ComplianceAsCode · teacup-on-rockingchair · Nov 10, 2025 · Oct 5, 2025 · Oct 7, 2025 · Oct 8, 2025
diff --git a/...uide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/...uide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
@@ -63,7 +63,7 @@ ocil: |-
     <pre>$ grep -i "red hat" /etc/redhat-release</pre>
 {{% elif 'ol' in families %}}
     <pre>$ grep -i "oracle" /etc/oracle-release</pre>
-{{% elif product in ["sle12", "sle15", "slmicro5", "slmicro6"] %}}
+{{% elif product in ["sle12", "sle15", "sle16", "slmicro5", "slmicro6"] %}}
     <pre>$ grep -i "suse" /etc/os-release</pre>
 {{% elif 'ubuntu' in product %}}
     <pre>$ grep DISTRIB_DESCRIPTION /etc/lsb-release</pre>

diff --git a/controls/base_sle16.yml → products/sle16/controls/base_sle16.yml b/controls/base_sle16.yml → products/sle16/controls/base_sle16.yml
@@ -7,17 +7,7 @@ source: not_publicly_available
 reference_type: suse-base-sle16
 
 levels:
-    - id: high
-    - id: medium
-    - id: low
+    - id: pcidss4
+    - id: anssi_minimal
 
 product: sle16
-
-controls:
-    - id: SLES-16-16016015
-      levels:
-          - high
-      title: SLES 16 must be a vendor-supported release.
-      rules:
-          - installed_OS_is_vendor_supported
-      status: automated
diff --git a/products/sle16/controls/base_sle16/0000_os_general.yml b/products/sle16/controls/base_sle16/0000_os_general.yml
@@ -0,0 +1,16 @@
+#
+# A group of rules regarding general operating system functionality
+# and system software installed
+#
+# SLES-16 ids allocated for this group from SLES-16-16016000 till SLES-16-16016099
+#
+
+controls:
+    - id: SLES-16-16016005
+      levels:
+          - pcidss4
+          - anssi_minimal
+      title: SLES 16 must be a vendor-supported release.
+      rules:
+          - installed_OS_is_vendor_supported
+      status: automated
diff --git a/products/sle16/controls/base_sle16/0100_file_ownership_n_permissions.yml b/products/sle16/controls/base_sle16/0100_file_ownership_n_permissions.yml
@@ -0,0 +1,20 @@
+#
+# Rules regarding secure file ownersip and permissions
+# SLES-16 ids allocated for this group from SLES-16-16016100 till SLES-16-16016399
+#
+controls:
+    - id: SLES-16-16016100
+      title: Ensure All Files Are Owned by a Group
+      levels:
+          - anssi_minimal
+      rules:
+          - file_permissions_ungroupowned
+      status: automated
+
+    - id: SLES-16-16016105
+      title: Ensure All Files Are Owned by a User
+      levels:
+          - anssi_minimal
+      rules:
+          - no_files_unowned_by_user
+      status: automated
diff --git a/products/sle16/controls/base_sle16/0400_kernel_paramters.yml b/products/sle16/controls/base_sle16/0400_kernel_paramters.yml
@@ -0,0 +1,14 @@
+#
+# A group of rules regarding kernel parameters and modules configuration and installation
+#
+# SLES-16 ids allocated for this group from SLES-16-16016400 till SLES-16-16016499
+#
+controls:
+    - id: SLES-16-16016400
+      title: Enable NX/XD Support
+      levels:
+          - pcidss4
+      automated: partially
+      rules:
+          - bios_enable_execution_restrictions
+          - install_PAE_kernel_on_x86-32
diff --git a/shared/checks/oval/installed_OS_is_sle16.xml b/shared/checks/oval/installed_OS_is_sle16.xml
@@ -29,7 +29,7 @@
   </ind:family_state>
   <ind:family_object id="obj_sle16_unix_family" version="1" />
 
-  <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="sles-release is version 16" id="test_sle16_server" version="1">
+  <linux:rpminfo_test check="all" check_existence="at_least_one_exists" comment="SLES-release is version 16" id="test_sle16_server" version="1">
     <linux:object object_ref="obj_sle16_server" />
     <linux:state state_ref="state_sle16_server" />
   </linux:rpminfo_test>