"Ensure that System Accounts Do Not Run a Shell Upon Login" all fails if one item fails

[huornlmj]

Description of problem:

For Ubuntu 22.04 "CIS Ubuntu 22.04 Level 1 Server Benchmark", all portions of "Ensure that System Accounts Do Not Run a Shell Upon Login" reported as fails if only one portion actually fails.
Rule: xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts

Here is the actual line in /etc/login.defs

# grep "SYS_UID_MIN" /etc/login.defs
#SYS_UID_MIN

Here is the same file on a different system with all portions of the test passing:

# grep "SYS_UID_MIN" /etc/login.defs
#SYS_UID_MIN 

SCAP Security Guide Version:

OpenSCAP command line tool (oscap) 1.2.17

Operating System Version:

Ubuntu 22.04.5 LTS

Steps to Reproduce:

1. Scan two identical systems.
2. On one system, add a fail such as a system account with a login shell, such as /bin/sh.
3. Scan this updated system and observe all tests in the section fail despite both /etc/login.defs being identical (i.e., both remarked out in vanilla Ubuntu).

[mpurg]

Just to confirm, the overall state of the rule agrees with what you would expect?
The issue is only that the individual components of the rule are marked differently depending on the outcome of other components?