diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml
index 41d6743a89a..392521e6a65 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_almalinux
+# platform = multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml
index 80fff377d1f..766ceb4d450 100644
--- a/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml
+++ b/linux_os/guide/auditing/auditd_configure_rules/directory_access_var_log_audit/rule.yml
@@ -28,6 +28,8 @@ identifiers:
     cce@rhel8: CCE-80941-8
     cce@rhel9: CCE-86574-1
     cce@rhel10: CCE-90052-2
+    cce@sle15: CCE-92693-1
+    cce@sle16: CCE-96700-0
 
 references:
     nist: AU-2(d),AU-12(c),AC-6(9),CM-6(a)
@@ -39,4 +41,3 @@ ocil: |-
     <code>/var/log/audit</code> directory, run the following command:
     <pre space="preserve">$ sudo grep "dir=/var/log/audit" /etc/audit/audit.rules</pre>
     If the system is configured to audit this activity, it will return a line.
-
diff --git a/products/sle15/profiles/pci-dss-4.profile b/products/sle15/profiles/pci-dss-4.profile
index a3201d214dc..f114f7c0f3f 100644
--- a/products/sle15/profiles/pci-dss-4.profile
+++ b/products/sle15/profiles/pci-dss-4.profile
@@ -52,7 +52,6 @@ selections:
     - '!accounts_password_pam_minlen'
     - '!no_password_auth_for_systemaccounts'
     - '!file_groupowner_user_cfg'
-    - '!directory_access_var_log_audit'
     - '!ensure_root_password_configured'
     - '!gnome_gdm_disable_automatic_login'
     - '!accounts_password_pam_pwhistory_remember_password_auth'
diff --git a/products/sle16/controls/base_sle16/0500_audit.yml b/products/sle16/controls/base_sle16/0500_audit.yml
index 3992ba8450e..8658604a1d6 100644
--- a/products/sle16/controls/base_sle16/0500_audit.yml
+++ b/products/sle16/controls/base_sle16/0500_audit.yml
@@ -79,3 +79,11 @@ controls:
       status: automated
       rules:
           - audit_rules_dac_modification_fchmodat2
+
+    - id: SLES-16-16016545
+      levels:
+          - pcidss4
+      title: SLE16 system should audit access to /var/log/audit
+      status: automated
+      rules:
+          - directory_access_var_log_audit
diff --git a/products/sle16/profiles/base.profile b/products/sle16/profiles/base.profile
index 0db9a87de0f..3de62b8b820 100644
--- a/products/sle16/profiles/base.profile
+++ b/products/sle16/profiles/base.profile
@@ -22,3 +22,4 @@ selections:
     - grub2_spectre_v2_argument
     - grub2_nosmep_argument_absent
     - grub2_audit_argument
+    - directory_access_var_log_audit
diff --git a/shared/macros/20-test-scenarios.jinja b/shared/macros/20-test-scenarios.jinja
index 67f298632bc..53bfe16e733 100644
--- a/shared/macros/20-test-scenarios.jinja
+++ b/shared/macros/20-test-scenarios.jinja
@@ -6,7 +6,11 @@ This macro changes the configuration of the audit service so that it looks like
   {{% if product in ["fedora", "ol10", "rhel10"] %}}
   sed -i "s%^ExecStart=.*%ExecStart=/sbin/auditctl%" /usr/lib/systemd/system/audit-rules.service
   {{% else %}}
-sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
+  {{% if product == "sle15" %}}
+  sed -i "s%^#ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
+  {{% else %}}
+  sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
+  {{% endif %}}
   {{% endif %}}
 {{%- endmacro -%}}
 
diff --git a/shared/references/cce-sle15-avail.txt b/shared/references/cce-sle15-avail.txt
index e75b08ba7a7..4e7c6ead4ea 100644
--- a/shared/references/cce-sle15-avail.txt
+++ b/shared/references/cce-sle15-avail.txt
@@ -74,4 +74,3 @@ CCE-92689-9
 CCE-92690-7
 CCE-92691-5
 CCE-92692-3
-CCE-92693-1
diff --git a/shared/references/cce-sle16-avail.txt b/shared/references/cce-sle16-avail.txt
index 73c93a908fb..3ea1cdcc92e 100644
--- a/shared/references/cce-sle16-avail.txt
+++ b/shared/references/cce-sle16-avail.txt
@@ -980,4 +980,3 @@ CCE-96696-0
 CCE-96697-8
 CCE-96698-6
 CCE-96699-4
-CCE-96700-0