diff --git a/.gitignore b/.gitignore
index cafff35ee5ea..8042b82e85d5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -82,3 +82,4 @@ coverage.xml
# Trestle specfic
shared/references/oscal/.trestle/cache
+products/bascontrol22d4/CMakeFiles/
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 48b206911bb3..6ac1cd172e18 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -89,6 +89,7 @@ option(SSG_PRODUCT_ALINUX3 "If enabled, the Alibaba Cloud Linux 3 SCAP content w
option(SSG_PRODUCT_ALMALINUX9 "If enabled, the AlmaLinux OS 9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_ANOLIS8 "If enabled, the Anolis OS 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_ANOLIS23 "If enabled, the Anolis OS 23 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
+option(SSG_PRODUCT_BASCONTROL22D4 "If enabled, the Contemporary Controls BAScontrol22D 4 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_DEBIAN11 "If enabled, the Debian 11 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_DEBIAN12 "If enabled, the Debian 12 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_DEBIAN13 "If enabled, the Debian 13 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
@@ -326,6 +327,7 @@ message(STATUS "Alibaba Cloud Linux 3: ${SSG_PRODUCT_ALINUX3}")
message(STATUS "AlmaLinux OS 9: ${SSG_PRODUCT_ALMALINUX9}")
message(STATUS "Anolis OS 8: ${SSG_PRODUCT_ANOLIS8}")
message(STATUS "Anolis OS 23: ${SSG_PRODUCT_ANOLIS23}")
+message(STATUS "Contemporary Controls BAScontrol22D 4: ${SSG_PRODUCT_BASCONTROL22D4}")
message(STATUS "Debian 11: ${SSG_PRODUCT_DEBIAN11}")
message(STATUS "Debian 12: ${SSG_PRODUCT_DEBIAN12}")
message(STATUS "Debian 13: ${SSG_PRODUCT_DEBIAN13}")
@@ -397,6 +399,9 @@ endif()
if(SSG_PRODUCT_ANOLIS23)
add_subdirectory("products/anolis23" "anolis23")
endif()
+#if(SSG_PRODUCT_BASCONTROL22D4)
+# add_subdirectory("products/bascontrol22d4" "bascontrol22d4")
+#endif()
if(SSG_PRODUCT_DEBIAN11)
add_subdirectory("products/debian11" "debian11")
endif()
diff --git a/build/.gitkeep b/build/.gitkeep
deleted file mode 100644
index e69de29bb2d1..000000000000
diff --git a/build_product b/build_product
index 76e3d3a69854..003e9a356d7f 100755
--- a/build_product
+++ b/build_product
@@ -333,6 +333,7 @@ all_cmake_products=(
ALMALINUX9
ANOLIS23
ANOLIS8
+ BASCONTROL22D4
DEBIAN11
DEBIAN12
DEBIAN13
diff --git a/products/bascontrol22d4/CMakeLists.txt b/products/bascontrol22d4/CMakeLists.txt
new file mode 100644
index 000000000000..53f23a29ba13
--- /dev/null
+++ b/products/bascontrol22d4/CMakeLists.txt
@@ -0,0 +1,6 @@
+# Sometimes our users will try to do: "cd bascontrol22d4; cmake ." That needs to error in a nice way.
+if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
+ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!")
+endif()
+
+ssg_build_product("bascontrol22d4")
diff --git a/products/bascontrol22d4/guide/benchmark.yml b/products/bascontrol22d4/guide/benchmark.yml
new file mode 100644
index 000000000000..f875507f9b5a
--- /dev/null
+++ b/products/bascontrol22d4/guide/benchmark.yml
@@ -0,0 +1,54 @@
+---
+documentation_complete: true
+
+title: Guide to the Secure Configuration of {{{ full_name }}}
+
+status: draft
+
+description: |
+ This guide presents a catalog of security-relevant
+ configuration settings for {{{ full_name }}}. It is a rendering of
+ content structured in the eXtensible Configuration Checklist Description Format (XCCDF)
+ in order to support security automation. The SCAP content is
+ is available in the scap-security-guide package which is developed at
+ {{{ weblink(link="https://www.open-scap.org/security-policies/scap-security-guide") }}}.
+
+ Providing system administrators with such guidance informs them how to securely
+ configure systems under their control in a variety of network roles. Policy
+ makers and baseline creators can use this catalog of settings, with its
+ associated references to higher-level security control catalogs, in order to
+ assist them in security baseline creation. This guide is a catalog, not a
+ checklist, and satisfaction of every item is not likely to be possible or
+ sensible in many operational scenarios. However, the XCCDF format enables
+ granular selection and adjustment of settings, and their association with OVAL
+ and OCIL content provides an automated checking capability. Transformations of
+ this document, and its associated automated checking content, are capable of
+ providing baselines that meet a diverse set of policy objectives. Some example
+ XCCDF Profiles, which are selections of items that form checklists and
+ can be used as baselines, are available with this guide. They can be
+ processed, in an automated fashion, with tools that support the Security
+ Content Automation Protocol (SCAP). The DISA STIG for {{{ full_name }}},
+ which provides required settings for US Department of Defense systems, is
+ one example of a baseline created from this guidance.
+
+notice:
+ id: terms_of_use
+ description: |
+ Do not attempt to implement any of the settings in
+ this guide without first testing them in a non-operational environment. The
+ creators of this guidance assume no responsibility whatsoever for its use by
+ other parties, and makes no guarantees, expressed or implied, about its
+ quality, reliability, or any other characteristic.
+
+front-matter: |
+ # BASCONSTROL22D-$ Benchmark
+ The SCAP Security Guide Project
+ {{{ weblink(link="https://www.open-scap.org/security-policies/scap-security-guide") }}}
+
+rear-matter: |
+ Red Hat and Red Hat Enterprise Linux are either registered
+ trademarks or trademarks of Red Hat, Inc. in the United States and other
+ countries. All other names are registered trademarks or trademarks of their
+ respective companies.
+
+version: 0.9
diff --git a/products/bascontrol22d4/product.yml b/products/bascontrol22d4/product.yml
new file mode 100644
index 000000000000..16fa4d0d30ba
--- /dev/null
+++ b/products/bascontrol22d4/product.yml
@@ -0,0 +1,17 @@
+product: bascontrol22d4
+full_name: Contemporary Controls BAScontrol22D BACnet/IP Sedona Unitary Controller 4
+type: product
+
+benchmark_id: BASCONTROL22D-4
+benchmark_root: "./guide"
+
+components_root: "../../components"
+
+profiles_root: "./profiles"
+
+cpes_root: "../../shared/applicability"
+cpes:
+ - bascontrol22d4:
+ name: "cpe:/a:bascontrol22d:4"
+ title: "Contemporary Controls BAScontrol22D BACnet/IP Sedona Unitary Controller 4"
+ check_id: installed_app_is_bascontrol22d4
diff --git a/products/bascontrol22d4/profiles/standard.profile b/products/bascontrol22d4/profiles/standard.profile
new file mode 100644
index 000000000000..452bbd66ea13
--- /dev/null
+++ b/products/bascontrol22d4/profiles/standard.profile
@@ -0,0 +1,9 @@
+documentation_complete: true
+
+title: 'Standard System Security Profile for Contemporary Controls BAScontrol22D BACnet/IP Sedona Unitary Controller 4'
+
+description: |-
+ This profile contains rules to ensure standard security baseline
+ of a Contemporary Controls BAScontrol22D BACnet/IP Sedona Unitary Controller 4 system.
+
+#selections:
diff --git a/shared/applicability/oval/installed_app_is_bascontrol22d4.xml b/shared/applicability/oval/installed_app_is_bascontrol22d4.xml
new file mode 100644
index 000000000000..bef7e8324fea
--- /dev/null
+++ b/shared/applicability/oval/installed_app_is_bascontrol22d4.xml
@@ -0,0 +1,28 @@
+
+
+
+ Mozilla Firefox
+
+ Mozilla Firefox
+
+
+ The application installed on the system is firefox.
+
+
+
+
+
+
+
+
+
+
+
+ firefox
+
+
+
diff --git a/ssg/constants.py b/ssg/constants.py
index f104ecec2c34..52494ddb4c45 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -43,6 +43,7 @@
'anolis8',
'anolis23',
'al2023',
+ 'bascontrol22d4',
'debian11', 'debian12', 'debian13',
'example',
'eks',
@@ -213,6 +214,7 @@
"Anolis OS 8": "anolis8",
"Anolis OS 23": "anolis23",
"Amazon Linux 2023": "al2023",
+ "Contemporary Controls BAScontrol22D BACnet/IP Sedona Unitary Controller 4": "bascontrol22d4",
"Debian 11": "debian11",
"Debian 12": "debian12",
"Debian 13": "debian13",
@@ -287,17 +289,15 @@
)
)
-
-MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
- "openeuler", "kylinserver",
- "opensuse", "sle", "tencentos", "ol", "ocp", "rhcos",
- "example", "eks", "alinux", "anolis", "openembedded", "al",
- "slmicro", "almalinux"]
+MULTI_PLATFORM_LIST = ["al", "alinux", "almalinux", "anolis", "bascontrol22d", "debian", "eks",
+ "example", "fedora", "kylinserver", "ocp", "ol", "openembedded", "openeuler",
+ "opensuse", "rhcos", "rhel", "rhv", "sle", "slmicro", "tencentos", "ubuntu"]
MULTI_PLATFORM_MAPPING = {
"multi_platform_alinux": ["alinux2", "alinux3"],
"multi_platform_almalinux": ["almalinux9"],
"multi_platform_anolis": ["anolis8", "anolis23"],
+ "multi_platform_bascontrol22d": ["bascontrol22d4"],
"multi_platform_debian": ["debian11", "debian12", "debian13"],
"multi_platform_example": ["example"],
"multi_platform_eks": ["eks"],
@@ -429,6 +429,7 @@
'kylinserver': 'Kylin Server',
'rhel': 'Red Hat Enterprise Linux',
'rhv': 'Red Hat Virtualization',
+ 'bascontrol22d': 'Contemporary Controls BAScontrol22D',
'debian': 'Debian',
'ubuntu': 'Ubuntu',
'eap': 'JBoss Enterprise Application Platform',