diff --git a/build.gradle b/build.gradle
index a8b4eced0d..76124bcf02 100644
--- a/build.gradle
+++ b/build.gradle
@@ -322,8 +322,8 @@ jacocoTestReport {
 }
 
 checkstyle {
-    configFile file("checkstyle/sun_checks.xml")
-    configFile file("checkstyle/println_checks.xml")
+    toolVersion "10.3.3"
+    configDirectory.set(rootProject.file("checkstyle/"))
 }
 
 opensearchplugin {
diff --git a/checkstyle/sun_checks.xml b/checkstyle/checkstyle.xml
similarity index 92%
rename from checkstyle/sun_checks.xml
rename to checkstyle/checkstyle.xml
index 524ded931e..4484ea4e04 100644
--- a/checkstyle/sun_checks.xml
+++ b/checkstyle/checkstyle.xml
@@ -19,7 +19,7 @@
   To suppress certain violations please review suppression filters.
   Finally, it is worth reading the documentation.
 -->
-
+<!-- exSUN codestyle check with the additional check for System.out.ptintln -->
 <module name="Checker">
   <!--
       If you set the basedir property below, then all reported file
@@ -36,6 +36,13 @@
   <module name="BeforeExecutionExclusionFileFilter">
     <property name="fileNamePattern" value="module\-info\.java$"/>
   </module>
+  <!-- System.out.ptintln -->
+  <module name="BeforeExecutionExclusionFileFilter">
+    <property name="fileNamePattern" value="src/main/java/org/opensearch/security/tools/*"/>
+  </module>
+  <module name="BeforeExecutionExclusionFileFilter">
+    <property name="fileNamePattern" value="src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java"/>
+  </module>
 
   <!-- https://checkstyle.org/config_filters.html#SuppressionFilter -->
   <module name="SuppressionFilter">
@@ -188,6 +195,14 @@
       <property name="optional" value="true"/>
     </module>
 
+    <!-- System.out.println -->
+    <module name="RegexpSinglelineJava">
+      <property name="format" value="System.out.println"/>
+      <property name="ignoreCase" value="true"/>
+      <property name="message" value="Do not use System.out.println" />
+      <property name="severity" value="error"/>
+    </module>
+
   </module>
 
   <module name="RegexpSingleline">
@@ -222,5 +237,4 @@
     <property name="checkFormat" value="$1"/>
   </module>
 
-  <module name="PrintlnModule"/>
 </module>
diff --git a/checkstyle/println_checks.xml b/checkstyle/println_checks.xml
deleted file mode 100644
index 6fd2f7aff4..0000000000
--- a/checkstyle/println_checks.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<?xml version="1.0"?>
-<!DOCTYPE module PUBLIC
-        "-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
-        "https://checkstyle.org/dtds/configuration_1_3.dtd">
-
-<module name="Checker">
-    <module name="BeforeExecutionExclusionFileFilter">
-        <property name="fileNamePattern" value="src/main/java/org/opensearch/security/tools/*"/>
-    </module>
-    <module name="BeforeExecutionExclusionFileFilter">
-        <property name="fileNamePattern" value="src/main/java/com/amazon/dlic/auth/http/kerberos/HTTPSpnegoAuthenticator.java"/>
-    </module>
-    <module name="TreeWalker">
-        <module name="RegexpSinglelineJava">
-            <property name="format" value="System.out.println"/>
-            <property name="ignoreCase" value="true"/>
-            <property name="message" value="Do not use System.out.println" />
-            <property name="severity" value="error"/>
-        </module>
-    </module>
-</module>
diff --git a/src/main/java/org/opensearch/security/util/KeyUtils.java b/src/main/java/org/opensearch/security/util/KeyUtils.java
index 4aebf0cb12..4b3aafbbc6 100644
--- a/src/main/java/org/opensearch/security/util/KeyUtils.java
+++ b/src/main/java/org/opensearch/security/util/KeyUtils.java
@@ -18,7 +18,12 @@
 import org.opensearch.SpecialPermission;
 import org.opensearch.core.common.Strings;
 
-import java.security.*;
+import java.security.AccessController;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivilegedAction;
+import java.security.PublicKey;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.Base64;
diff --git a/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java b/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java
index 1322777cac..aa8faa284d 100644
--- a/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java
+++ b/src/test/java/org/opensearch/security/authtoken/jwt/JwtVendorTest.java
@@ -11,10 +11,6 @@
 
 package org.opensearch.security.authtoken.jwt;
 
-import java.util.List;
-import java.util.Optional;
-import java.util.function.LongSupplier;
-
 import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
@@ -24,6 +20,10 @@
 import org.opensearch.common.settings.Settings;
 import org.opensearch.security.support.ConfigConstants;
 
+import java.util.List;
+import java.util.Optional;
+import java.util.function.LongSupplier;
+
 public class JwtVendorTest {
 
     @Test
@@ -99,7 +99,9 @@ public void testCreateJwtWithRoleSecurityMode() throws Exception {
         Settings settings = Settings.builder()
             .put("signing_key", "abc123")
             .put("encryption_key", claimsEncryptionKey)
-            .put(ConfigConstants.EXTENSIONS_BWC_PLUGIN_MODE, true)
+            // CS-SUPPRESS-SINGLE: RegexpSingleline get Extensions Settings
+            .put(ConfigConstants.EXTENSIONS_BWC_PLUGIN_MODE, "true")
+            // CS-ENFORCE-SINGLE
             .build();
         Long expectedExp = currentTime.getAsLong() + expirySeconds;
 
diff --git a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java
index 1b1874a106..811c817b65 100644
--- a/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java
+++ b/src/test/java/org/opensearch/security/privileges/PrivilegesEvaluatorUnitTest.java
@@ -17,7 +17,8 @@
 import static org.hamcrest.Matchers.equalTo;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
-import static org.opensearch.security.privileges.PrivilegesEvaluator.*;
+import static org.opensearch.security.privileges.PrivilegesEvaluator.DNFOF_MATCHER;
+import static org.opensearch.security.privileges.PrivilegesEvaluator.isClusterPerm;
 
 public class PrivilegesEvaluatorUnitTest {