From 8414c0a01393209285e431898d6c4ed54ebfa16c Mon Sep 17 00:00:00 2001
From: Edgar Aguilar <edgar.aguilar@oracle.com>
Date: Tue, 27 Aug 2024 11:16:07 -0600
Subject: [PATCH] Update comments in OL9 ISM profile

Signed-off-by: Edgar Aguilar <edgar.aguilar@oracle.com>
---
 products/ol9/profiles/ism_o.profile | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/products/ol9/profiles/ism_o.profile b/products/ol9/profiles/ism_o.profile
index fd169716f71..e761d53a92e 100644
--- a/products/ol9/profiles/ism_o.profile
+++ b/products/ol9/profiles/ism_o.profile
@@ -2,7 +2,7 @@ documentation_complete: true
 
 reference: https://www.cyber.gov.au/ism
 
-title: 'Australian Cyber Security Centre (ACSC) ISM Official - Top Secret'
+title: 'Australian Cyber Security Centre (ACSC) ISM Official'
 
 description: |-
     This profile contains configuration checks for Oracle Linux 9
@@ -21,37 +21,45 @@ extends: e8
 selections:
     - ism_o:all:top_secret
 
-    # Setting any nondefault, so it is safer to spot an issue
+    # Setting any nondefault, so a specific driver is expected
+    # using the same as in STIG
     - var_smartcard_drivers=cac
 
-    # Rule is for authconfig not used in OL9
+    # ISM 0418,1055,1402
+    # Rule is for authconfig not used in 
     - "!enable_ldap_client"
+    # Not applicable to OL9 due to krb5-server version
+    - "!kerberos_disable_no_keytab"
 
+    # ISM 1386
     # Configuration not available in OL9
     - "!force_opensc_card_drivers"
 
-    # Not applicable to OL9 due to krb5-server version
-    - "!kerberos_disable_no_keytab"
-
-    # Doesn't seem applicable to OL9 as per openssl man page
+    # ISM 1277,1552
+    # Not applicable to OL9 as per openssl man page
     - "!openssl_use_strong_entropy"     
 
+    # ISM 0988,1405
     # Always use chronyd
     - "!service_chronyd_or_ntpd_enabled"
 
-    # pam_tally2 not available in OL9
+    # ISM 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
+    # pam_tally2 is not available in OL9
     - "!accounts_passwords_pam_tally2_deny_root"
     - "!accounts_passwords_pam_tally2_unlock_time"
 
+    # ISM 0582,0846
     # This divition of rules is not implemented in OL9
     - "!audit_access_failed_aarch64"
     - "!audit_access_failed_ppc64le"
     - "!audit_access_success_aarch64"
     - "!audit_access_success_ppc64le"
 
-    # Doesn't seem to cover the expected requirement
+    # Doesn't cover the expected requirement 
+    # 1319 "Static addressing is not used..."
     - "!network_ipv6_static_address"
 
+    # ISM 1467,1483,1493
     # Packages not available in OL
     - "!package_libdnf-plugin-subscription-manager_installed"
     - "!package_subscription-manager_installed"