Description of problem:

From the stig-results.xml found that this benchmark (RHEL-08-030590 |  CCE-80718-0  | V-230466 | xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock) wasn't selected:

    <rule-result idref="xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock" role="full" time="2022-12-19T11:20:10-08:00" severity="medium" weight="1.000000">
      <result>notselected</result>
      <ident system="https://nvd.nist.gov/cce/index.cfm">CCE-80718-0</ident>
    </rule-result>

and isn't selected as a part of the DISA STIG profile in the datastream file - /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml 

Is there an ETA on when this benchmark will be included or a status update for this?

Version-Release number of selected component (if applicable):
scap-security-guide-0.1.63-4.el8.noarch

How reproducible:
Always

Steps to Reproduce:
1. Install scap-security-guide-0.1.63-4.el8.noarch
2. Review benchmarks for "DISA STIG for Red Hat Enterprise Linux 8" profile in /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml 

Actual results:
xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock isn't selected in the profile

Expected results:
xccdf_org.ssgproject.content_rule_audit_rules_login_events_faillock is selected within the DISA STIG profile

Additional info:

https://github.com/ComplianceAsCode/content/blob/d906795a38fd069e8aa4e1fe8851f19a5038f98f/products/rhel8/profiles/stig.profile
~~~
    # RHEL-08-030590
    # This one needs to be updated to use /var/log/faillock, but first RHEL-08-020017 should be
    # implemented as it is the one that configures a different path for the events of failing locks
    # - audit_rules_login_events_faillock
~~~

Status shows as pending here (also checked the referenced RHEL-08-020017 looks like this is in place "automated"):
https://github.com/ComplianceAsCode/content/blob/74ca327dc3ea0b7c813263d13e230cd62ac70b5a/controls/stig_rhel8.yml
~~~
    -   id: RHEL-08-030590
        levels:
            - medium
        title: Successful/unsuccessful modifications to the faillock log file in RHEL 8
            must generate an audit record.
        status: pending
~~~
Found the audit_rules_login_events_faillock here:

https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
~~~
{{% if product in ["ol8","ol9","rhel8", "rhel9"] %}}
{{% set faillock_path = "/var/log/faillock" %}}
{{% else %}}
{{% set faillock_path = "/var/run/faillock" %}}
{{% endif %}}
documentation_complete: true
...
ocil_clause: 'the command does not return a line, or the line is commented out'

ocil: |-
    Verify {{{ full_name }}} generates audit records for all account creations, modifications, disabling, and termination events that affect "/etc/security/opasswd" with the following command:
    $ sudo auditctl -l | grep /var/run/faillock
    -w /var/run/faillock -p wa -k logins
template:
    name: audit_rules_login_events
    vars:
        path: {{{ faillock_path }}}

fixtext: |-
    {{{ fixtext_audit_file_watch_rule(faillock_path, "logins", "/etc/audit/rules.d/audit.rules") | indent(4) }}}
srg_requirement: '{{{ srg_requirement_audit_file_watch_rule(faillock_path) }}}'
~~~

This still has /var/run instead of /var/log in the ocil section, but the other sections look like they've been updated to use a dynamic faillock path.  (I'm not really sure if the ocil section is necessary or if it should statically reference /var/run)