Update ANSSI references

linux_os/guide/services/ntp/chronyd_specify_remote_server/rule.yml

@@ -29,6 +29,7 @@ references:
     cis@rhel7: 2.2.1.3
     cis@rhel8: 2.2.1.2
     ism: 0988,1405
+    anssi: BP28(R43)
 
 ocil_clause: 'a remote time server is not configured'
 

linux_os/guide/services/ntp/package_chrony_installed/rule.yml

@@ -27,6 +27,7 @@ references:
     ism: 0988,1405
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000355-GPOS-00143
+    anssi: BP28(R43)
 
 {{{ complete_ocil_entry_package(package="chrony") }}}
 

linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml

@@ -36,6 +36,7 @@ references:
     cis-csc: 12,13,14,15,16,18,3,5
     cis@rhel8: 5.2.3
     stigid@rhel8: RHEL-08-010490
+    anssi: BP28(R36)
 
 ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/ssh/*_key", perms="-rw-r-----") }}}'
 

linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml

@@ -47,6 +47,7 @@ references:
     cobit5: APO13.01,BAI03.01,BAI03.02,BAI03.03,DSS01.03,DSS03.05,DSS05.04,DSS05.05,DSS05.07,DSS05.10,DSS06.03,DSS06.10
     iso27001-2013: A.12.4.1,A.12.4.3,A.14.1.1,A.14.2.1,A.14.2.5,A.18.1.4,A.6.1.2,A.6.1.5,A.7.1.1,A.9.1.2,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.1,A.9.4.2,A.9.4.3,A.9.4.4,A.9.4.5
     cis-csc: 1,12,13,14,15,16,18,3,5,7,8
+    anssi: BP28(R29)
 
 requires:
     - sshd_set_idle_timeout

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml

@@ -47,6 +47,7 @@ references:
     iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3
     cis-csc: 1,12,15,16,5
     stigid@rhel8: RHEL-08-020220
+    anssi: BP28(R18)
 
 ocil_clause: 'the value of remember is not set equal to or greater than the expected setting'
 

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml

@@ -48,6 +48,7 @@ references:
     cis-csc: 1,12,15,16
     ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
     stigid@rhel8: RHEL-08-020010
+    anssi: BP28(R18)
 
 ocil_clause: 'that is not the case'
 

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml

@@ -45,6 +45,7 @@ references:
     cis-csc: 1,12,15,16
     ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
     stigid@rhel8: RHEL-08-020022
+    anssi: BP28(R18)
 
 ocil_clause: 'that is not the case'
 

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml

@@ -54,6 +54,7 @@ references:
     cis-csc: 1,12,15,16
     ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
     stigid@rhel8: RHEL-08-020012
+    anssi: BP28(R18)
 
 ocil_clause: 'fail_interval is less than the required value'
 

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml

@@ -51,6 +51,7 @@ references:
     cis-csc: 1,12,15,16
     ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
     stigid@rhel8: RHEL-08-020014
+    anssi: BP28(R18)
 
 ocil_clause: 'unlock_time is less than the expected value'
 

linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml

@@ -47,6 +47,7 @@ references:
     cis-csc: 1,12,15,16,5
     ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
     stigid@rhel8: RHEL-08-020130
+    anssi: BP28(R18)
 
 ocil_clause: 'dcredit is not found or not equal to or less than the required value'
 

linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml

@@ -47,6 +47,7 @@ references:
     cis@rhel7: 5.3.1
     ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
     stigid@rhel8: RHEL-08-020120
+    anssi: BP28(R18)
 
 ocil_clause: 'lcredit is not found or not less than or equal to the required value'
 

linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml

@@ -45,6 +45,7 @@ references:
     cis-csc: 1,12,15,16,5
     ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
     stigid@rhel8: RHEL-08-020230
+    anssi: BP28(R18)
 
 ocil_clause: 'minlen is not found, or not equal to or greater than the required value'
 

linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml

@@ -48,6 +48,7 @@ references:
     cis@rhel7: 5.3.1
     ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
     stigid@rhel8: RHEL-08-020280
+    anssi: BP28(R18)
 
 ocil_clause: 'ocredit is not found or not equal to or less than the required value'
 

linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml

@@ -44,6 +44,7 @@ references:
     cis-csc: 1,12,15,16,5
     ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
     stigid@rhel8: RHEL-08-020110
+    anssi: BP28(R18)
 
 ocil_clause: 'ucredit is not found or not set less than or equal to the required value'
 

linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml

@@ -68,6 +68,7 @@ references:
     iso27001-2013: A.18.1.4,A.7.1.1,A.9.2.1,A.9.2.2,A.9.2.3,A.9.2.4,A.9.2.6,A.9.3.1,A.9.4.2,A.9.4.3
     cis-csc: 1,12,15,16,5
     ism: 0418,1055,1402
+    anssi: BP28(R32)
 
 ocil_clause: 'it does not'
 

linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml

@@ -49,6 +49,7 @@ references:
     cis-csc: 1,12,15,16,5
     ism: 0418,1055,1402
     stigid@rhel8: RHEL-08-020200
+    anssi: BP28(R18)
 
 ocil_clause: 'PASS_MAX_DAYS is not set equal to or greater than the required value'
 

linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml

@@ -43,6 +43,7 @@ references:
     srg: SRG-OS-000078-GPOS-00046
     ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
     stigid@rhel8: RHEL-08-020231
+    anssi: BP28(R18)
 
 ocil_clause: 'it is not set to the required value'
 

linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml

@@ -33,6 +33,7 @@ references:
     cis-csc: '18'
     srg: SRG-OS-000480-GPOS-00228
     stigid@rhel8: RHEL-08-020353
+    anssi: BP28(R35)
 
 ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly'
 

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml

@@ -53,6 +53,7 @@ references:
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,BAI03.05,DSS01.03,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
     iso27001-2013: A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.7.1,A.14.2.7,A.15.2.1,A.15.2.2
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
+    anssi: BP28(R19)
 
 ocil_clause: 'it is not the case'
 

linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml

@@ -19,6 +19,7 @@ references:
     ospp: FTP_ITC_EXT.1.1
     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000120-GPOS-00061
     stigid@rhel8: RHEL-08-030680
+    anssi: BP28(R43)
 
 ocil_clause: 'the package is not installed'
 

linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml

@@ -28,6 +28,7 @@ references:
     ospp: FCS_TLSC_EXT.1,FTP_ITC_EXT.1.1
     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000120-GPOS-00061
     ism: 0988,1405
+    anssi: BP28(R43)
 
 ocil_clause: 'omfwd is not configured with gtls and AuthMode'
 

linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml

@@ -26,6 +26,7 @@ references:
     ospp: FCS_TLSC_EXT.1,FTP_ITC_EXT.1.1
     srg: SRG-OS-000480-GPOS-00227
     ism: 0988,1405
+    anssi: BP28(R43)
 
 ocil_clause: 'CA certificate for rsyslog remote logging via TLS is not set'
 

linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml

@@ -51,6 +51,7 @@ references:
     stigid@sle12: SLES-12-010460
     stigid@rhel8: RHEL-08-010190
     srg: SRG-OS-000138-GPOS-00069
+    anssi: BP28(R40)
 
 ocil_clause: 'any world-writable directories are missing the sticky bit'
 

linux_os/guide/system/permissions/files/file_permissions_unauthorized_world_writable/rule.yml

@@ -35,6 +35,7 @@ references:
     iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
     cis-csc: 12,13,14,15,16,18,3,5
     cis@sle15: 6.1.10
+    anssi: BP28(R40)
 
 ocil_clause: 'there is output'
 

linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml

@@ -40,6 +40,7 @@ references:
     iso27001-2013: A.13.1.1,A.13.2.1,A.14.1.3
     cis-csc: 12,15,8
     srg: SRG-OS-000433-GPOS-00192
+    anssi: BP28(R9)
 
 ocil_clause: 'ExecShield is not supported by the hardware, is not enabled, or has been disabled by the kernel configuration.'
 

linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml

@@ -30,5 +30,6 @@ references:
     iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4
     cis-csc: 11,3,9
     cis@rhel7: 1.5.2
+    anssi: BP28(R9)
 
 platform: machine

linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml

@@ -36,6 +36,7 @@ references:
     iso27001-2013: A.12.1.2,A.12.5.1,A.12.6.2,A.14.2.2,A.14.2.3,A.14.2.4
     cis-csc: 11,3,9
     cis@rhel7: 1.5.2
+    anssi: BP28(R9)
 
 warnings:
     - hardware: |-

linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml

@@ -17,6 +17,9 @@ identifiers:
     cce@rhel7: CCE-82305-4
     cce@rhel8: CCE-84230-2
 
+references:
+    anssi: BP28(R39)
+
 {{{ complete_ocil_entry_sebool_disabled(sebool="polyinstantiation_enabled") }}}
 
 template:

linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml

@@ -44,6 +44,7 @@ references:
     cis@sle15: 1.1.13
     stigid@sle12: SLES-12-010870
     stigid@rhel8: RHEL-08-010542
+    anssi: BP28(R43)
 
 {{{ complete_ocil_entry_separate_partition(part="/var/log/audit") }}}
 

linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml

@@ -25,6 +25,7 @@ references:
     srg: SRG-OS-000324-GPOS-00125
     cis@rhel8: 1.3.1
     ism: 1382,1384,1386
+    anssi: BP28(R19)
 
 ocil_clause: 'the package is not installed'
 

linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml

@@ -26,6 +26,7 @@ references:
     nist: SI-2(5),CM-6(a),SI-2(c)
     srg: SRG-OS-000191-GPOS-00080
     ism: 0940,1144,1467,1472,1483,1493,1494,1495
+    anssi: BP28(R8)
 
 ocil_clause: 'apply_updates is not set to yes'
 

linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml

@@ -23,6 +23,7 @@ references:
     ospp: FMT_SMF_EXT.1
     nist: SI-2(5),CM-6(a),SI-2(c)
     srg: SRG-OS-000191-GPOS-00080
+    anssi: BP28(R8)
 
 ocil_clause: 'the upgrade_type is not set to security'
 

linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml

@@ -19,6 +19,7 @@ identifiers:
 
 references:
     srg: SRG-OS-000191-GPOS-00080
+    anssi: BP28(R8)
 
 ocil_clause: 'the package is not installed'
 

linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml

@@ -20,6 +20,7 @@ references:
     ospp: FMT_SMF_EXT.1
     nist: SI-2(5),CM-6(a),SI-2(c)
     srg: SRG-OS-000191-GPOS-00080
+    anssi: BP28(R8)
 
 ocil_clause: 'the dnf-automatic.timer is not enabled'