ANSSI-BP-028 (enhanced)
Rules and Groups employed by this XCCDF Profile
-
Ensure AppArmor is Active and Configured
Verify that the Apparmor tool is configured to control whitelisted applications and user home directory access control.<br> <br> The <code>...Rule Medium Severity -
Ensure AppArmor is enabled in the bootloader configuration
Configure AppArmor to be enabled at boot time and verify that it has not been overwritten by the bootloader boot parameters. Note: This recommenda...Rule Medium Severity -
GRUB2 bootloader configuration
During the boot process, the boot loader is responsible for starting the execution of the kernel and passing options to it. The boot loader allows ...Group -
IOMMU configuration directive
On x86 architecture supporting VT-d, the IOMMU manages the access control policy between the hardware devices and some of the system critical u...Rule Unknown Severity -
Configure L1 Terminal Fault mitigations
L1 Terminal Fault (L1TF) is a hardware vulnerability which allows unprivileged speculative access to data which is available in the Level 1 Data Ca...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules