Description of problem:
The content for the French regulation ANSSI DAT-NT28 is not available for RHEL
Version-Release number of selected component (if applicable):
0.1.33 (And Fedora upstream)
Steps to Reproduce:
1. yum install scap-security-guide
2. oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml
3. ANSSI not in the list of profiles
In upstream SSG it is available for Debian, see https://github.com/OpenSCAP/scap-security-guide/tree/master/Debian/8/profiles
Could you chime in on Marek's comments#15 here;
It started as a RHEL Profile request.
There are a few updates in ANSSI profile:
1. Mappings to enhanced and high profile: https://github.com/ComplianceAsCode/content/pull/4351
2. Add ANSSI network sysctl rules: https://github.com/ComplianceAsCode/content/pull/4345
3. Rule mappings: https://github.com/ComplianceAsCode/content/pull/4439
4. Profile enabled along with a few rules selected:https://github.com/ComplianceAsCode/content/pull/4615
About 40 requirements (out of 69) have no rule assigned to them. So about 42% requirement coverage.
It is important to note that some requirements are not actionable, like R16 - Repositories of hardened packages.