Use full CCI and STIG identifiers

redhatrises · redhatrises · commit 669e161c0b2f · 2020-07-27T15:54:11.000-06:00
diff --git a/chromium/transforms/constants.xslt b/chromium/transforms/constants.xslt
@@ -10,7 +10,6 @@
 <xsl:variable name="cisuri">empty</xsl:variable>
 <xsl:variable name="product_guide_id_name">CHROMIUM</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-apps-browers-uri"/>
-<xsl:variable name="os-stigid-concat">DISA FSO </xsl:variable>
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/debian10/transforms/constants.xslt b/debian10/transforms/constants.xslt
@@ -11,7 +11,6 @@
 <!-- Define URI of official Center for Internet Security Benchmark for Debian Linux v1.0 -->
 <xsl:variable name="cisuri">https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/debian8/transforms/constants.xslt b/debian8/transforms/constants.xslt
@@ -11,7 +11,6 @@
 <!-- Define URI of official Center for Internet Security Benchmark for Debian Linux v1.0 -->
 <xsl:variable name="cisuri">https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/debian9/transforms/constants.xslt b/debian9/transforms/constants.xslt
@@ -11,7 +11,6 @@
 <!-- Define URI of official Center for Internet Security Benchmark for Debian Linux v1.0 -->
 <xsl:variable name="cisuri">https://benchmarks.cisecurity.org/tools2/linux/CIS_Debian_Benchmark_v1.0.pdf</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/eap6/transforms/constants.xslt b/eap6/transforms/constants.xslt
@@ -11,7 +11,6 @@
 <xsl:variable name="product_guide_id_name">Jboss-EAP-6</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-apps-appserver-uri"/>
 <xsl:variable name="disa-srguri" select="$disa-appsrguri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/example/README.md b/example/README.md
@@ -225,7 +225,6 @@ cat << EOF >> $NEW_PRODUCT/transforms/constants.xslt
 <!-- Define URI of official Center for Internet Security Benchmark for $FULL_NAME -->
 <xsl:variable name="cisuri">https://benchmarks.cisecurity.org/tools2/linux/CIS_${CAMEL_CASE_NAME}_Benchmark_v1.0.pdf</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/example/new_product.sh b/example/new_product.sh
@@ -77,7 +77,6 @@ cat << EOF >> $NEW_PRODUCT/transforms/constants.xslt
 <!-- Define URI of official Center for Internet Security Benchmark for $FULL_NAME -->
 <xsl:variable name="cisuri">https://benchmarks.cisecurity.org/tools2/linux/CIS_${CAMEL_CASE_NAME}_Benchmark_v1.0.pdf</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/example/transforms/constants.xslt b/example/transforms/constants.xslt
@@ -10,7 +10,6 @@
 <xsl:variable name="cisuri">empty</xsl:variable>
 <xsl:variable name="product_guide_id_name">EXAMPLE</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/fedora/transforms/constants.xslt b/fedora/transforms/constants.xslt
@@ -10,7 +10,6 @@
 <xsl:variable name="cisuri">empty</xsl:variable>
 <xsl:variable name="product_guide_id_name">FEDORA</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/firefox/transforms/constants.xslt b/firefox/transforms/constants.xslt
@@ -10,7 +10,6 @@
 <xsl:variable name="cisuri">empty</xsl:variable>
 <xsl:variable name="product_guide_id_name">FIREFOX</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-apps-browers-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/fuse6/transforms/constants.xslt b/fuse6/transforms/constants.xslt
@@ -10,7 +10,6 @@
 <xsl:variable name="cisuri">empty</xsl:variable>
 <xsl:variable name="product_guide_id_name">Jboss-Fuse-6</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-apps-appserver-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/jre/transforms/constants.xslt b/jre/transforms/constants.xslt
@@ -10,7 +10,6 @@
 <xsl:variable name="cisuri">empty</xsl:variable>
 <xsl:variable name="product_guide_id_name">JRE</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-apps-appsecurity-dev-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
@@ -21,11 +21,11 @@ identifiers:
 
 references:
     cis@rhel8: 2.2.4
-    disa: "366"
+    disa: CCI-000366
     nist: CM-7(a),CM-7(b),CM-6(a)
     nist-csf: PR.IP-1,PR.PT-3
     srg@rhel6: SRG-OS-999999
-    stigid@rhel6: "000246"
+    stigid@rhel6: RHEL-06-000246
     isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 7.6'
     isa-62443-2009: 4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3
     cobit5: BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS05.02,DSS05.05,DSS06.06
diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
@@ -30,21 +30,22 @@ identifiers:
     cce@rhcos4: 82463-1
 
 references:
-    stigid@ol7: "030000"
-    stigid@rhel6: "000145"
+    stigid@ol7: OL7-00-030000
+    stigid@rhel6: RHEL-06-000145
     srg@rhel6: SRG-OS-000032,SRG-OS-000037,SRG-OS-000255
     disa@rhel6: 067,1115,1190,120,1263,130,1312,1353,1454,1462,1487,157,158,1589,172,347,831,880
+    disa@rhel6: CCI-000067,CCI-001115,CCI-001190,CCI-000120,CCI-001263,CCI-000130,CCI-0001312,CCI-001353,CCI-0001454,CCI-001462,CCI-001487,CCI-000157,CCI-000158,CCI-001589,CCI-000172,CCI-000347,CCI-000831,CCI-000880
     cis@rhel8: 4.1.1.2
     cjis: 5.4.1.1
     cui: 3.3.1,3.3.2,3.3.6
-    disa: 126,130,131,132,133,134,135,1464,1487,1814
+    disa: CCI-000126,CCI-000130,CCI-000131,CCI-000132,CCI-000133,CCI-000134,CCI-000134,CCI-000135,CCI-001464,CCI-001487,CCI-001814
     hipaa: 164.308(a)(1)(ii)(D),164.308(a)(5)(ii)(C),164.310(a)(2)(iv),164.310(d)(2)(iii),164.312(b)
     nist: AC-2(g),AU-3,AU-10,AU-2(d),AU-12(c),AU-14(1),AC-6(9),CM-6(a)
     nist-csf: DE.AE-3,DE.AE-5,DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
     pcidss: Req-10.1
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000042-GPOS-00021,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000365-GPOS-00152
     vmmsrg: SRG-OS-000037-VMM-000150,SRG-OS-000063-VMM-000310,SRG-OS-000038-VMM-000160,SRG-OS-000039-VMM-000170,SRG-OS-000040-VMM-000180,SRG-OS-000041-VMM-000190
-    stigid@rhel7: "030000"
+    stigid@rhel7: RHEL-07-030000
     isa-62443-2013: 'SR 1.13,SR 2.10,SR 2.11,SR 2.12,SR 2.6,SR 2.8,SR 2.9,SR 3.1,SR 3.5,SR 3.8,SR 4.1,SR 4.3,SR 5.1,SR 5.2,SR 5.3,SR 6.1,SR 6.2,SR 7.1,SR 7.6'
     isa-62443-2009: 4.2.3.10,4.3.2.6.7,4.3.3.3.9,4.3.3.5.8,4.3.3.6.6,4.3.4.4.7,4.3.4.5.6,4.3.4.5.7,4.3.4.5.8,4.4.2.1,4.4.2.2,4.4.2.4
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,APO12.06,APO13.01,BAI03.05,BAI08.02,DSS01.03,DSS01.04,DSS02.02,DSS02.04,DSS02.07,DSS03.01,DSS03.05,DSS05.02,DSS05.03,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
diff --git a/ocp3/transforms/constants.xslt b/ocp3/transforms/constants.xslt
@@ -12,7 +12,6 @@
 <!-- Define URI of official CIS Kubernetes Benchmark -->
 <xsl:variable name="cisuri">https://benchmarks.cisecurity.org/tools2/virtualization/CIS_Kubernetes_Benchmark_v1.2.0.pdf</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat"></xsl:variable>
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/ocp4/transforms/constants.xslt b/ocp4/transforms/constants.xslt
@@ -10,7 +10,6 @@
 
 <xsl:variable name="cisuri">empty</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/ol7/transforms/constants.xslt b/ol7/transforms/constants.xslt
@@ -10,7 +10,6 @@
 <xsl:variable name="cisuri">https://benchmarks.cisecurity.org/tools2/linux/CIS_Oracle_Linux_7_Benchmark_v2.1.0.pdf</xsl:variable>
 <xsl:variable name="product_guide_id_name">OL-7</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" >OL07-00-</xsl:variable>
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/ol8/transforms/constants.xslt b/ol8/transforms/constants.xslt
@@ -10,7 +10,6 @@
 <xsl:variable name="cisuri">empty</xsl:variable>
 <xsl:variable name="product_guide_id_name">OL-8</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" >OL-08-</xsl:variable>
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/opensuse/transforms/constants.xslt b/opensuse/transforms/constants.xslt
@@ -10,7 +10,6 @@
 
 <xsl:variable name="cisuri">empty</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/rhel6/transforms/constants.xslt b/rhel6/transforms/constants.xslt
@@ -12,7 +12,6 @@
 <xsl:variable name="cisuri">https://www.cisecurity.org/benchmark/red_hat_linux/</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
 <xsl:variable name="disa-srguri" select="$disa-ossrguri"/>
-<xsl:variable name="os-stigid-concat"></xsl:variable>
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/rhel7/transforms/constants.xslt b/rhel7/transforms/constants.xslt
@@ -13,7 +13,6 @@
 <xsl:variable name="cisuri">https://www.cisecurity.org/benchmark/red_hat_linux/</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
 <xsl:variable name="disa-srguri" select="$disa-ossrguri"/>
-<xsl:variable name="os-stigid-concat">RHEL-07-</xsl:variable>
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/rhel8/transforms/constants.xslt b/rhel8/transforms/constants.xslt
@@ -11,7 +11,6 @@
 <xsl:variable name="product_guide_id_name">RHEL-8</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
 <xsl:variable name="disa-srguri" select="$disa-ossrguri"/>
-<xsl:variable name="os-stigid-concat">RHEL-08-</xsl:variable>
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/rhosp10/transforms/constants.xslt b/rhosp10/transforms/constants.xslt
@@ -10,7 +10,6 @@
 <xsl:variable name="cisuri">empty</xsl:variable>
 <xsl:variable name="product_guide_id_name">RHEL-10-OSP</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/rhosp13/transforms/constants.xslt b/rhosp13/transforms/constants.xslt
@@ -10,7 +10,6 @@
 <xsl:variable name="cisuri">empty</xsl:variable>
 <xsl:variable name="product_guide_id_name">RHEL-13-OSP</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/rhv4/transforms/constants.xslt b/rhv4/transforms/constants.xslt
@@ -12,7 +12,6 @@
 <!-- Define URI of official CIS Kubernetes Benchmark -->
 <xsl:variable name="cisuri"></xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-virutalization-uri"/>
-<xsl:variable name="os-stigid-concat"></xsl:variable>
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/shared/transforms/shared_shorthand2xccdf.xslt b/shared/transforms/shared_shorthand2xccdf.xslt
@@ -343,7 +343,7 @@
         </xsl:attribute>
         <xsl:choose>
           <xsl:when test="name() = 'disa'">
-            <xsl:value-of select='format-number($refitem, "CCI-000000")' />
+            <xsl:value-of select='$refitem' />
           </xsl:when>
           <xsl:otherwise>
             <xsl:value-of select="normalize-space($refitem)" />
diff --git a/shared/transforms/shared_xccdf-apply-overlay-stig.xslt b/shared/transforms/shared_xccdf-apply-overlay-stig.xslt
@@ -41,7 +41,7 @@
 					      <xsl:apply-templates select="xccdf:check[@system='http://scap.nist.gov/schema/ocil/2']"/>
               </check-content>
           	</check>
-		  	<ident system="https://public.cyber.mil/stigs/cci"><xsl:value-of select="concat('CCI-', format-number($overlay_ref,'000000'))" /></ident>
+		  	<ident system="https://public.cyber.mil/stigs/cci"><xsl:value-of select="$overlay_ref" /></ident>
           	<fixtext><xsl:copy-of select="xccdf:description/node()" /></fixtext>
           </Rule> 
           </Group>
diff --git a/shared/transforms/shared_xccdf2stigformat.xslt b/shared/transforms/shared_xccdf2stigformat.xslt
@@ -73,7 +73,7 @@ xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 http://nvd.nist.gov/sch
 			<dc:identifier>2400</dc:identifier>
 		</reference>
 		<xsl:for-each select="cdf:reference[@href=$disa-cciuri]">
-			<ident system="{$disa-cciuri}">CCI-<xsl:value-of select="format-number(text(),'000000')"/></ident>
+			<ident system="{$disa-cciuri}">CCI-<xsl:value-of select="ext()"/></ident>
 		</xsl:for-each>
 		<xsl:for-each select="cdf:reference[@href=$disa-ossrguri]">
 			<ident system="{$disa-ossrguri}"><xsl:value-of select="text()"/></ident>
diff --git a/shared/transforms/shared_xccdf2table-profileccirefs.xslt b/shared/transforms/shared_xccdf2table-profileccirefs.xslt
@@ -81,8 +81,8 @@
 
 			<td> 
 			<xsl:for-each select="cdf:reference[@href=$disa-cciuri]">
-            	<xsl:variable name="cci_formatted" select='format-number(self::node()[text()], "000000")' />
-				<xsl:variable name="cci_expanded" select="concat('CCI-', $cci_formatted)"  />
+            	<xsl:variable name="cci_formatted" select='self::node()[text()])' />
+				<xsl:variable name="cci_expanded" select="$cci_formatted"  />
 				<xsl:for-each select="$os_srg/cdf:Group/cdf:Rule" >
 					<xsl:if test="cdf:ident=$cci_expanded">
 						<xsl:value-of select="cdf:version"/>
@@ -94,17 +94,17 @@
 
 			<td> 
 			<xsl:for-each select="cdf:reference[@href=$disa-cciuri]">
-            	<xsl:variable name="cci_formatted" select='format-number(self::node()[text()], "000000")' />
-				<xsl:variable name="cci_expanded" select="concat('CCI-', $cci_formatted)"  />
+            	<xsl:variable name="cci_formatted" select='self::node()[text()]' />
+				<xsl:variable name="cci_expanded" select="$cci_formatted"  />
 				<xsl:value-of select="$cci_expanded"/>
 				<br/>
 			</xsl:for-each>
 			</td> 
 
 			<td> 
 			<xsl:for-each select="cdf:reference[@href=$disa-cciuri]">
-            	<xsl:variable name="cci_formatted" select='format-number(self::node()[text()], "000000")' />
-				<xsl:variable name="cci_expanded" select="concat('CCI-', $cci_formatted)"  />
+            	<xsl:variable name="cci_formatted" select='self::node()[text()]' />
+				<xsl:variable name="cci_expanded" select="$cci_formatted"  />
 				<xsl:for-each select="$cci_list/cci:cci_items/cci:cci_item">
 					<xsl:if test="@id=$cci_expanded">
 						<xsl:for-each select="cci:references/cci:reference">
diff --git a/sle11/transforms/constants.xslt b/sle11/transforms/constants.xslt
@@ -11,7 +11,6 @@
 <!-- Define URI of official CIS SUSE Linux Enterprise 11 Benchmark -->
 <xsl:variable name="cisuri"></xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat"></xsl:variable>
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/sle12/transforms/constants.xslt b/sle12/transforms/constants.xslt
@@ -10,7 +10,6 @@
 
 <xsl:variable name="cisuri">empty</xsl:variable>
 <xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat">SLES-12-</xsl:variable>
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/sle15/transforms/constants.xslt b/sle15/transforms/constants.xslt
@@ -11,7 +11,6 @@
 <!-- Define URI of official Center for Internet Security Benchmark for SUSE Linux Enterprise 15 -->
 <xsl:variable name="cisuri" />
 <xsl:variable name="disa-stigs-uri" select="-stigs-os-unix-linux-uri"/>
-<xsl:variable name="os-stigid-concat" />
 
 <!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy -->
 <!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable-->
diff --git a/ssg/build_yaml.py b/ssg/build_yaml.py
diff --git a/ubuntu1404/transforms/constants.xslt b/ubuntu1404/transforms/constants.xslt
diff --git a/ubuntu1604/transforms/constants.xslt b/ubuntu1604/transforms/constants.xslt
diff --git a/ubuntu1804/transforms/constants.xslt b/ubuntu1804/transforms/constants.xslt
diff --git a/wrlinux1019/transforms/constants.xslt b/wrlinux1019/transforms/constants.xslt
diff --git a/wrlinux8/transforms/constants.xslt b/wrlinux8/transforms/constants.xslt

-Original file line number
+Diff line change
 from .constants import XCCDF_PLATFORM_TO_CPE
 from .constants import PRODUCT_TO_CPE_MAPPING
 -from .constants import STIG_PLATFORM_ID_MAP
 from .constants import XCCDF_REFINABLE_PROPERTIES
 from .rules import get_rule_dir_id, get_rule_dir_yaml, is_rule_dir
 from .rule_yaml import parse_prodtype
         rule.validate_references(yaml_file)
         return rule
 -    def _make_stigid_product_specific(self, product):
 +    def _verify_stigid_format(self, product):
         stig_id = self.references.get("stigid", None)
         if not stig_id:
             return
         if "," in stig_id:
             raise ValueError("Rules can not have multiple STIG IDs.")
 -        stig_platform_id = STIG_PLATFORM_ID_MAP.get(product, product.upper())
 -        product_specific_stig_id = "{platform_id}-{stig_id}".format(
 -            platform_id=stig_platform_id, stig_id=stig_id)
 -        self.references["stigid"] = product_specific_stig_id
 +        stig_ex = re.compile(r'^[A-Z0-9]{4}-[0-9]{2}-[0-9]{6}$')
 +        if stig_ex.match(stig_id):
 +            self.references["stigid"] = stig_id
 +        else:
 +            raise ValueError("STIG ID '{}' is in the wrong format! "
 +                             "Format should be similar to: "
 +                             "XXXX-XX-XXXXXX".format(stig_id))
++
 +    def _verify_disa_cci_format(self):
 +        cci_id = self.references.get("disa", None)
 +        if not cci_id:
 +            return
 +        cci_ex = re.compile(r'^CCI-[0-9]{6}$')
 +        for cci in cci_id.split(","):
 +            if not cci_ex.match(cci):
 +                raise ValueError("CCI '{}' is in the wrong format! "
 +                                 "Format should be similar to: "
 +                                 "CCI-XXXXXX".format(cci))
 +        self.references["disa"] = cci_id
     def normalize(self, product):
         try:
             dic.update(new_items)
         self.references = general_references
 +        self._verify_disa_cci_format()
         self.references.update(product_references)
 -        self._make_stigid_product_specific(product)
 +        self._verify_stigid_format(product)
     def _make_items_product_specific(self, items_dict, product_suffix, allow_overwrites=False):
         new_items = dict()