diff --git a/controls/stig_slmicro5.yml b/controls/stig_slmicro5.yml
index c3ef2253d91d..90e2568bfd95 100644
--- a/controls/stig_slmicro5.yml
+++ b/controls/stig_slmicro5.yml
@@ -1349,8 +1349,9 @@ controls:
           SLEM 5 must notify the system administrator (SA) when Advanced Intrusion
           Detection Environment (AIDE) discovers anomalies in the operation of any security
           functions.
-      rules: []
-      status: pending
+      rules:
+          - aide_scan_notification
+      status: automated
     
     - id: SLEM-05-652010
       levels:
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
index 6544d5d94caf..d486ed817862 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
@@ -12,7 +12,7 @@
   with_items:
     - aide
 
-{{% if product in ["sle15"] %}}
+{{% if product in ["sle15", "slmicro5"] %}}
 - name: "{{{ rule_title }}} check service"
   ansible.builtin.blockinfile:
       create: yes
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh
index c3a4301f91c6..972a4813cfb4 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/bash/shared.sh
@@ -3,7 +3,7 @@
 {{{ bash_package_install("aide") }}}
 {{{ bash_instantiate_variables("var_aide_scan_notification_email") }}}
 
-{{% if product in ["sle15"] %}}
+{{% if product in ["sle15", "slmicro5"] %}}
 # create unit file for periodic aide database check
 cat > /etc/systemd/system/aidecheck.service <<CHECKEOF
 [Unit]
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/oval/shared.xml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/oval/shared.xml
index f9433d6a10b3..38630e94ae29 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/oval/shared.xml
@@ -11,7 +11,7 @@
           test_ref="test_aide_var_cron_notification" />
         <criterion comment="notify personnel when aide completes in cron.(d|daily|weekly|monthly)"
           test_ref="test_aide_crontabs_notification" />
-{{% if product in ["sle15"] %}}
+{{% if product in ["sle15", "slmicro5"] %}}
         <criteria operator="AND">
           <criterion comment="notification started after check"
             test_ref="test_aidecheck_systemd_scan_before_notification"/>
@@ -52,7 +52,7 @@
     <ind:pattern operation="pattern match">^.*{{{ aide_bin_path }}}[\s]*\-\-check.*\|.*/bin/mail[\s]*-s[\s]*".*"[\s]*.+@.+$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
-{{% if product in ["sle15"] %}}
+{{% if product in ["sle15", "slmicro5"] %}}
   <ind:textfilecontent54_test check="all" check_existence="all_exist"
     id="test_aidecheck_systemd_scan_report" version="1"
     comment="report results of aide check, when started by systemd">
@@ -61,7 +61,7 @@
   <ind:textfilecontent54_object id="obj_aidecheck_systemd_report" version="1"
     comment="run aide check with output to a report file">
     <ind:filepath>/etc/systemd/system/aidecheck.service</ind:filepath>
-    <ind:pattern operation="pattern match">^ExecStart\=.*/usr/bin/aide[\s]*\-\-check.*\-r\s*file:\/w*.*$</ind:pattern>
+    <ind:pattern operation="pattern match">^.*ExecStart\=.*/usr/bin/aide[\s]*\-\-check.*\-r\s*file:\/w*.*$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
   <ind:textfilecontent54_test check="all" check_existence="all_exist"
@@ -72,7 +72,7 @@
   <ind:textfilecontent54_object id="obj_aidecheck_systemd_before_notification" version="1"
     comment="run aide check before notification">
     <ind:filepath>/etc/systemd/system/aidecheck.service</ind:filepath>
-    <ind:pattern operation="pattern match">^Before\=.*aidecheck-notify.service$</ind:pattern>
+    <ind:pattern operation="pattern match">^.*Before\=.*aidecheck-notify.service.*$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
   <ind:textfilecontent54_test check="all" check_existence="any_exist"
@@ -83,7 +83,7 @@
   <ind:textfilecontent54_object id="object_aidecheck_for_notification_enabled" version="1"
     comment="list of dependencies should include aidecheck.service">
     <ind:filepath>/etc/systemd/system/aidecheck.service</ind:filepath>
-    <ind:pattern operation="pattern match">^Wants\=.*aidecheck-notify.service.*$</ind:pattern>
+    <ind:pattern operation="pattern match">^.*Wants\=.*aidecheck-notify.service.*$</ind:pattern>
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
 {{% endif %}}
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
index d786e13096fb..028e6dc2f8d5 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
@@ -32,6 +32,7 @@ identifiers:
     cce@rhel10: CCE-90177-7
     cce@sle12: CCE-83048-9
     cce@sle15: CCE-91214-7
+    cce@slmicro5: CCE-93722-7
 
 references:
     cis-csc: 1,11,12,13,15,16,2,3,5,7,8,9
@@ -54,7 +55,7 @@ ocil_clause: 'AIDE has not been configured or has not been configured to notify
 
 ocil: |-
     To determine that periodic AIDE execution has been scheduled, run the following command:
-{{% if product in ["sle15"] %}}
+{{% if product in ["sle15", "slmicro5"] %}}
     <pre>$ sudo systemctl status  aidecheck-notify|grep loaded</pre>
     The output should return that the service is loaded.
     Also we should make sure that notification service is started by the check:
@@ -73,7 +74,7 @@ fixtext: |-
     The AIDE tool can be configured to email designated personnel with the use of the cron system.
 
     The following example output is generic. It will set cron to run AIDE daily and to send email at the completion of the analysis.
-{{% if product in ["sle15"] %}}
+{{% if product in ["sle15", "slmicro5"] %}}
     $ cat > /etc/systemd/system/aidecheck-notify.service <<NOTIFYEOF
     [Unit]
         Description=Status email for AIDE check result
diff --git a/shared/references/cce-slmicro5-avail.txt b/shared/references/cce-slmicro5-avail.txt
index 7721fdd7e32e..2e8c36c93f47 100644
--- a/shared/references/cce-slmicro5-avail.txt
+++ b/shared/references/cce-slmicro5-avail.txt
@@ -9,7 +9,6 @@ CCE-93709-4
 CCE-93713-6
 CCE-93711-0
 CCE-93712-8
-CCE-93722-7
 CCE-93726-8
 CCE-93743-3
 CCE-93757-3