diff --git a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/policy/stig/shared.yml b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/policy/stig/shared.yml
index ab4d53964856..17cb971f1309 100644
--- a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/policy/stig/shared.yml
+++ b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/policy/stig/shared.yml
@@ -9,14 +9,21 @@ checktext: |-
 
     Determine if the "IPsec" service is active with the following command:
 
+    {{% if product in ['sle15', 'sle16'] %}}
     $ systemctl is-active ipsec
+    {{% else %}}
+    $ systemctl is-active strongswan
+    {{% endif %}}
 
     Inactive
 
     If the "IPsec" service is active, check for configured IPsec connections ("conn"), with the following command:
 
     $ sudo grep -rni conn /etc/ipsec.conf /etc/ipsec.d/
-
+    {{% if product in ['sle15', 'sle16'] %}}
+    Also:
+    $ sudo grep -rni conn /etc/swanctl/swanctl.conf /etc/swanctl/conf.d/
+    {{% endif %}}
     Verify any returned results are documented with the ISSO.
 
     If the IPsec tunnels are active and not approved, this is a finding.
diff --git a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
index e479600d1a93..2c3fa2c123af 100644
--- a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
+++ b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
@@ -8,7 +8,11 @@ description: |-
     and IKE, which permits the creation of secure tunnels over
     untrusted networks. As such, IPsec can be used to circumvent certain
     network requirements such as filtering. Verify that if any IPsec connection
+    {{% if product in ['sle15', 'sle16'] %}}
+    (<tt>conn</tt>) configured in <tt>/etc/swanctl/swanctl.conf</tt> and <tt>/etc/swanctl/conf.d/</tt>
+    {{% else %}}
     (<tt>conn</tt>) configured in <tt>/etc/ipsec.conf</tt> and <tt>/etc/ipsec.d</tt>
+    {{% endif %}}
     exists is an approved organizational connection.
 
 rationale: 'IP tunneling mechanisms can be used to bypass network filtering.'
@@ -20,6 +24,7 @@ identifiers:
     cce@rhel9: CCE-90319-5
     cce@rhel10: CCE-87382-8
     cce@sle15: CCE-91153-7
+    cce@sle16: CCE-95793-6
 
 references:
     cis-csc: 1,12,13,14,15,16,18,4,6,8,9
@@ -41,18 +46,36 @@ ocil: |-
     {{% if 'rhel' in product or 'ol' in families %}}
     # {{{ pkg_manager }}} list installed libreswan
     libreswan.x86-64 3.20-5.el7_4
+    {{% elif product in ['sle15', 'sle16'] %}}
+    strongswan
     {{% endif %}}
 
+    {{% if product in ['sle15', 'sle16'] %}}
+    If "libreswan" is installed, check to see if the "IPsec" service is active with the following command:
+    {{% else %}}
     If "libreswan" is installed, check to see if the "IPsec" service is active with the following command:
+    {{% endif %}}
 
+    {{% if product in ['sle15', 'sle16'] %}}
+    # systemctl status strongswan
+    strongswan.service - strongSwan IPsec IKEv1/IKEv2 daemon using swanctl
+    Loaded: loaded (/usr/lib/systemd/system/strongswan.service; disabled; preset: disabled)
+    Active: inactive (dead)
+    {{% else %}}
     # systemctl status ipsec
     ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
     Loaded: loaded (/usr/lib/systemd/system/ipsec.service; disabled)
     Active: inactive (dead)
+    {{% endif %}}
 
 
     If the "IPsec" service is active, check for configured IPsec connections (<tt>conn</tt>), perform the following:
     <pre>grep -rni conn /etc/ipsec.conf /etc/ipsec.d/</pre>
+    {{% if product in ['sle15', 'sle16'] %}}
+    Also:
+    <pre>grep -rni conn /etc/swanctl/swanctl.conf /etc/swanctl/conf.d/</pre>
+    {{% endif %}}
+
     Verify any returned results for organizational approval.
 
 fixtext: |-
diff --git a/products/sle16/profiles/hipaa.profile b/products/sle16/profiles/hipaa.profile
index 94fc562559a9..7208d847bc5d 100644
--- a/products/sle16/profiles/hipaa.profile
+++ b/products/sle16/profiles/hipaa.profile
@@ -48,7 +48,6 @@ selections:
     - '!file_permissions_user_cfg'
     - '!grub2_admin_username'
     - '!grub2_uefi_admin_username'
-    - '!libreswan_approved_tunnels'
     - '!package_rsh_removed'
     - '!package_rsh-server_removed'
     - '!package_talk_removed'
diff --git a/shared/applicability/package.yml b/shared/applicability/package.yml
index 7a6ee2ffc985..5f81f2c90524 100644
--- a/shared/applicability/package.yml
+++ b/shared/applicability/package.yml
@@ -57,7 +57,7 @@ args:
     pkgname: libpwquality
     {{% endif %}}
   libreswan:
-    {{% if product == "sle15" %}}
+    {{% if product in  ["sle15", "sle16"] %}}
     pkgname: strongswan-ipsec
     {{% else %}}
     pkgname: libreswan
diff --git a/shared/references/cce-sle16-avail.txt b/shared/references/cce-sle16-avail.txt
index 77ac5a0f06cc..104b04c8b550 100644
--- a/shared/references/cce-sle16-avail.txt
+++ b/shared/references/cce-sle16-avail.txt
@@ -57,7 +57,6 @@ CCE-95788-6
 CCE-95789-4
 CCE-95790-2
 CCE-95791-0
-CCE-95793-6
 CCE-95794-4
 CCE-95795-1
 CCE-95796-9