CCI-000352 requires the OS to prevent the installation of sofware not signed with an approved certificate. This is met by ensure_gpgcheck_globally_activated and ensure_gpgcheck_never_disabled.
Signed-off-by: Willy Santos <[email protected]> --- rhel6/src/input/system/software/updating.xml | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/rhel6/src/input/system/software/updating.xml b/rhel6/src/input/system/software/updating.xml index 7718b37..33b50db 100644 --- a/rhel6/src/input/system/software/updating.xml +++ b/rhel6/src/input/system/software/updating.xml @@ -94,6 +94,7 @@ protects against malicious tampering. <ident cce="14914-6" /> <oval id="yum_gpgcheck_global_activation" /> <ref nist="SI-2"/> +<ident cci="CCI-000352" /> </Rule> <Rule id="ensure_gpgcheck_never_disabled"> @@ -111,5 +112,6 @@ protects against malicious tampering. <ident cce="14813-0" /> <oval id="yum_gpgcheck_never_disabled" /> <ref nist="SI-2"/> +<ident cci="CCI-000352" /> </Rule> </Group> -- 1.7.7.6 _______________________________________________ scap-security-guide mailing list [email protected] https://fedorahosted.org/mailman/listinfo/scap-security-guide
