Since RHCOS4 is RHEL-like, we can reuse many of the control replies that are already in CaC for RHEL. However, there are differences:

• RHCOS is an appliance and many features that general purpose RHEL has are not available or exposed in RHCOS, making many controls that are applicable to RHEL not applicable to RHCOS
• Since DISA expect the spreadsheet (which we will generate from the controls) to be consumed by humans, the checks and fixes must be copy-pastable into shell. However, RHCOS doesn't have ssh and configuration is done with MachineConfigs, not e.g. ansible or bash

All in all, we won't be bootstrapping the controls from scratch, but rather reusing and templating RHEL controls. Do do that, we need https://github.com/ComplianceAsCode/content/issues/8787 to be implemented so that we can template the controls easily. In absence of the fix, we can just use Jinja templates but that would be messy.

Acceptance criteria:

• we agree on a way to template the RHEL rules
• we template a bunch of rules as a proof of concept
  • one rule where just the fix and the check differ
  • one rule where the applicability of the rule as a whole differs
• The rest will be done in a follow up card or cards