"        \"checklists\": 4,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 5,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 12,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 4\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 9,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 736,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 50,\r",
+															"                \"high\": 74,\r",
+															"                \"medium\": 612\r",
+															"            }\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"collectionId\": \"83\",\r",
+															"        \"name\": \"Collection Y\",\r",
+															"        \"assets\": 2,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 2,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": null,\r",
+															"            \"minTs\": null,\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 0,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 0\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": null,\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/detail/collection",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"detail",
+														"collection"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "meta metrics detail - collection agg - coll param",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"\r",
+															"\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 3,\r",
+															"        \"stigs\": 2,\r",
+															"        \"checklists\": 4,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 5,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 12,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 4\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 9,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 736,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 50,\r",
+															"                \"high\": 74,\r",
+															"                \"medium\": 612\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 1,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 1,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 5,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 7,\r",
+															"                \"high\": 11,\r",
+															"                \"medium\": 63\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"[],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 3,\r",
+															"        \"stigs\": 2,\r",
+															"        \"checklists\": 4,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 5,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 12,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 4\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 9,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 736,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 50,\r",
+															"                \"high\": 74,\r",
+															"                \"medium\": 612\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/detail/collection?collectionId={{testCollection}}",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"detail",
+														"collection"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}"
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "meta metrics detail - collection agg - bench param",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"\r",
+															"\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 2,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 2,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 7,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"        [\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 1,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 1,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 5,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 7,\r",
+															"                \"high\": 11,\r",
+															"                \"medium\": 63\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"[],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 2,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 2,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 7,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"collectionId\": \"83\",\r",
+															"        \"name\": \"Collection Y\",\r",
+															"        \"assets\": 2,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 2,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": null,\r",
+															"            \"minTs\": null,\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 0,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 0\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": null,\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/detail/collection?benchmarkId={{testBenchmark}}",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"detail",
+														"collection"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}"
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "meta metrics detail - collection agg - rev param",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
+															"\r",
+															"let jsonData = pm.response.json();\r",
+															"\r",
+															"// user = \"stigmanadmin\"\r",
+															"\r",
+															"// pm.test(\"Response JSON is an object\", function () {\r",
+															"//     pm.expect(jsonData).to.be.an('object');\r",
+															"// });\r",
+															"\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 2,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 2,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 7,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"       [\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 1,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 1,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 5,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 7,\r",
+															"                \"high\": 11,\r",
+															"                \"medium\": 63\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"       [],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"collectionId\": \"21\",\r",
+															"        \"name\": \"Collection X\",\r",
+															"        \"assets\": 2,\r",
+															"        \"stigs\": 1,\r",
+															"        \"checklists\": 2,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 7,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
+															"\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
+															"\r",
+															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
+															"\r",
+															"\r",
+															"return;\r",
+															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/detail/collection?revisionId={{testBenchmark}}-1-1",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"detail",
+														"collection"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														},
+														{
+															"key": "revisionId",
+															"value": "{{testBenchmark}}-1-1"
+														}
+													]
+												}
+											},
+											"response": []
+										}
+									]
+								},
+								{
+									"name": "stig agg",
+									"item": [
+										{
+											"name": "meta metrics detail - stig agg - no params",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
+															"\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
+															"\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
+															"\r",
 															"\r",
-															"            // pm.test(\"Check some stats - results - unassessed\", function () {\r",
-															"            //     pm.expect(item.metrics.results.unassessed).to.equal(metricsReferenceCommon.results.unassessed.total);\r",
-															"            // });                   \r",
+															"let jsonData = pm.response.json();\r",
 															"\r",
-															"            pm.test(\"Check some stats - status - saved\", function () {\r",
-															"                pm.expect(item.metrics.statuses.saved.total).to.equal(metricsReferenceCommon.statuses.saved.total);\r",
-															"            });   \r",
+															"// user = \"stigmanadmin\"\r",
 															"\r",
-															"            pm.test(\"Check some stats - status - submitted\", function () {\r",
-															"                pm.expect(item.metrics.statuses.submitted.total).to.equal(metricsReferenceCommon.statuses.submitted.total);\r",
-															"            });  \r",
-															"            pm.test(\"Check some stats - status - accepted\", function () {\r",
-															"                pm.expect(item.metrics.statuses.accepted.total).to.equal(metricsReferenceCommon.statuses.accepted.total);\r",
-															"            });                   \r",
-															"            pm.test(\"Check some stats - status - rejected\", function () {\r",
-															"                pm.expect(item.metrics.statuses.rejected.total).to.equal(metricsReferenceCommon.statuses.rejected.total);\r",
-															"            });      \r",
 															"\r",
-															"            pm.test(\"Check some stats - assessments\", function () {\r",
-															"                pm.expect(item.metrics.assessments).to.equal(metricsReferenceCommon.assessments);\r",
-															"            });             \r",
-															"            pm.test(\"Check some stats - assessed\", function () {\r",
-															"                pm.expect(item.metrics.assessed).to.equal(metricsReferenceCommon.assessed);\r",
-															"            });                          \r",
 															"\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 7,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"benchmarkId\": \"Windows_10_STIG_TEST\",\r",
+															"        \"title\": \"Windows 10 Security Technical Implementation Guide\",\r",
+															"        \"revisionStr\": \"V1R23\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 287,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:29:16Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 3,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 1\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"assessments\": 574,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 36,\r",
+															"                \"high\": 52,\r",
+															"                \"medium\": 486\r",
+															"            }\r",
 															"        }\r",
-															"\r",
 															"    }\r",
+															"]\r",
 															"\r",
-															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 1,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 5,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 7,\r",
+															"                \"high\": 11,\r",
+															"                \"medium\": 63\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"      [],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R0\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": null,\r",
+															"            \"minTs\": null,\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 0,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 0\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": null,\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 7,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"benchmarkId\": \"Windows_10_STIG_TEST\",\r",
+															"        \"title\": \"Windows 10 Security Technical Implementation Guide\",\r",
+															"        \"revisionStr\": \"V1R23\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 287,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:29:16Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 3,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 1\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"assessments\": 574,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 36,\r",
+															"                \"high\": 52,\r",
+															"                \"medium\": 486\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
 															"}\r",
 															"\r",
-															"\r",
-															"   \r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
+															"// }\r",
 															"\r",
 															"\r",
-															"return;\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
 															"\r",
 															"\r",
+															"return;\r",
 															"\r",
 															""
 														],
@@ -21423,20 +28813,32 @@
 												"method": "GET",
 												"header": [],
 												"url": {
-													"raw": "{{baseUrl}}/collections/:collectionId/metrics/detail",
+													"raw": "{{baseUrl}}/collections/meta/metrics/detail/stig",
 													"host": [
 														"{{baseUrl}}"
 													],
 													"path": [
 														"collections",
-														":collectionId",
+														"meta",
 														"metrics",
-														"detail"
+														"detail",
+														"stig"
 													],
-													"variable": [
+													"query": [
 														{
 															"key": "collectionId",
-															"value": "{{testCollection}}"
+															"value": "{{testCollection}}",
+															"disabled": true
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
 														}
 													]
 												}
@@ -21444,7 +28846,7 @@
 											"response": []
 										},
 										{
-											"name": "Return detailed metrics for the specified Collection - with params",
+											"name": "meta metrics detail - stig agg - coll param",
 											"event": [
 												{
 													"listen": "test",
@@ -21458,7 +28860,7 @@
 															"    console.log(\"setting user to 'elevated'\");\r",
 															"}\r",
 															"\r",
-															"if (user == \"collectioncreator\" || user == \"bizarroLvl1\" ) {\r",
+															"if (user == \"bizarroLvl1\") {\r",
 															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
 															"        pm.response.to.have.status(403);\r",
 															"    });\r",
@@ -21476,207 +28878,936 @@
 															"\r",
 															"let jsonData = pm.response.json();\r",
 															"\r",
+															"// user = \"stigmanadmin\"\r",
 															"\r",
-															"pm.test(\"Response JSON is an array\", function () {\r",
-															"    pm.expect(jsonData).to.be.an('array');\r",
-															"});\r",
-															"\r",
-															"\r",
-															"let testAsset = pm.environment.get(\"testAsset\");\r",
-															"let testBenchmark = pm.environment.get(\"testBenchmark\");\r",
-															"let testLabel = pm.environment.get(\"testLabel\");\r",
-															"let testLabelName = pm.environment.get(\"testLabelName\");\r",
-															"\r",
-															"let testChecklistLength = parseInt(pm.environment.get(\"checklistLength\"));\r",
-															"\r",
-															"\r",
-															"\r",
-															"// pm.test(\"Check that proper assets are returned\", function () {\r",
-															"    for (let item of jsonData){\r",
-															"            console.log( \"testing: \" + item.name) \r",
 															"\r",
-															"        let assetMatchString = pm.environment.get(\"assetMatchString\");\r",
-															"        var regex = new RegExp(assetMatchString);\r",
-															"        pm.test(\"Check that proper assets are returned: \" + assetMatchString, function () {\r",
-															"            pm.expect(item.name).to.match(regex);\r",
-															"        });\r",
 															"\r",
-															"        if (pm.request.url.getQueryString().match(/benchmarkId=/)) {\r",
-															"            pm.test(\"verify parameter restricted response properly - benchmark\", function () {\r",
-															"                pm.expect(item.benchmarkId).to.eql(testBenchmark);\r",
-															"            })\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 7,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
 															"        }\r",
-															"        if (pm.request.url.getQueryString().match(/assetId=/)) {\r",
-															"            pm.test(\"verify parameter restricted response properly - assetId\", function () {\r",
-															"                pm.expect(item.assetId).to.eql(testAsset);\r",
-															"            })\r",
-															"        }   \r",
-															"\r",
-															"        if (pm.request.url.getQueryString().match(/labelId=/)) {\r",
-															"            pm.test(\"verify parameter restricted response properly - labelId\", function () {\r",
-															"                let responseLabels = [];\r",
-															"                for (let label of item.labels) {\r",
-															"                    responseLabels.push(label.labelId)\r",
+															"    },\r",
+															"    {\r",
+															"        \"benchmarkId\": \"Windows_10_STIG_TEST\",\r",
+															"        \"title\": \"Windows 10 Security Technical Implementation Guide\",\r",
+															"        \"revisionStr\": \"V1R23\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 287,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:29:16Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
 															"                }\r",
-															"                pm.expect(responseLabels).to.include(testLabel);\r",
-															"            })\r",
-															"        }           \r",
-															"\r",
-															"        if (pm.request.url.getQueryString().match(/labelName=/)) {\r",
-															"            pm.test(\"verify parameter restricted response properly - labelName\", function () {\r",
-															"                let responseLabels = [];\r",
-															"                for (let label of item.labels) {\r",
-															"                    responseLabels.push(label.name)\r",
+															"            },\r",
+															"            \"assessed\": 3,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 1\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
 															"                }\r",
-															"                pm.expect(responseLabels).to.include(testLabelName);\r",
-															"            })\r",
-															"        }              \r",
-															"\r",
-															"    if (item.assetId ==  testAsset && item.benchmarkId == testBenchmark) {\r",
-															"        // if (item.assetId ==  testAsset ) {\r",
-															"            console.log( \"found Collection_X_lvl1_asset\") \r",
-															"\r",
-															"            pm.test(\"Check some stats - findings, low\", function () {\r",
-															"                pm.expect(item.metrics.findings.low).to.equal(1);\r",
-															"            });\r",
-															"\r",
-															"            pm.test(\"Check some stats - results - NA\", function () {\r",
-															"                pm.expect(item.metrics.results.notapplicable.total).to.equal(1);\r",
-															"            });        \r",
-															"            pm.test(\"Check some stats - results - pass\", function () {\r",
-															"                pm.expect(item.metrics.results.pass.total).to.equal(2);\r",
-															"            });        \r",
-															"\r",
-															"        pm.test(\"Check some stats - results - fail\", function () {\r",
-															"                pm.expect(item.metrics.results.fail.total).to.equal(3);\r",
-															"            });        \r",
-															"\r",
-															"        pm.test(\"Check some stats - status - submitted\", function () {\r",
-															"                pm.expect(item.metrics.statuses.submitted.total).to.equal(5);\r",
-															"            });     \r",
-															"        pm.test(\"Check some stats - assessments\", function () {\r",
-															"                pm.expect(item.metrics.assessments).to.equal(testChecklistLength);\r",
-															"            });             \r",
-															"        pm.test(\"Check some stats - assessed\", function () {\r",
-															"                pm.expect(item.metrics.assessed).to.equal(6);\r",
-															"            });                          \r",
-															"\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"assessments\": 574,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 36,\r",
+															"                \"high\": 52,\r",
+															"                \"medium\": 486\r",
+															"            }\r",
 															"        }\r",
 															"    }\r",
-															"   \r",
-															"\r",
+															"]\r",
 															"\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 1,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 5,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 7,\r",
+															"                \"high\": 11,\r",
+															"                \"medium\": 63\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"[],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 7,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"benchmarkId\": \"Windows_10_STIG_TEST\",\r",
+															"        \"title\": \"Windows 10 Security Technical Implementation Guide\",\r",
+															"        \"revisionStr\": \"V1R23\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 287,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:29:16Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 3,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 1\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2020-08-18T20:48:29Z\",\r",
+															"            \"assessments\": 574,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 36,\r",
+															"                \"high\": 52,\r",
+															"                \"medium\": 486\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
 															"\r",
-															"    \r",
-															"\r",
-															"    \r",
-															"// }\r",
-															"\r",
-															"return;\r",
-															"\r",
-															"// if (pm.request.url.getQueryString().match(/projection=stigs/)) {\r",
-															"//     pm.expect(jsonData.stigs).to.exist;\r",
-															"// }\r",
-															"// if (pm.request.url.getQueryString().match(/projection=history/)) {\r",
-															"//     pm.expect(jsonData.history).to.exist;\r",
-															"// }\r",
-															"// if (pm.request.url.getQueryString().match(/projection=rule/)) {\r",
-															"//     pm.expect(jsonData.rule).to.exist;\r",
-															"// }\r",
-															"// if (pm.request.url.getQueryString().match(/projection=metadata/)) {\r",
-															"//     pm.expect(jsonData.metadata).to.exist;\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
+															"//     }\r",
 															"// }\r",
-															"// pm.test(\"Check if object contains all provided keys\", function () {\r",
-															"//     // pm.expect(jsonData).to.have.all.keys(reviewKeys);\r",
-															"// });\r",
-															"\r",
-															"// pm.test(\"Check if object contains proper ruleId\", function () {\r",
-															"//     let testRuleId = pm.environment.get(\"testRuleId\");\r",
-															"//     pm.expect(jsonData.ruleId).to.eql(testRuleId);\r",
-															"// });\r",
 															"\r",
-															"// pm.test(\"Check review comment for regex match string\", function () {\r",
-															"//     let reviewMatchString = pm.environment.get(\"reviewMatchString\");\r",
-															"//     var regex = new RegExp(reviewMatchString);\r",
-															"//     pm.expect(jsonData.detail).to.match(regex);\r",
-															"// });\r",
 															"\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
 															"\r",
 															"\r",
-															"// pm.test(\"Response has requested properties and values\", function () {\r",
-															"//     // for (let item of jsonData){\r",
-															"//     let collectionMatchString = pm.environment.get(\"collectionMatchString\");\r",
-															"//     var regex = new RegExp(collectionMatchString);\r",
-															"//     pm.test(\"Check that proper Collections are returned\", function () {\r",
-															"//         pm.expect(jsonData.name).to.match(regex);\r",
-															"//     });\r",
+															"return;\r",
 															"\r",
+															""
+														],
+														"type": "text/javascript"
+													}
+												}
+											],
+											"request": {
+												"method": "GET",
+												"header": [],
+												"url": {
+													"raw": "{{baseUrl}}/collections/meta/metrics/detail/stig?collectionId={{testCollection}}",
+													"host": [
+														"{{baseUrl}}"
+													],
+													"path": [
+														"collections",
+														"meta",
+														"metrics",
+														"detail",
+														"stig"
+													],
+													"query": [
+														{
+															"key": "collectionId",
+															"value": "{{testCollection}}"
+														},
+														{
+															"key": "collectionId",
+															"value": "",
+															"disabled": true
+														},
+														{
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}",
+															"disabled": true
+														}
+													]
+												}
+											},
+											"response": []
+										},
+										{
+											"name": "meta metrics detail - stig agg - bench param",
+											"event": [
+												{
+													"listen": "test",
+													"script": {
+														"exec": [
+															"let user = pm.environment.get(\"user\");\r",
+															"console.log(\"user: \" + user);\r",
 															"\r",
-															"//     if (pm.request.url.getQueryString().match(/projection=assets/)) {\r",
-															"//         pm.expect(jsonData.assets).to.exist;\r",
+															"if (pm.request.url.getQueryString().match(/elevate=true/)) {\r",
+															"    user = \"elevated\";\r",
+															"    console.log(\"setting user to 'elevated'\");\r",
+															"}\r",
 															"\r",
-															"//         let assetMatchString = pm.environment.get(\"assetMatchString\");\r",
-															"//         var assetRegex = new RegExp(assetMatchString);\r",
-															"//         for (let asset of jsonData.assets){\r",
-															"//             // pm.expect(asset).to.have.property('name');\r",
-															"//             // pm.expect(asset).to.have.property('assetId');\r",
-															"//             pm.expect(asset.name).to.match(assetRegex);\r",
-															"//         }\r",
-															"//     }\r",
+															"if (user == \"bizarroLvl1\") {\r",
+															"    pm.test(\"Status should be is 403 for user collectioncreator, bizarroLvl1\", function () {\r",
+															"        pm.response.to.have.status(403);\r",
+															"    });\r",
+															"    return;\r",
+															"}\r",
+															"else {\r",
+															"    pm.test(\"Status code is 200\", function () {\r",
+															"        pm.response.to.have.status(200);\r",
+															"    });\r",
+															"}\r",
+															"if (pm.response.code !== 200) {\r",
+															"    return;\r",
+															"}\r",
 															"\r",
-															"//     if (pm.request.url.getQueryString().match(/projection=grants/)) {\r",
-															"//         for (let grant of jsonData.grants){\r",
-															"//             pm.expect(jsonData.grants).to.exist;\r",
 															"\r",
-															"//             // pm.expect(grant).to.be(array);\r",
-															"//             // pm.expect(grant.user).to.be(object);\r",
-															"//         }\r",
-															"//     }\r",
+															"let jsonData = pm.response.json();\r",
 															"\r",
-															"//     if (pm.request.url.getQueryString().match(/projection=stigs/)) {\r",
-															"//         let validStigs = JSON.parse(pm.environment.get(\"stigs.valid\"));\r",
+															"// user = \"stigmanadmin\"\r",
 															"\r",
-															"//         for (let stig of jsonData.stigs){\r",
-															"//             // pm.expect(stig).to.be(object);\r",
-															"//             pm.expect(stig.benchmarkId).to.be.oneOf(validStigs);\r",
 															"\r",
-															"//         }\r",
-															"//     }\r",
 															"\r",
-															"//     if (pm.request.url.getQueryString().match(/projection=owners/)) {\r",
-															"//         // console.log(\"checking owners projection\");\r",
-															"//         pm.expect(jsonData.owners).to.exist;\r",
+															"let lvl234 = \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 7,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
 															"\r",
-															"//         for (let owner of jsonData.owners){\r",
-															"//             // pm.expect(owner).to.be(array);\r",
-															"//         }\r",
-															"//     }\r",
+															"let jsonExpectedByUser =\r",
+															"{\r",
+															"    lvl1: \r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 1,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 6,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 2\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 1,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 5,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 81,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 7,\r",
+															"                \"high\": 11,\r",
+															"                \"medium\": 63\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"],\r",
+															"    collectioncreator:\r",
+															"       [],        \r",
+															"    stigmanadmin :\r",
+															"[\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R0\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": null,\r",
+															"            \"minTs\": null,\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 0,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 0,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 0\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": null,\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
+															"        }\r",
+															"    },\r",
+															"    {\r",
+															"        \"benchmarkId\": \"VPN_SRG_TEST\",\r",
+															"        \"title\": \"Virtual Private Network (VPN) Security Requirements Guide\",\r",
+															"        \"revisionStr\": \"V1R1\",\r",
+															"        \"collections\": 1,\r",
+															"        \"assets\": 2,\r",
+															"        \"ruleCount\": 81,\r",
+															"        \"metrics\": {\r",
+															"            \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"            \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"            \"results\": {\r",
+															"                \"fail\": {\r",
+															"                    \"total\": 4,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"pass\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"error\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"fixed\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"unknown\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notchecked\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notselected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"informational\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"notapplicable\": {\r",
+															"                    \"total\": 3,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"assessed\": 9,\r",
+															"            \"findings\": {\r",
+															"                \"low\": 1,\r",
+															"                \"high\": 0,\r",
+															"                \"medium\": 3\r",
+															"            },\r",
+															"            \"statuses\": {\r",
+															"                \"saved\": {\r",
+															"                    \"total\": 2,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"accepted\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"rejected\": {\r",
+															"                    \"total\": 0,\r",
+															"                    \"resultEngine\": 0\r",
+															"                },\r",
+															"                \"submitted\": {\r",
+															"                    \"total\": 7,\r",
+															"                    \"resultEngine\": 0\r",
+															"                }\r",
+															"            },\r",
+															"            \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"            \"assessments\": 162,\r",
+															"            \"assessmentsBySeverity\": {\r",
+															"                \"low\": 14,\r",
+															"                \"high\": 22,\r",
+															"                \"medium\": 126\r",
+															"            }\r",
+															"        }\r",
+															"    }\r",
+															"]\r",
+															"}\r",
 															"\r",
-															"//     if (pm.request.url.getQueryString().match(/projection=statistics/)) {\r",
-															"//         // console.log(\"checking statistics projection\");\r",
-															"//         pm.expect(jsonData.statistics).to.exist;\r",
+															"jsonExpectedByUser.lvl2 = lvl234\r",
+															"jsonExpectedByUser.lvl3 = lvl234\r",
+															"jsonExpectedByUser.lvl4 = lvl234\r",
+															"\r",
+															"// let jsonExpected =\r",
+															"// {\r",
+															"//     \"collections\": 3,\r",
+															"//     \"assets\": 8,\r",
+															"//     \"stigs\": 3,\r",
+															"//     \"checklists\": 14,\r",
+															"//     \"metrics\": {\r",
+															"//         \"maxTs\": \"2022-02-03T00:07:05Z\",\r",
+															"//         \"minTs\": \"2020-08-11T22:27:26Z\",\r",
+															"//         \"results\": {\r",
+															"//             \"fail\": 8,\r",
+															"//             \"pass\": 7,\r",
+															"//             \"unassessed\": 0,\r",
+															"//             \"notapplicable\": 4\r",
+															"//         },\r",
+															"//         \"assessed\": 19,\r",
+															"//         \"findings\": {\r",
+															"//             \"low\": 2,\r",
+															"//             \"high\": 0,\r",
+															"//             \"medium\": 6\r",
+															"//         },\r",
+															"//         \"statuses\": {\r",
+															"//             \"saved\": 7,\r",
+															"//             \"accepted\": 0,\r",
+															"//             \"rejected\": 0,\r",
+															"//             \"submitted\": 12\r",
+															"//         },\r",
+															"//         \"maxTouchTs\": \"2022-02-03T00:07:07Z\",\r",
+															"//         \"assessments\": 2327\r",
 															"//     }\r",
+															"// }\r",
 															"\r",
-															"//     if (pm.request.url.getQueryString().match(/projection=labels/)) {\r",
-															"//         // console.log(\"checking statistics projection\");\r",
-															"//         pm.expect(jsonData.labels).to.exist;\r",
-															"//         if (user == \"lvl1\" ) {\r",
-															"//             pm.expect(jsonData.labels.length).to.equal(2);\r",
-															"//             pm.expect(jsonData.labels[0].uses).to.equal(1);\r",
-															"//             pm.expect(jsonData.labels[1].uses).to.equal(1);\r",
-															"\r",
-															"//         }\r",
-															"//         else{\r",
-															"//             pm.expect(jsonData.labels.length).to.equal(2);\r",
-															"\r",
-															"//         }            \r",
-															"\r",
-															"//     }\r",
-															"//     // };\r",
 															"\r",
-															"// });\r",
+															"pm.test(\"Check that metrics are as expected \", function () {\r",
+															"    pm.expect(jsonData).to.eql(jsonExpectedByUser[user]);\r",
+															"});\r",
 															"\r",
 															"\r",
+															"return;\r",
 															"\r",
 															""
 														],
@@ -21688,39 +29819,31 @@
 												"method": "GET",
 												"header": [],
 												"url": {
-													"raw": "{{baseUrl}}/collections/:collectionId/metrics/detail?benchmarkId={{testBenchmark}}&assetId={{testAsset}}&labelName={{testLabelName-lvl1}}",
+													"raw": "{{baseUrl}}/collections/meta/metrics/detail/stig?benchmarkId={{testBenchmark}}",
 													"host": [
 														"{{baseUrl}}"
 													],
 													"path": [
 														"collections",
-														":collectionId",
+														"meta",
 														"metrics",
-														"detail"
+														"detail",
+														"stig"
 													],
 													"query": [
 														{
-															"key": "benchmarkId",
-															"value": "{{testBenchmark}}"
-														},
-														{
-															"key": "assetId",
-															"value": "{{testAsset}}"
+															"key": "collectionId",
+															"value": "{{testCollection}}",
+															"disabled": true
 														},
 														{
-															"key": "labelId",
-															"value": "{{testLabel}}",
+															"key": "collectionId",
+															"value": "",
 															"disabled": true
 														},
 														{
-															"key": "labelName",
-															"value": "{{testLabelName-lvl1}}"
-														}
-													],
-													"variable": [
-														{
-															"key": "collectionId",
-															"value": "{{testCollection}}"
+															"key": "benchmarkId",
+															"value": "{{testBenchmark}}"
 														}
 													]
 												}
@@ -21731,6 +29854,102 @@
 								}
 							]
 						}
+					],
+					"auth": {
+						"type": "bearer",
+						"bearer": [
+							{
+								"key": "token",
+								"value": "{{token}}",
+								"type": "string"
+							}
+						]
+					},
+					"event": [
+						{
+							"listen": "prerequest",
+							"script": {
+								"type": "text/javascript",
+								"exec": [
+									"// pm.environment.set(\"curUser\", \"staff\");",
+									"",
+									"let user = pm.iterationData.get(\"user\");",
+									"let elevate = pm.iterationData.get(\"elevate\");",
+									"console.log(`user: ${user} elevate: ${elevate}`);",
+									"",
+									"",
+									"//default to stigmanadmin user, elevated, if not iterating, and user is not in env",
+									"if (user === undefined) {",
+									"    user = \"stigmanadmin\";",
+									"    userId = \"1\";",
+									"    elevate = true;",
+									"    pm.environment.set(\"user\", user);",
+									"    pm.environment.set(\"elevated\", elevate);",
+									"    let token = pm.environment.get(\"token.\" + user)",
+									"    pm.environment.set(\"token\", token);",
+									"    console.log(`No iteration data. Setting: User: ${user} elevated: ${elevate} Bearer: ${token}`);",
+									"",
+									"    return;  // Just use whatever settings are currently left in the env.",
+									"}",
+									"",
+									"",
+									"",
+									"let token = pm.iterationData.get(\"token\");",
+									"pm.environment.set(\"token.\"+ user, token);",
+									"pm.environment.set(\"token\", token);",
+									"pm.environment.set(\"user\", user);",
+									"pm.environment.set(\"elevated\", elevate);",
+									"console.log(`User: ${user} elevated: ${elevate} Bearer: ${token}`);",
+									"",
+									"//constructed data targets to test",
+									"pm.environment.set(\"stigs.valid\", pm.iterationData.get(\"stigs.valid\"));",
+									"pm.environment.set(\"testCollection\", pm.iterationData.get(\"testCollection\"));",
+									"pm.environment.set(\"testBenchmark\", pm.iterationData.get(\"testBenchmark\"));",
+									"pm.environment.set(\"testRev\", pm.iterationData.get(\"testRev\"));",
+									"pm.environment.set(\"testAsset\", pm.iterationData.get(\"testAsset\"));",
+									"pm.environment.set(\"testAsset-NoStigs\", pm.iterationData.get(\"testAsset-NoStigs\"));",
+									"pm.environment.set(\"testAssetName\", pm.iterationData.get(\"testAssetName\"));",
+									"pm.environment.set(\"testRuleId\", pm.iterationData.get(\"testRuleId\"));",
+									"pm.environment.set(\"testUserId\", pm.iterationData.get(\"testUserId\"));",
+									"pm.environment.set(\"userId\", pm.iterationData.get(\"userId\"));",
+									"pm.environment.set(\"metadataKey\", pm.iterationData.get(\"metadataKey\"));",
+									"pm.environment.set(\"metadataValue\", pm.iterationData.get(\"metadataValue\"));",
+									"// pm.environment.set(\"targetCollectionName\", pm.iterationData.get(\"targetCollectionName\"));",
+									"pm.environment.set(\"checklistLength\", pm.iterationData.get(\"checklistLength\"));",
+									"",
+									"//targets for data changes",
+									"pm.environment.set(\"deleteAsset\", pm.iterationData.get(\"deleteAsset\"));",
+									"pm.environment.set(\"scrapAsset\", pm.iterationData.get(\"scrapAsset\"));",
+									"pm.environment.set(\"deleteCollection\", pm.iterationData.get(\"deleteCollection\"));",
+									"pm.environment.set(\"scrapCollection\", pm.iterationData.get(\"scrapCollection\"));",
+									"",
+									"",
+									"//regex strings",
+									"pm.environment.set(\"collectionMatchString\", pm.iterationData.get(\"collectionMatchString\"));",
+									"pm.environment.set(\"collectionMatchType\", pm.iterationData.get(\"collectionMatchType\"));",
+									"pm.environment.set(\"assetMatchString\", pm.iterationData.get(\"assetMatchString\"));",
+									"pm.environment.set(\"reviewMatchString\", pm.iterationData.get(\"reviewMatchString\"));",
+									"",
+									"//misc",
+									"pm.environment.set(\"accessLevel\", pm.iterationData.get(\"accessLevel\"));",
+									"",
+									"// utils = {",
+									"//     grantsPostToGet: function (grantsRespArray) {",
+									"//     }",
+									"// }",
+									""
+								]
+							}
+						},
+						{
+							"listen": "test",
+							"script": {
+								"type": "text/javascript",
+								"exec": [
+									""
+								]
+							}
+						}
 					]
 				},
 				{
@@ -58206,9 +66425,24 @@
 											"                    // }",
 											"                    console.log(messageObject.collection.grants)",
 											"                    console.log(grantsProjected)",
+											"// pm.test(\"Response matches expected response\", function () {",
+											"//     try {",
+											"//         pm.expect(respData).to.eql(expectedResponse)",
+											"//     }",
+											"//     catch (e) {",
+											"//         e.message = `actual: ${JSON.stringify(e.actual)}, expected: ${JSON.stringify(e.expected)}`",
+											"//         throw(e)",
+											"//     }",
+											"// });                    ",
 											"                    pm.test(\"check cloned collection grants\", function () {                    ",
 											"                        pm.expect(messageObject.collection).to.have.property('grants');",
-											"                        pm.expect(messageObject.collection.grants).to.eql(grantsProjected);",
+											"                        try {                        ",
+											"                            pm.expect(messageObject.collection.grants).to.eql(grantsProjected);",
+											"                        }",
+											"                        catch (e) {",
+											"                            e.message = `actual: ${JSON.stringify(e.actual)}, expected: ${JSON.stringify(e.expected)}`",
+											"                            throw(e)",
+											"                        }                    ",
 											"                    })",
 											"                    // for (let owner of messageObject.collection.owners){",
 											"                    //     // pm.expect(owner).to.have.all.keys(userKeys);",
@@ -58325,7 +66559,15 @@
 											"    }",
 											"//  });",
 											"",
-											"",
+											"pm.test(\"Response matches expected response\", function () {",
+											"    try {",
+											"        pm.expect(respData).to.eql(expectedResponse)",
+											"    }",
+											"    catch (e) {",
+											"        e.message = `actual: ${JSON.stringify(e.actual)}, expected: ${JSON.stringify(e.expected)}`",
+											"        throw(e)",
+											"    }",
+											"});",
 											"",
 											"// let collectionMatchString = pm.environment.get(\"collectionMatchString\");",
 											"// // console.log(\"collection string = \" + collectionMatchString);",