diff --git a/salt/stig/enabled.sls b/salt/stig/enabled.sls
index 16de3f884..5c4b6851b 100644
--- a/salt/stig/enabled.sls
+++ b/salt/stig/enabled.sls
@@ -13,6 +13,9 @@
 {% from 'allowed_states.map.jinja' import allowed_states %}
 {% if sls.split('.')[0] in allowed_states and GLOBALS.os == 'OEL' %}
 {%   if 'stig' in salt['pillar.get']('features', []) %}
+  {% set OSCAP_PROFILE_NAME = 'xccdf_org.ssgproject.content_profile_stig' %}
+  {% set OSCAP_PROFILE_LOCATION = '/opt/so/conf/stig/sos-oscap.xml' %}
+  {% set OSCAP_OUTPUT_DIR = '/opt/so/log/stig' %}
 oscap_packages:
   pkg.installed:
     - skip_suggestions: True
@@ -43,26 +46,45 @@ update_stig_profile:
     - group: socore
     - mode: 0644
 
-update_remediation_script:
-  file.managed:
-    - name: /usr/sbin/so-stig
-    - source: salt://stig/files/so-stig
-    - user: socore
-    - group: socore
-    - mode: 0755
-    - template: jinja
+{% if not salt['file.file_exists'](OSCAP_OUTPUT_DIR ~ '/pre-oscap-report.html') %}
+run_initial_scan:
+  module.run:
+  - name: openscap.xccdf
+  - params: 'eval --remediate --profile {{ OSCAP_PROFILE_NAME }} --results {{ OSCAP_OUTPUT_DIR }}/pre-oscap-results.xml --report {{ OSCAP_OUTPUT_DIR }}/pre-oscap-report.html {{ OSCAP_PROFILE_LOCATION }}'
+{% endif %}
 
-remove_old_stig_log:
-  file.absent:
-    - name: /opt/so/log/stig/stig-remediate.log
+run_remediate:
+  module.run:
+    - name: openscap.xccdf
+    - params: 'eval --remediate --profile {{ OSCAP_PROFILE_NAME }} --results {{ OSCAP_OUTPUT_DIR }}/post-oscap-results.xml --report {{ OSCAP_PROFILE_LOCATION }}'
 
-run_remediation_script:
-  cmd.run:
-    - name: so-stig > /opt/so/log/stig/stig-remediate.log
-    - hide_output: True
-    - success_retcodes:
-      - 0
-      - 2
+{# OSCAP rule id: xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction #}
+disable_ctrl_alt_del_action:
+  file.replace:
+    - name: /etc/systemd/system.conf
+    - pattern: '^#CtrlAltDelBurstAction=none'
+    - repl: 'CtrlAltDelBurstAction=none'
+    - backup: '.bak'
+
+{# OSCAP rule id: xccdf_org.ssgproject.content_rule_no_empty_passwords #}
+remove_nullok_from_password_auth:
+  file.replace:
+    - name: /etc/pam.d/password-auth
+    - pattern: ' nullok'
+    - repl: ''
+    - backup: '.bak'
+
+remove_nullok_from_system_auth_auth:
+  file.replace:
+    - name: /etc/pam.d/system-auth
+    - pattern: ' nullok'
+    - repl: ''
+    - backup: '.bak'
+
+run_post_scan:
+  module.run:
+    - name: openscap.xccdf
+    - params: 'eval --profile {{ OSCAP_PROFILE_NAME }} --results {{ OSCAP_OUTPUT_DIR }}/post-oscap-results.xml --report {{ OSCAP_OUTPUT_DIR }}/post-oscap-report.html {{ OSCAP_PROFILE_LOCATION }}'
 
 {%   else %}
 {{sls}}_no_license_detected:
diff --git a/salt/stig/files/so-stig b/salt/stig/files/so-stig
deleted file mode 100644
index 7e4799ad8..000000000
--- a/salt/stig/files/so-stig
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/bash
-#
-# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
-# https://securityonion.net/license; you may not use this file except in compliance with the
-# Elastic License 2.0.
-#
-# Note: Per the Elastic License 2.0, the second limitation states:
-#
-#   "You may not move, change, disable, or circumvent the license key functionality
-#    in the software, and you may not remove or obscure any functionality in the
-#    software that is protected by the license key."
-
-stig_conf=/opt/so/conf/stig
-stig_log=/opt/so/log/stig
-
-. /usr/sbin/so-common
-
-logCmd() {
-	cmd=$1
-	echo "Executing command: $cmd"
-	$cmd
-}
-
-apply_stigs(){
-    if [ ! -f $stig_log/pre-oscap-report.html ]; then
-        oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --results $stig_log/pre-oscap-results.xml --report $stig_log/pre-oscap-report.html /usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml
-    fi
-
-    echo -e "\nRunning custom OSCAP profile to remediate applicable STIGs\n"
-    logCmd "oscap xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_stig --results $stig_log/results.xml $stig_conf/sos-oscap.xml"
-
-    # Setting Ctrl-Alt-Del action to none OSCAP rule id: xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction
-    if ! grep -q "^CtrlAltDelBurstAction=none$" /etc/systemd/system.conf; then
-        sed -i 's/#CtrlAltDelBurstAction=reboot-force/CtrlAltDelBurstAction=none/g' /etc/systemd/system.conf
-        logCmd "grep CtrlAltDelBurstAction /etc/systemd/system.conf"
-    fi
-
-    # Setting ctrl-alt-del.target to masked or /dev/null OSCAP rule id: xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot
-    if systemctl is-enabled ctrl-alt-del.target | grep -q masked; then
-        echo "ctrl-alt-del.target is already masked"
-    else
-        echo "Redirecting ctrl-alt-del.target symlink to /dev/null"
-        logCmd "ln -sf /dev/null /etc/systemd/system/ctrl-alt-del.target"
-    fi
-
-    # Remove nullok from password-auth & system-auth OSCAP rule id: xccdf_org.ssgproject.content_rule_no_empty_passwords
-    sed -i 's/ nullok//g' /etc/pam.d/password-auth
-    sed -i 's/ nullok//g' /etc/pam.d/system-auth
-
-    # Setting PermitEmptyPasswords no in /etc/ssh/sshd_config OSCAP rule id: xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords
-    if grep -q "^#PermitEmptyPasswords no$" /etc/ssh/sshd_config; then
-        sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
-        logCmd "grep PermitEmptyPasswords /etc/ssh/sshd_config"
-    else
-        logCmd "echo 'PermitEmptyPasswords no' >> /etc/ssh/sshd_config"
-    fi
-
-    # Setting PermitUserEnvironment no in /etc/ssh/sshd_config STIG rule id: SV-248650r877377
-    if grep -q "^#PermitUserEnvironment no$" /etc/ssh/sshd_config; then
-        sed -i 's/#PermitUserEnvironment no/PermitUserEnvironment no/g' /etc/ssh/sshd_config
-        logCmd "grep PermitUserEnvironment /etc/ssh/sshd_config"
-    else
-        logCmd "echo 'PermitUserEnvironment no' >> /etc/ssh/sshd_config"
-    fi
-
-
-    echo "Running OSCAP scan to verify application of STIGs"
-    oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --results $stig_log/post-oscap-results.xml --report $stig_log/post-oscap-report.html /usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml > /dev/null 2>&1
-}
-
-if is_feature_enabled "stig" >/dev/null 2>&1; then
-    echo -e "---------------------\nApplying STIGs\n---------------------"
-    apply_stigs
-else
-    echo "The application of STIGs is a feature supported only for customers with a valid license. Contact Security Onion Solutions, LLC via our website at https://securityonionsolutions.com for more information about purchasing a license to enable this feature."
-fi
\ No newline at end of file