diff --git a/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd b/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd
index ee02995..1d3e9f7 100644
--- a/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd
+++ b/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd
@@ -428,6 +428,26 @@ Configure non-compliant accounts to enforce a 60-day maximum password lifetime r
 # chage -M 60 [username]
 ```
 
+## 10.1.7 Remove(Replace) NOPASSWD to PASSWD in the sudoers config file (Scored) 
+
+### Profile Applicability
+Level 3
+
+### Description
+Users must provide a password for privilege escalation.
+
+### Rationale
+Without re-authentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user re-authenticate. 
+
+### Aduit
+If passwords are not being used for authentication, this is Not Applicable. Verify the operating system requires users to supply a password for privilege escalation. Check the configuration of the "/etc/sudoers" and "/etc/sudoers.d/*" files with the following command: 
+```
+# grep -i nopasswd /etc/sudoers /etc/sudoers.d/*
+```
+If any uncommented line is found with a "NOPASSWD" tag, this is a finding.
+
+### Remediation
+Replace any occurrences of "NOPASSWD" tags to "PASSWD" tags in the file.
 
 
 template