diff --git a/controls/os_spec.rb b/controls/os_spec.rb
index ec2bbf9..327fcac 100644
--- a/controls/os_spec.rb
+++ b/controls/os_spec.rb
@@ -282,3 +282,55 @@
     end
   end
 end
+
+control 'os-14' do
+  impact 1.0
+  title 'Check owner and permissions for /etc/gshadow'
+  desc 'Check periodically the owner and permissions for /etc/gshadow'
+  describe file('/etc/gshadow') do
+    it { should exist }
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    its('group') { should eq shadow_group }
+    it { should_not be_executable }
+    it { should_not be_writable.by('group') }
+    it { should_not be_writable.by('other') }
+    it { should_not be_readable.by('other') }
+  end
+end
+
+control 'os-15' do
+  impact 1.0
+  title 'Check owner and permissions for /etc/shadow-'
+  desc 'Check periodically the owner and permissions for /etc/shadow-'
+  only_if('/etc/shadow- exists') do
+    file('/etc/shadow-').exist?
+  end
+  describe file('/etc/shadow-') do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    its('group') { should eq shadow_group }
+    it { should_not be_executable }
+    it { should_not be_writable.by('group') }
+    it { should_not be_writable.by('other') }
+    it { should_not be_readable.by('other') }
+  end
+end
+
+control 'os-16' do
+  impact 1.0
+  title 'Check owner and permissions for /etc/gshadow-'
+  desc 'Check periodically the owner and permissions for /etc/gshadow-'
+  only_if('/etc/gshadow- exists') do
+    file('/etc/gshadow-').exist?
+  end
+  describe file('/etc/gshadow-') do
+    it { should be_file }
+    it { should be_owned_by 'root' }
+    its('group') { should eq shadow_group }
+    it { should_not be_executable }
+    it { should_not be_writable.by('group') }
+    it { should_not be_writable.by('other') }
+    it { should_not be_readable.by('other') }
+  end
+end