CCI-000352 requires the OS to prevent the installation of sofware not signed with an approved certificate. This is met by ensure_gpgcheck_globally_activated and ensure_gpgcheck_never_disabled.
Signed-off-by: Willy Santos wsantos@redhat.com --- rhel6/src/input/system/software/updating.xml | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/rhel6/src/input/system/software/updating.xml b/rhel6/src/input/system/software/updating.xml index 7718b37..33b50db 100644 --- a/rhel6/src/input/system/software/updating.xml +++ b/rhel6/src/input/system/software/updating.xml @@ -94,6 +94,7 @@ protects against malicious tampering. <ident cce="14914-6" /> <oval id="yum_gpgcheck_global_activation" /> <ref nist="SI-2"/> +<ident cci="CCI-000352" /> </Rule>
<Rule id="ensure_gpgcheck_never_disabled"> @@ -111,5 +112,6 @@ protects against malicious tampering. <ident cce="14813-0" /> <oval id="yum_gpgcheck_never_disabled" /> <ref nist="SI-2"/> +<ident cci="CCI-000352" /> </Rule> </Group>