Bug 1955183

Summary: Add ANSSI-BP-028 High level profile
Product: Red Hat Enterprise Linux 8 Reporter: Watson Yuuma Sato <wsato>
Component: scap-security-guideAssignee: Vojtech Polasek <vpolasek>
Status: CLOSED ERRATA QA Contact: Milan Lysonek <mlysonek>
Severity: medium Docs Contact: Jan Fiala <jafiala>
Priority: high    
Version: 8.4CC: ggasparb, jafiala, mhaicman, mlysonek, vpolasek, wsato
Target Milestone: betaKeywords: Triaged, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: scap-security-guide-0.1.56-1.el8 Doc Type: Enhancement
Doc Text:
.Added profile for ANSSI-BP-028 High level The ANSSI High level profile, based on the ANSSI BP-028 recommendations from the French National Security Agency (ANSSI), has been introduced. This completes the availability of profiles for all ANSSI-BP-028 v1.2 hardening levels in the *SCAP Security Guide*. With the new profile, you can harden the system to the recommendations from ANSSI for GNU/Linux Systems at the High hardening level. As a result, you can configure and automate compliance of your RHEL 8 systems to the strictest hardening level by using the ANSSI Ansible Playbooks and the ANSSI SCAP profiles.
 Story Points: ---
Clone Of:
: 2005429 (view as bug list) Environment:
Last Closed: 2021-11-09 18:43:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2005429    
Attachments:
Description Flags
Final scan from manual installation - Minimal installation
none
Final scan from manual installation - Server with GUI installation none

Description Watson Yuuma Sato 2021-04-29 15:55:54 UTC 
Description of problem:
Include profile for ANSSI-BP-028 High level hardening in RHEL-8

There is no profile available to help implement ANSSI-BP-028 High level hardening compliance.

Additional info:
Profiles for ANSSI-BP-028 Minimal, Intermediary and Enhanced levels are already available.
Comment 9 Watson Yuuma Sato 2021-06-10 12:49:29 UTC 
With the rebase of the content to 0.1.56, necessary patches are:

R67 - https://github.com/ComplianceAsCode/content/pull/6988
R58 - https://github.com/ComplianceAsCode/content/pull/6984
Metadata - https://github.com/ComplianceAsCode/content/pull/6997
Comment 13 Milan Lysonek 2021-06-18 11:25:39 UTC 
Created attachment 1792032 [details]
Final scan from manual installation - Minimal installation
Comment 14 Milan Lysonek 2021-06-18 11:26:44 UTC 
Created attachment 1792033 [details]
Final scan from manual installation - Server with GUI installation
Comment 25 errata-xmlrpc 2021-11-09 18:43:58 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4265