diff --git a/baselines/all_rules.yaml b/baselines/all_rules.yaml
index 71c8857f..142b3539 100644
--- a/baselines/all_rules.yaml
+++ b/baselines/all_rules.yaml
@@ -205,7 +205,6 @@ profile:
       - system_settings_install_macos_updates_enforce
       - system_settings_internet_accounts_disable
       - system_settings_internet_sharing_disable
-      - system_settings_location_services_audit
       - system_settings_location_services_disable
       - system_settings_location_services_enable
       - system_settings_location_services_menu_enforce
diff --git a/baselines/cis_lvl1.yaml b/baselines/cis_lvl1.yaml
index ae5e34b8..ef5bd5a3 100644
--- a/baselines/cis_lvl1.yaml
+++ b/baselines/cis_lvl1.yaml
@@ -40,7 +40,6 @@ profile:
       - os_home_folders_secure
       - os_httpd_disable
       - os_install_log_retention_configure
-      - os_library_validation_enabled
       - os_mobile_file_integrity_enable
       - os_nfsd_disable
       - os_password_hint_remove
diff --git a/baselines/cis_lvl2.yaml b/baselines/cis_lvl2.yaml
index f9550ed2..56b62cbb 100644
--- a/baselines/cis_lvl2.yaml
+++ b/baselines/cis_lvl2.yaml
@@ -51,7 +51,6 @@ profile:
       - os_home_folders_secure
       - os_httpd_disable
       - os_install_log_retention_configure
-      - os_library_validation_enabled
       - os_mobile_file_integrity_enable
       - os_nfsd_disable
       - os_password_hint_remove
@@ -97,7 +96,6 @@ profile:
       - system_settings_hot_corners_secure
       - system_settings_install_macos_updates_enforce
       - system_settings_internet_sharing_disable
-      - system_settings_location_services_audit
       - system_settings_location_services_enable
       - system_settings_location_services_menu_enforce
       - system_settings_loginwindow_loginwindowtext_enable
diff --git a/rules/os/os_library_validation_enabled.yaml b/rules/os/os_library_validation_enabled.yaml
index 1128e781..b53059d9 100644
--- a/rules/os/os_library_validation_enabled.yaml
+++ b/rules/os/os_library_validation_enabled.yaml
@@ -28,15 +28,13 @@ references:
     - N/A
   cis:
     benchmark:
-      - 5.1.4 (level 1)
+      - N/A
     controls v8:
       - 2.3
       - 2.6
 macOS:
   - "13.0"
 tags:
-  - cis_lvl1
-  - cis_lvl2
   - cisv8
 mobileconfig: true
 mobileconfig_info:
diff --git a/rules/os/os_safari_open_safe_downloads_disable.yaml b/rules/os/os_safari_open_safe_downloads_disable.yaml
index a16006c2..e42c7e89 100644
--- a/rules/os/os_safari_open_safe_downloads_disable.yaml
+++ b/rules/os/os_safari_open_safe_downloads_disable.yaml
@@ -23,7 +23,7 @@ references:
     - N/A
   cis:
     benchmark:
-      - 6.3 (level 1)
+      - 6.3.1 (level 1)
     controls v8:
       - 9
 macOS:
diff --git a/rules/os/os_terminal_secure_keyboard_enable.yaml b/rules/os/os_terminal_secure_keyboard_enable.yaml
index 6486dee3..1e8394a1 100644
--- a/rules/os/os_terminal_secure_keyboard_enable.yaml
+++ b/rules/os/os_terminal_secure_keyboard_enable.yaml
@@ -20,7 +20,7 @@ references:
     - N/A
   cis:
     benchmark:
-      - 2.10 (level 1)
+      - 6.4.1 (level 1)
     controls v8:
       - 4.8
 macOS:
diff --git a/rules/supplemental/supplemental_cis_manual.yaml b/rules/supplemental/supplemental_cis_manual.yaml
index 9cb3079a..cdc54b06 100644
--- a/rules/supplemental/supplemental_cis_manual.yaml
+++ b/rules/supplemental/supplemental_cis_manual.yaml
@@ -9,7 +9,7 @@ discussion: |
   |System Settings
 
   |Recommendations
-  |  2.1.1.1 Audit iCloud Keychain +
+  |2.1.1.1 Audit iCloud Keychain +
   2.1.1.2 Audit iCloud Drive + 
   2.1.2 Audit App Store Password Settings +
   2.3.3.12 Ensure Computer Name Does Not Contain PII or Protected Organizational Information +
@@ -42,7 +42,9 @@ discussion: |
   5.2.4 Ensure Complex Password Must Contain Numeric Character Is Configured +
   5.2.5 Ensure Complex Password Must Contain Special Character Is Configured +
   5.2.6 Ensure Complex Password Must Contain Uppercase and Lowercase Characters Is Configured +
-  5.5 Ensure login keychain is locked when the computer sleeps +
+  5.3.1 Ensure All User Storage APFS Volumes are Encrypted +
+  5.3.2 Ensure All User Storage CoreStorage Volumes are Encrypted +
+  5.5 Ensure Login Keychain is Locked when the Computer Sleeps +
   |===
 
   [cols="15%h, 85%a"]
diff --git a/rules/system_settings/system_settings_firewall_enable.yaml b/rules/system_settings/system_settings_firewall_enable.yaml
index b050a0f0..18fb7a9f 100644
--- a/rules/system_settings/system_settings_firewall_enable.yaml
+++ b/rules/system_settings/system_settings_firewall_enable.yaml
@@ -46,7 +46,7 @@ references:
     - 3.13.5
   cis:
     benchmark: 
-      - 2.3.2.1 (level 1)
+      - 2.2.1 (level 1)
     controls v8: 
       - 4.1
       - 4.5
diff --git a/rules/system_settings/system_settings_location_services_audit.yaml b/rules/system_settings/system_settings_location_services_audit.yaml
deleted file mode 100644
index de7f13a8..00000000
--- a/rules/system_settings/system_settings_location_services_audit.yaml
+++ /dev/null
@@ -1,38 +0,0 @@
-id: system_settings_location_services_audit
-title: "Audit Location Services"
-discussion: |
-  The organization _MUST_ audit which applications have access to location services.
-check: |
-  sudo /usr/libexec/PlistBuddy -c print /var/db/locationd/clients.plist | grep Dict | awk '(NR>1) { print $1 }' 
-result: 
-  string: "a list containing approved applications."
-fix: |
-  Review the list of applications and remove any unauthorized applications from System Prefrences->Security & Privacy->Privacy->Location Services.
-references:
-  cce:
-    - CCE-91961-3
-  cci: 
-    - N/A
-  800-53r5:
-    - N/A
-  800-53r4: 
-    - N/A
-  disa_stig: 
-    - N/A
-  srg:
-    - N/A
-  cis:
-    benchmark:
-      - 2.5.4 (level 2)
-    controls v8: 
-      - 2.3
-      - 4.1
-macOS:
-  - "13.0"
-tags:
-  - cis_lvl2
-  - cisv8
-  - cis_manual
-  - manual
-mobileconfig: false
-mobileconfig_info:
\ No newline at end of file
diff --git a/rules/system_settings/system_settings_remote_management_disable.yaml b/rules/system_settings/system_settings_remote_management_disable.yaml
index 25746cbd..1b7ecc6b 100644
--- a/rules/system_settings/system_settings_remote_management_disable.yaml
+++ b/rules/system_settings/system_settings_remote_management_disable.yaml
@@ -30,7 +30,7 @@ references:
     - N/A
   cis:
     benchmark: 
-      - 2.4.3 (level 1)
+      - 2.3.3.6 (level 1)
     controls v8:
       - 4.1
       - 4.8
diff --git a/rules/system_settings/system_settings_system_wide_preferences_configure.yaml b/rules/system_settings/system_settings_system_wide_preferences_configure.yaml
index 6183d473..036b0f16 100644
--- a/rules/system_settings/system_settings_system_wide_preferences_configure.yaml
+++ b/rules/system_settings/system_settings_system_wide_preferences_configure.yaml
@@ -8,7 +8,7 @@ check: |
   authDBs=("system.preferences" "system.preferences.energysaver" "system.preferences.network" "system.preferences.printing" "system.preferences.sharing" "system.preferences.softwareupdate" "system.preferences.startupdisk" "system.preferences.timemachine")
   result="1"
   for section in $authDBs; do
-    if [[ $(/usr/bin/security authorizationdb read "$section" 2> /dev/null |  /usr/bin/grep -A 1 "<key>shared</key>" | /usr/bin/grep -c "<false/>") -ne 1 ]]; then
+    if [[ $(/usr/bin/security -q authorizationdb read "$section" | /usr/bin/xmllint -xpath 'name(//*[contains(text(), "shared")]/following-sibling::*[1])' -) != "false" ]]; then
       result="0"
     fi
   done
diff --git a/rules/system_settings/system_settings_time_server_configure.yaml b/rules/system_settings/system_settings_time_server_configure.yaml
index 82786e9a..c2bed40f 100644
--- a/rules/system_settings/system_settings_time_server_configure.yaml
+++ b/rules/system_settings/system_settings_time_server_configure.yaml
@@ -31,7 +31,7 @@ references:
     - 3.3.7
   cis:
     benchmark:
-      - 2.2.1 (level 1)
+      - 2.3.2.1 (level 1)
     controls v8:
       - 8.4
 macOS:
diff --git a/scripts/generate_scap.py b/scripts/generate_scap.py
index 887d5bb3..a5b2a463 100755
--- a/scripts/generate_scap.py
+++ b/scripts/generate_scap.py
@@ -2254,7 +2254,57 @@ def generate_scap(all_rules, all_baselines, args):
                                 <authorizationdb_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#macos" comment="{}_test" id="oval:mscp:ste:{}" version="1">
                 <value_of>{}</value_of>
             </authorizationdb_state>'''.format(rule_yaml['id'] + "_" + odv_label,x,key)
-                    x += 1
+                    
+                    else:
+                        if "authorizationdb" in rule_yaml['check']:
+                            regex = r"=\(.*.\)"
+                            matchy_match = []
+                            matches = re.finditer(regex, rule_yaml['check'], re.MULTILINE)
+                            for matchNum, match in enumerate(matches, start=1):
+                                matchy_match = match.group().replace('=(',"").replace(")","").replace('"','').split()
+                            
+                            oval_definition = oval_definition + '''
+                                <definition id="oval:mscp:def:{}" version="1" class="compliance"> 
+                    <metadata> 
+                        <title>{}</title> 
+                        <reference source="CCE" ref_id="{}"/>
+                        <reference source="macos_security" ref_id="{}"/>
+                        <description>{}</description> 
+                    </metadata> 
+                <criteria operator="AND">'''.format(x,rule_yaml['title'],cce,rule_yaml['id'] + "_" + odv_label,rule_yaml['discussion'])
+
+                            for match in matchy_match:
+                                
+                                oval_definition = oval_definition + '''
+                            <criterion comment="{}" test_ref="oval:mscp:tst:{}" />
+                            '''.format(rule_yaml['id'] + "+" + match, x)
+                                oval_test = oval_test + '''
+                                <authorizationdb_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#macos" check="all" check_existence="only_one_exists" comment="{}_test" id="oval:mscp:tst:{}" version="2">
+                <object object_ref="oval:mscp:obj:{}" />
+                <state state_ref="oval:mscp:ste:{}" />
+            </authorizationdb_test>'''.format(match,x,x,x)
+                                key="shared"
+                                value=""
+                                if "false" in rule_yaml["check"]: 
+                                    value="false"
+                                else:
+                                    value="true"
+
+                                oval_object = oval_object + '''
+                                <authorizationdb_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#macos" comment="{}_object" id="oval:mscp:obj:{}" version="1">
+                <right_name>{}</right_name>
+                <xpath>boolean(//key[text()="{}"]/following-sibling::{})</xpath>
+            </authorizationdb_object>  '''.format(match,x,match,key,value)
+
+                                oval_state = oval_state  + '''
+                <authorizationdb_state xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#macos" comment="{}_state" id="oval:mscp:ste:{}" version="1">
+                
+            <value_of datatype="boolean" operation="equals">true</value_of>
+            </authorizationdb_state>'''.format(match,x)
+                                x += 1
+                            
+                            oval_definition = oval_definition + "</criteria></definition>"
+
                     continue
                 if "/bin/rm" in rule_yaml['fix'] and "/bin/ls" in rule_yaml['check']:
                     oval_definition = oval_definition + '''