diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
index baa67efcc0c..79ded6d5682 100644
--- a/controls/cis_rhel8.yml
+++ b/controls/cis_rhel8.yml
@@ -774,16 +774,15 @@ controls:
       - package_httpd_removed
       - package_nginx_removed
 
-  # NEEDS RULE
   - id: 2.2.11
     title: Ensure IMAP and POP3 server is not installed (Automated)
     levels:
       - l1_server
       - l1_workstation
-    status: partial
+    status: automated
     rules:
       - package_dovecot_removed
-      # Needs a rule to remove cyrus-imapd
+      - package_cyrus-imapd_removed
 
   - id: 2.2.12
     title: Ensure Samba is not installed (Automated)
diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml
index 773d7a006c0..b8ef428658f 100644
--- a/controls/cis_rhel9.yml
+++ b/controls/cis_rhel9.yml
@@ -770,16 +770,15 @@ controls:
       - package_httpd_removed
       - package_nginx_removed
 
-  # NEEDS RULE
   - id: 2.2.9
     title: Ensure IMAP and POP3 server is not installed (Automated)
     levels:
       - l1_server
       - l1_workstation
-    status: partial
+    status: automated
     rules:
       - package_dovecot_removed
-      # Needs a rule to remove cyrus-imapd
+      - package_cyrus-imapd_removed
 
   - id: 2.2.10
     title: Ensure Samba is not installed (Automated)
diff --git a/linux_os/guide/services/imap/disabling_cyrus-imapd/group.yml b/linux_os/guide/services/imap/disabling_cyrus-imapd/group.yml
new file mode 100644
index 00000000000..ef248d2e206
--- /dev/null
+++ b/linux_os/guide/services/imap/disabling_cyrus-imapd/group.yml
@@ -0,0 +1,7 @@
+documentation_complete: true
+
+title: 'Disable Cyrus IMAP'
+
+description: |-
+    If the system does not need to operate as an IMAP or
+    POP3 server, the Cyrus IMAP software should be removed.
diff --git a/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml b/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml
new file mode 100644
index 00000000000..9fc6abe2094
--- /dev/null
+++ b/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml
@@ -0,0 +1,29 @@
+documentation_complete: true
+
+prodtype: rhel8,rhel9
+
+title: 'Uninstall cyrus-imapd Package'
+
+description: |-
+    {{{ describe_package_remove(package="cyrus-imapd") }}}
+
+rationale: |-
+    If there is no need to make the cyrus-imapd software available,
+    removing it provides a safeguard against its activation.
+
+severity: unknown
+
+identifiers:
+    cce@rhel8: CCE-88119-3
+    cce@rhel9: CCE-88120-1
+
+references:
+    cis@rhel8: 2.2.11
+    cis@rhel9: 2.2.9
+
+{{{ complete_ocil_entry_package(package="cyrus-imapd") }}}
+
+template:
+    name: package_removed
+    vars:
+        pkgname: cyrus-imapd
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index ea8d82326bc..71cfc539f80 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -1659,8 +1659,6 @@ CCE-88115-1
 CCE-88116-9
 CCE-88117-7
 CCE-88118-5
-CCE-88119-3
-CCE-88120-1
 CCE-88124-3
 CCE-88125-0
 CCE-88126-8