diff --git a/README.md b/README.md
index ab0c69a..cf3ea62 100644
--- a/README.md
+++ b/README.md
@@ -177,6 +177,8 @@ CPU mitigations:
 
 - Register File Data Sampling (RFDS)
 
+- Indirect Target Selection (ITS)
+
 Boot parameters relating to kernel hardening, DMA mitigations, and entropy
 generation are outlined in the `/etc/default/grub.d/40_kernel_hardening.cfg`
 configuration file.
diff --git a/etc/default/grub.d/40_cpu_mitigations.cfg b/etc/default/grub.d/40_cpu_mitigations.cfg
index efc9e5e..d40cb95 100644
--- a/etc/default/grub.d/40_cpu_mitigations.cfg
+++ b/etc/default/grub.d/40_cpu_mitigations.cfg
@@ -187,3 +187,11 @@ GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX gather_data_sampling=force"
 ## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/reg-file-data-sampling.html
 ##
 GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX reg_file_data_sampling=on"
+
+## Indirect Target Selection (ITS):
+## Mitigate the vulnerability by not allowing indirect branches in the lower half of the cacheline.
+## Currently affects Intel CPUs.
+##
+## https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/indirect-target-selection.html
+##
+GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX indirect_target_selection=force"