Bug 1497415 - [RFE] Add ANSSI DAT-NT28 to SSG [NEEDINFO]
Summary: [RFE] Add ANSSI DAT-NT28 to SSG
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: scap-security-guide
Version: 7.4
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: rc
: ---
Assignee: Watson Yuuma Sato
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 1563291
TreeView+ depends on / blocked
 
Reported: 2017-09-30 08:55 UTC by Luc de Louw
Modified: 2020-06-02 10:44 UTC (History)
17 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1778188 (view as bug list)
Environment:
Last Closed:
Target Upstream Version:
adakopou: needinfo? (wsato)
mhaicman: needinfo? (adakopou)


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 4176641 None None None 2019-05-28 13:28:55 UTC

Description Luc de Louw 2017-09-30 08:55:07 UTC
Description of problem:
The content for the French regulation ANSSI DAT-NT28 is not available for RHEL


Version-Release number of selected component (if applicable):
0.1.33 (And Fedora upstream)

How reproducible:


Steps to Reproduce:
1. yum install scap-security-guide
2. oscap info /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml
3. ANSSI not in the list of profiles

Actual results:


Expected results:


Additional info:
In upstream SSG it is available for Debian, see https://github.com/OpenSCAP/scap-security-guide/tree/master/Debian/8/profiles

Comment 16 Bertrand 2019-02-01 13:19:15 UTC
Hello Francois,

Could you chime in on Marek's comments#15 here; 
It started as a RHEL Profile request.

Thanks,

Bertrand

Comment 27 Watson Yuuma Sato 2019-07-18 14:21:44 UTC
There are a few updates in ANSSI profile:
1. Mappings to enhanced and high profile: https://github.com/ComplianceAsCode/content/pull/4351
2. Add ANSSI network sysctl rules: https://github.com/ComplianceAsCode/content/pull/4345
3. Rule mappings: https://github.com/ComplianceAsCode/content/pull/4439
4. Profile enabled along with a few rules selected:https://github.com/ComplianceAsCode/content/pull/4615

About 40 requirements (out of 69) have no rule assigned to them. So about 42% requirement coverage.
It is important to note that some requirements are not actionable, like R16 - Repositories of hardened packages.


Note You need to log in before you can comment on or make changes to this bug.