diff --git a/products/debian12/profiles/anssi_bp28_minimal.profile b/products/debian12/profiles/anssi_bp28_minimal.profile
index ded77a474634..f17c9674cb1b 100644
--- a/products/debian12/profiles/anssi_bp28_minimal.profile
+++ b/products/debian12/profiles/anssi_bp28_minimal.profile
@@ -15,55 +15,33 @@ selections:
   - anssi:all:minimal
   # PASS_MIN_LEN is handled by PAM on debian systems.
   - '!accounts_password_minlen_login_defs'
+  # ANSSI BP 28 suggest using libpam_pwquality, which isn't deployed by default
+  - 'package_libpampwquality_installed'
+  # PAM honour login.defs file for algorithm
+  - 'set_password_hashing_algorithm_logindefs'
 
   # Following rules once had a prodtype incompatible with the debian12 product
-  - '!package_ypserv_removed'
-  - '!accounts_password_pam_dcredit'
   - '!accounts_passwords_pam_tally2_deny_root'
-  - '!security_patches_up_to_date'
-  - '!package_sendmail_removed'
   - '!ensure_redhat_gpgkey_installed'
-  - '!accounts_passwords_pam_faillock_deny'
-  - '!accounts_password_pam_unix_rounds_password_auth'
-  - '!accounts_passwords_pam_faillock_unlock_time'
-  - '!accounts_passwords_pam_faillock_interval'
-  - '!file_permissions_ungroupowned'
   - '!set_password_hashing_algorithm_systemauth'
-  - '!package_tftp-server_removed'
-  - '!package_rsh_removed'
   - '!package_dnf-automatic_installed'
-  - '!no_files_unowned_by_user'
   - '!accounts_passwords_pam_faillock_deny_root'
-  - '!accounts_password_pam_ocredit'
-  - '!accounts_password_pam_lcredit'
   - '!dnf-automatic_security_updates_only'
   - '!cracklib_accounts_password_pam_lcredit'
   - '!dnf-automatic_apply_updates'
   - '!cracklib_accounts_password_pam_ocredit'
-  - '!package_telnet-server_removed'
-  - '!package_talk_removed'
-  - '!accounts_password_pam_minlen'
-  - '!package_talk-server_removed'
-  - '!package_ypbind_removed'
   - '!accounts_password_pam_unix_rounds_system_auth'
   - '!timer_dnf-automatic_enabled'
   - '!accounts_passwords_pam_tally2'
   - '!cracklib_accounts_password_pam_ucredit'
-  - '!accounts_password_pam_unix_remember'
   - '!file_permissions_unauthorized_sgid'
   - '!ensure_gpgcheck_local_packages'
   - '!accounts_passwords_pam_tally2_unlock_time'
   - '!enable_authselect'
   - '!cracklib_accounts_password_pam_minlen'
-  - '!package_dhcp_removed'
-  - '!package_telnet_removed'
-  - '!dir_perms_world_writable_root_owned'
   - '!cracklib_accounts_password_pam_dcredit'
-  - '!package_xinetd_removed'
   - '!ensure_gpgcheck_globally_activated'
-  - '!package_tftp_removed'
-  - '!package_rsh-server_removed'
-  - '!accounts_password_pam_ucredit'
   - '!file_permissions_unauthorized_suid'
   - '!ensure_gpgcheck_never_disabled'
   - '!ensure_oracle_gpgkey_installed'
+