@cgrl3h Olivier is on holidays right now, I'm trying to answer before he checks his notifications 
We do have a hardening guide, with mostly best practices, but I'm not sure it is available publicly yet, I'll check, but I think it is shared only to customers.
We are working to have STIGs, but that's in an early phase, and that's a fairly long process,so don't count on anything like that being available in the near future.
@kubuntu-newbie I've looked at the code. The intel passthrough seems to not care about the value of the vga key in platform, and instead it expects the key igd_passthrough to be set to true.
@techjeff I'll fix the script to not choke on empty lines - thanks for the spot!
Our documentation (https://docs.xcp-ng.org/compute/#passing-through-keyboards-and-mice) does say to run usb_scan.py -d to verify the config file, though the error wasn't particularly helpful...
The config file also specifies its "syntax is an ordered list of rules", maybe the fact that the order is important could be worth emphasizing even more?
