diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/oval/shared.xml
index 07f99ff5bba8..170d6e34ab17 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/oval/shared.xml
+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/oval/shared.xml
@@ -7,6 +7,15 @@
+{{% if product in ["rhel8"] %}}
+
+
+
+
+
+{{% endif %}}
@@ -33,10 +42,36 @@
+{{% set superusers_regex = '^[\\s]*set[\\s]+superusers="(?i)\\b(?!(?:root|admin|administrator)\\b)(\\w+)".*\\n[\\s]*export[\\s]+superusers[\\s]*$' %}}
+
{{{ grub2_uefi_boot_path }}}/grub.cfg
- ^[\s]*set[\s]+superusers="(?i)\b(?!(?:root|admin|administrator)\b)(\w+)".*\n[\s]*export[\s]+superusers[\s]*$
+ {{{ superusers_regex }}}
+ 1
+
+{{% if product in ["rhel8"] %}}
+
+
+
+
+ {{{ grub2_uefi_boot_path }}}/grub.cfg
+ ^[\s]*configfile\b.*$
+ 1
+
+
+
+
+
+
+
+
+ {{{ grub2_boot_path }}}/grub.cfg
+ {{{ superusers_regex }}}
1
+{{% endif %}}
+
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/tests/stub.fail.sh b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/tests/stub.fail.sh
new file mode 100644
index 000000000000..4c077fa1bb1f
--- /dev/null
+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/tests/stub.fail.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+# platform = Red Hat Enterprise Linux 8
+
+. $SHARED/grub2.sh
+
+cat <<'EOF' >/boot/efi/EFI/redhat/grub.cfg
+search --no-floppy --set prefix --file /boot/grub2/grub.cfg
+set prefix=($prefix)/boot/grub2
+configfile $prefix/grub.cfg
+EOF
+
+GRUB_CFG_ROOT="/boot/grub2"
+set_superusers "root"
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/tests/stub.pass.sh b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/tests/stub.pass.sh
new file mode 100644
index 000000000000..45a6bb0c61f2
--- /dev/null
+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/tests/stub.pass.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+# platform = Red Hat Enterprise Linux 8
+
+. $SHARED/grub2.sh
+
+cat <<'EOF' >/boot/efi/EFI/redhat/grub.cfg
+search --no-floppy --set prefix --file /boot/grub2/grub.cfg
+set prefix=($prefix)/boot/grub2
+configfile $prefix/grub.cfg
+EOF
+
+GRUB_CFG_ROOT="/boot/grub2"
+set_superusers "koskic"
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml
index 6323828071e6..c780cf69e5e1 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml
+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml
@@ -4,9 +4,16 @@
+{{% if product in ["rhel8"] %}}
+
+
+
+
+
+{{% endif %}}
-
+
@@ -16,4 +23,24 @@
1
+{{% if product in ["rhel8"] %}}
+
+
+
+
+ {{{ grub2_uefi_boot_path }}}/grub.cfg
+ ^[\s]*configfile\b.*$
+ 1
+
+
+
+
+
+
+ {{{ grub2_boot_path }}}/user.cfg
+ ^[\s]*GRUB2_PASSWORD=grub\.pbkdf2\.sha512.*$
+ 1
+
+{{% endif %}}
+
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/tests/invalid_username.fail.sh b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/tests/invalid_username.fail.sh
deleted file mode 100644
index c477fd7a9acd..000000000000
--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/tests/invalid_username.fail.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-# remediation = none
-
-. $SHARED/grub2.sh
-
-set_grub_uefi_root
-
-make_grub_password
-sed -i '/set superusers/d' /boot/grub/grub.cfg
-sed -i '/export superusers/d' /boot/grub/grub.cfg
-set_superusers "use r"
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/tests/stub.fail.sh b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/tests/stub.fail.sh
new file mode 100644
index 000000000000..0673a07f6c1a
--- /dev/null
+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/tests/stub.fail.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+# platform = Red Hat Enterprise Linux 8
+
+. $SHARED/grub2.sh
+
+cp "/boot/efi/EFI/redhat/user.cfg" "/boot/grub2/user.cfg"
+cat <<'EOF' >/boot/efi/EFI/redhat/grub.cfg
+search --no-floppy --set prefix --file /boot/grub2/grub.cfg
+set prefix=($prefix)/boot/grub2
+configfile $prefix/grub.cfg
+EOF
+rm -rf "/boot/grub2/user.cfg"
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/tests/stub.pass.sh b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/tests/stub.pass.sh
new file mode 100644
index 000000000000..13dd27d8aca1
--- /dev/null
+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/tests/stub.pass.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+# platform = Red Hat Enterprise Linux 8
+
+. $SHARED/grub2.sh
+
+cat <<'EOF' >/boot/efi/EFI/redhat/grub.cfg
+search --no-floppy --set prefix --file /boot/grub2/grub.cfg
+set prefix=($prefix)/boot/grub2
+configfile $prefix/grub.cfg
+EOF
+
+GRUB_CFG_ROOT="/boot/grub2"
+make_grub_password