- Community Support only.
- No artificial user freedom restrictions.
These numbers are not meaningful as these tools have many bugs, false-positives. A deep understanding of the context and threat model about each message is required to determine if it’s something valid (applicable security could be improve), invalid (false-positive) or plain wrong (more secure setting already in use and suggestion counter-productive).
Here’s an example for Whonix (a Kicksecure based Linux distribution) with STIG:
See also:
Thank you.
Answered here at in this post at very bottom:
What are the Biggest Do's and Don'ts of Kicksecure - #2 by Patrick