diff --git a/etc/default/grub.d/40_cpu_mitigations.cfg b/etc/default/grub.d/40_cpu_mitigations.cfg
index 5960e14..e426673 100644
--- a/etc/default/grub.d/40_cpu_mitigations.cfg
+++ b/etc/default/grub.d/40_cpu_mitigations.cfg
@@ -5,6 +5,7 @@
 ## KSPP=yes: compliant with recommendations by the KSPP
 ## KSPP=partial: partially compliant with recommendations by the KSPP
 ## KSPP=no: not (currently) compliant with recommendations by the KSPP
+## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.
 
 ## Enable known mitigations for CPU vulnerabilities.
 ## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/index.html
diff --git a/etc/default/grub.d/40_kernel_hardening.cfg b/etc/default/grub.d/40_kernel_hardening.cfg
index ad7e61a..e41dabb 100644
--- a/etc/default/grub.d/40_kernel_hardening.cfg
+++ b/etc/default/grub.d/40_kernel_hardening.cfg
@@ -9,6 +9,7 @@ kver="$(dpkg-query --show --showformat='${Version}' "$kpkg")" 2>/dev/null || tru
 ## KSPP=yes: compliant with recommendations by the KSPP
 ## KSPP=partial: partially compliant with recommendations by the KSPP
 ## KSPP=no: not (currently) compliant with recommendations by the KSPP
+## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.
 
 ## This configuration file is split into 4 sections:
 ## 1. Kernel Space
diff --git a/etc/default/grub.d/40_remount_secure.cfg b/etc/default/grub.d/40_remount_secure.cfg
index f92991a..f06235b 100644
--- a/etc/default/grub.d/40_remount_secure.cfg
+++ b/etc/default/grub.d/40_remount_secure.cfg
@@ -5,6 +5,7 @@
 ## KSPP=yes: compliant with recommendations by the KSPP
 ## KSPP=partial: partially compliant with recommendations by the KSPP
 ## KSPP=no: not (currently) compliant with recommendations by the KSPP
+## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.
 
 ## Remount Secure provides enhanced security via mount options:
 ## https://www.kicksecure.com/wiki/Security-misc#Remount_Secure
diff --git a/etc/default/grub.d/40_signed_modules.cfg b/etc/default/grub.d/40_signed_modules.cfg
index b33dceb..75cd3bb 100644
--- a/etc/default/grub.d/40_signed_modules.cfg
+++ b/etc/default/grub.d/40_signed_modules.cfg
@@ -5,6 +5,7 @@
 ## KSPP=yes: compliant with recommendations by the KSPP
 ## KSPP=partial: partially compliant with recommendations by the KSPP
 ## KSPP=no: not (currently) compliant with recommendations by the KSPP
+## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.
 
 ## Require every kernel module to be signed before being loaded.
 ## Any module that is unsigned or signed with an invalid key cannot be loaded.
diff --git a/etc/default/grub.d/41_quiet_boot.cfg b/etc/default/grub.d/41_quiet_boot.cfg
index 33b412d..9623625 100644
--- a/etc/default/grub.d/41_quiet_boot.cfg
+++ b/etc/default/grub.d/41_quiet_boot.cfg
@@ -5,6 +5,7 @@
 ## KSPP=yes: compliant with recommendations by the KSPP
 ## KSPP=partial: partially compliant with recommendations by the KSPP
 ## KSPP=no: not (currently) compliant with recommendations by the KSPP
+## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.
 
 ## Some default configuration files automatically include the "quiet" parameter.
 ## Therefore, first remove "quiet" from GRUB_CMDLINE_LINUX_DEFAULT since "quiet" must be first.
diff --git a/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf b/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
index da77fd7..5c38e38 100644
--- a/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
+++ b/usr/lib/sysctl.d/30_security-misc_kexec-disable.conf
@@ -5,6 +5,7 @@
 ## KSPP=yes: compliant with recommendations by the KSPP
 ## KSPP=partial: partially compliant with recommendations by the KSPP
 ## KSPP=no: not (currently) compliant with recommendations by the KSPP
+## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.
 
 ## NOTE:
 ## This configuration is in a dedicated file because the ram-wipe package
diff --git a/usr/lib/sysctl.d/30_silent-kernel-printk.conf b/usr/lib/sysctl.d/30_silent-kernel-printk.conf
index 44b0b25..a1fd57e 100644
--- a/usr/lib/sysctl.d/30_silent-kernel-printk.conf
+++ b/usr/lib/sysctl.d/30_silent-kernel-printk.conf
@@ -5,6 +5,7 @@
 ## KSPP=yes: compliant with recommendations by the KSPP
 ## KSPP=partial: partially compliant with recommendations by the KSPP
 ## KSPP=no: not (currently) compliant with recommendations by the KSPP
+## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.
 
 ## Prevent kernel information leaks in the console during boot.
 ## Must be used in conjunction with kernel boot parameters.
diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index e4ae584..6009fc4 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -10,6 +10,7 @@
 ## KSPP=yes: compliant with recommendations by the KSPP
 ## KSPP=partial: partially compliant with recommendations by the KSPP
 ## KSPP=no: not (currently) compliant with recommendations by the KSPP
+## If there is no explicit KSPP compliance notice, the setting is not mentioned by the KSPP.
 
 ## This configuration file is divided into 5 sections:
 ## 1. Kernel Space