diff --git a/stig/images/src/png/scap-workbench-profile-disa-stig.png b/stig/images/src/png/scap-workbench-profile-disa-stig.png
new file mode 100644
index 00000000..9d730860
Binary files /dev/null and b/stig/images/src/png/scap-workbench-profile-disa-stig.png differ
diff --git a/stig/images/src/png/scap-workbench-profile-stig-customize.png b/stig/images/src/png/scap-workbench-profile-stig-customize.png
new file mode 100644
index 00000000..f79bc633
Binary files /dev/null and b/stig/images/src/png/scap-workbench-profile-stig-customize.png differ
diff --git a/stig/images/src/png/scap-workbench-select-content-to-load.png b/stig/images/src/png/scap-workbench-select-content-to-load.png
new file mode 100644
index 00000000..5df91a9f
Binary files /dev/null and b/stig/images/src/png/scap-workbench-select-content-to-load.png differ
diff --git a/stig/images/src/png/scap-workbench-select-rule.png b/stig/images/src/png/scap-workbench-select-rule.png
new file mode 100644
index 00000000..e87c03f3
Binary files /dev/null and b/stig/images/src/png/scap-workbench-select-rule.png differ
diff --git a/stig/images/src/png/scap-workbench-tailor-file-save.png b/stig/images/src/png/scap-workbench-tailor-file-save.png
new file mode 100644
index 00000000..e0fbc3fa
Binary files /dev/null and b/stig/images/src/png/scap-workbench-tailor-file-save.png differ
diff --git a/stig/xml/article_stig.xml b/stig/xml/article_stig.xml
index 709d60a1..0298fc4c 100644
--- a/stig/xml/article_stig.xml
+++ b/stig/xml/article_stig.xml
@@ -445,6 +445,242 @@
+
+ Applying a tailored &stiga; profile
+
+
+ The standard or default &stiga; profile is sufficient for most
+ deployments. In addition, you can create and apply tailoring
+ files to tailor SCAP content and change its behaviour without
+ directly modifying the standard configurations.
+
+
+
+ The following sections provide examples of creating tailoring files using
+ either SCAP Workbench or the autotailor command-line
+ utility, and then applying the tailoring file using the
+ ssg-apply command-line utility.
+
+
+
+ Generalized tailoring
+
+ Although the following sections provide example of tailoring for
+ &stiga; profile, you use similar procedure for tailoring other profiles
+ that are valid for your target system.
+
+
+
+
+ Creating tailoring files
+
+ Tailoring files are XML files containing information about the
+ deviation from the standard SCAP content for a profile. You create a
+ tailoring file when you override certain default rules of a standard
+ profile, and save that information along with necessary metadata as an
+ XML file. Once created, you can apply the tailoring file using a
+ suitable program such as the ssg-apply utility.
+
+
+ &suse; recommends using any one of the following methods of creating a
+ tailoring file:
+
+
+
+
+ Manually, using the SCAP Workbench. This method is best suited when
+ you are unsure of the rules that you want to override in the
+ standard content of a profile, and would prefer the convenience of
+ a graphical software.
+
+
+
+
+ Automatically, using the autotailor command-line
+ tool which is bundled with the openscap-utils
+ package. This method is best suited when you sure of all the
+ information that you need to create a tailoring file.
+
+
+
+
+ Creating tailoring files using SCAP Workbench
+
+ This section provides an example procedure for creating a tailoring
+ file based on the standard &stiga; profile, using the SCAP Workbench
+ graphical software. You can use a similar procedure to create
+ tailoring files for any other valid profile.
+
+
+ As a prerequisite, ensure that you have installed the necessary
+ packages, as described in the section
+ .
+
+
+
+
+ Start SCAP Workbench by invoking it on the terminal:
+
+&prompt.user;scap-workbench
+
+
+
+ Depending on whether you are using &sle; 15 or &sle; 12, select
+ either SLe15 or SLe12
+ from the Select content to load drop-down
+ list. In this example procedure, we select
+ SLe15.
+
+
+
+
+ In the next window titled Guide to the Secure
+ Configuation of SUSE Linux Enterprise 15, perform the
+ following steps:
+
+
+
+
+ From the Profile drop-down list, select
+ the profile that you want to customize. In this example, we
+ select DISA &stiga; for SUSE Linux Enterprise 15
+ (242). The number within parenthesis at the end of
+ the profile name represents the number of rules that comprise
+ your selected profile. For example, DISA &stiga; for SUSE
+ Linux Enterprise 15 has 242 rules.
+
+
+
+
+ Optionally, if your target is a remote
+ system, select the Remote Machine (over
+ SSH) and provide necessary infomation.
+
+
+ In this example procedure, we assume that the target system
+ is your Local Machine.
+
+
+
+
+ Click Customize, edit the New
+ Profile ID field if necessary, and click
+ OK. The default New Profile
+ ID provided by SCAP Workbench for the selected
+ profile is
+ xccdf_org.ssgproject.content_profile_stig_customized.
+
+
+
+
+
+
+ In the next window titled Customizing "DISA STIG for
+ SUSE Linux Enterprise 15 [CUSTOMIZED]"‐SCAP
+ Workbench, perform the following steps:
+
+
+
+
+ Override the default rules by selecting or deselecting them.
+ For example, we select the checkbox adjacent to the rule
+ Limit Users' SSH Access to further
+ harden the target system's access over SSH. You can select or
+ deselect multiple such rules.
+
+
+ When unsure, read the rule's description
+
+ Before selecting or deselecting the checkbox adjacent to
+ the rule, you can click the rule and read the
+ Description provide at the right pane
+ of the window.
+
+
+
+
+
+ When you are sure about the override of rules, click
+ OK.
+
+
+
+
+
+
+ On returning to the home window of SCAP
+ Workbench, notice that the Customization
+ field has changed to (unsaved changes).
+
+
+ Using the menu at the top left of the window, save the
+ customization by clicking
+ FileSave Customization
+ Only.
+
+
+ When saved, the Customization field displays
+ the path to the tailoring file.
+
+
+
+
+ Optionally, inspect the tailoring file by
+ opening it with a text editor of your choice. Based on the
+ example override of rules, the tailoring file contains the
+ following information.
+
+
+
+
+ 1
+
+ DISA STIG for SUSE Linux Enterprise 15 [CUSTOMIZED]
+ This profile contains configuration checks that align to the
+DISA STIG for SUSE Linux Enterprise 15 V1R4.
+
+
+]]>
+
+
+
+
+ Creating tailoring files using <command>autotailor</command>
+
+ There might be deployments where installing a graphical software such
+ as SCAP Workbench is not suitable. In even more sensitive
+ deployments, the customization of a remote target machine over SSH
+ from a client machine running SCAP Workbench might also not be an
+ option.
+
+
+ In such situations, the autotailor command-line
+ tool that comes bundled with the openscap-utils is
+ a suitable choice. However, you must be sure of all information
+ necessary for creating the tailoring file.
+
+
+ To create a tailoring file with autotailor, use
+ the following syntax:
+
+&prompt.user;autotailor \
+ --select RULE_ID --unselect RULE_ID --var-value VAR=VALUE \
+ --output TAILORING_FILE --new_profile_id NEW_PROFILE_ID \
+ DS_FILENAMEBASE_PROFILE_ID
+
+
+
+
+
+ Applying tailoring file
+
+
+ Applying tailoring file using <command>ssg-apply</command>
+
+
+
+ Working with checklists in &stigviewer;