diff --git a/rules/system_settings/system_settings_firewall_enable.yaml b/rules/system_settings/system_settings_firewall_enable.yaml
index cdbc1183..8253b5a8 100644
--- a/rules/system_settings/system_settings_firewall_enable.yaml
+++ b/rules/system_settings/system_settings_firewall_enable.yaml
@@ -5,14 +5,26 @@ discussion: |
 
   When the macOS Application Firewall is enabled, the flow of information within the information system and between interconnected systems will be controlled by approved authorizations.
 check: |
-  /usr/bin/osascript -l JavaScript << EOS
+  profile="$(/usr/bin/osascript -l JavaScript << EOS
   $.NSUserDefaults.alloc.initWithSuiteName('com.apple.security.firewall')\
   .objectForKey('EnableFirewall').js
   EOS
+  )"
+
+  plist="$(/usr/bin/defaults read /Library/Preferences/com.apple.alf globalstate 2>/dev/null)"
+
+  if [[ "$profile" == "true" ]] && [[ "$plist" =~ [1,2] ]]; then
+    echo "true"
+  else
+    echo "false"
+  fi
 result:
   string: "true"
 fix: |
-  This is implemented by a Configuration Profile.
+  [source,bash]
+  ----
+  /usr/bin/defaults write /Library/Preferences/com.apple.alf globalstate -int 1
+  ----
 references:
   cce:
     - CCE-91948-0
diff --git a/rules/system_settings/system_settings_firewall_stealth_mode_enable.yaml b/rules/system_settings/system_settings_firewall_stealth_mode_enable.yaml
index c91e2ae0..a9e76364 100644
--- a/rules/system_settings/system_settings_firewall_stealth_mode_enable.yaml
+++ b/rules/system_settings/system_settings_firewall_stealth_mode_enable.yaml
@@ -10,14 +10,26 @@ discussion: |
   Enabling firewall stealth mode may prevent certain remote mechanisms used for maintenance and compliance scanning from properly functioning. Information System Security Officers (ISSOs) are advised to first fully weigh the potential risks posed to their organization before opting not to enable stealth mode.
   ====
 check: |
-  /usr/bin/osascript -l JavaScript << EOS
+  profile="$(/usr/bin/osascript -l JavaScript << EOS
   $.NSUserDefaults.alloc.initWithSuiteName('com.apple.security.firewall')\
   .objectForKey('EnableStealthMode').js
   EOS
+  )"
+
+  plist=$(/usr/bin/defaults read /Library/Preferences/com.apple.alf stealthenabled 2>/dev/null)
+
+  if [[ "$profile" == "true" ]] && [[ $plist == 1 ]]; then
+    echo "true"
+  else
+    echo "false"
+  fi
 result:
   string: "true"
 fix: |
-  This is implemented by a Configuration Profile.
+  [source,bash]
+  ----
+  /usr/bin/defaults write /Library/Preferences/com.apple.alf stealthenabled -int 1
+  ----
 references:
   cce:
     - CCE-91949-8