-
Notifications
You must be signed in to change notification settings - Fork 19
/
checks.yaml
38 lines (38 loc) · 1.16 KB
/
checks.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# These checks apply to modules that are not SIMP maintained and, therefore,
# cannot have embedded compliance data.
#
# At some point, we should try to PR the data into the upstream modules if they
# will accept it.
---
version: 2.0.0
checks:
oval:com.puppet.forge.simp.yum.config_options:
settings:
parameter: yum::config_options
value:
clean_requirements_on_remove: 1
gpgcheck: true
localpkg_gpgcheck: true
repo_gpgcheck: true
type: puppet-class-parameter
controls:
nist_800_53:rev4: true
nist_800_53:rev4:CM-5:3: true
nist_800_53:rev4:SI-2:6: true
disa_stig: true
cci:CCI-002617: true
SRG-OS-0000366-GPOS-00153: true
SRG-OS-0000437-GPOS-00194: true
identifiers:
nist_800_53:rev4:
- CM-5.3
- SI-2.6
disa_stig:
- CCI-001749
- CCI-002617
- SRG-OS-0000366-GPOS-00153
- SRG-OS-0000437-GPOS-00194
oval-ids:
- xccdf_org:ssgproject:content_rule_clean_components_post_updating
- xccdf_org:ssgproject:content_rule_ensure_gpgcheck_repo_metadata
- xccdf_org:ssgproject:content_rule_ensure_gpgcheck_never_disabled