Currently, kex, cipher, macs, etc. policies are treated as a complete must match, however it might be usefull to be able to create policies defining allowed algorithms, only throwing an error/warning incase a scanned system uses a non-allowed algorithm. This would allow using the same policy for multiple systems where not all systems support the exact same algorithms or can't for other reasons be configured identically, whilst at the same time allowing for easy system wide checking for comliance with only using allowed algorithms.
Currently, kex, cipher, macs, etc. policies are treated as a complete must match, however it might be usefull to be able to create policies defining allowed algorithms, only throwing an error/warning incase a scanned system uses a non-allowed algorithm. This would allow using the same policy for multiple systems where not all systems support the exact same algorithms or can't for other reasons be configured identically, whilst at the same time allowing for easy system wide checking for comliance with only using allowed algorithms.