This should be an easy one - I must be doing something silly.
I’m putting together a Custom profile to match my organisations security hardening guide. I’m taking advantage of the dev-sec linux and ssh baselines for a lot of the checks and adding several of my own. What I need to do though is report against the control numbers that are in our hardening guide rather than the one used by dev-sec.
The way I intended to do this was just to modify the control and add a tag but I can’t seem to get it add the tag on an included control.
I know that I can modify the control as I can change the title, but when I look at the result I see the change title but not the tag.
Anyone any ideas ?