diff --git a/etc/modprobe.d/30_security-misc.conf b/etc/modprobe.d/30_security-misc.conf
index 90b2a46..af5fd10 100644
--- a/etc/modprobe.d/30_security-misc.conf
+++ b/etc/modprobe.d/30_security-misc.conf
@@ -1,123 +1,34 @@
 ## Copyright (C) 2012 - 2024 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
 ## See the file COPYING for copying conditions.
 
-## See the following links for a community discussion and overview regarding the selections
+## See the following links for a community discussion and overview regarding the selections.
 ## https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989
 ## https://madaidans-insecurities.github.io/guides/linux-hardening.html#kasr-kernel-modules
 
-## Disable automatic conntrack helper assignment
+## Blacklisting prevents kernel modules from automatically starting.
+## Disabling prohibits kernel modules from starting.
+
+## CD-ROM/DVD:
+## Blacklist CD-ROM and DVD modules.
+## Do not disable by default for potential future ISO plans.
+## https://nvd.nist.gov/vuln/detail/CVE-2018-11506
+## https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
+#
+blacklist cdrom
+blacklist sr_mod
+#
+#install cdrom /usr/bin/disabled-cdrom-by-security-misc
+#install sr_mod /usr/bin/disabled-cdrom-by-security-misc
+
+## Connection Tracking:
+## Disable automatic conntrack helper assignment.
 ## https://phabricator.whonix.org/T486
+#
 options nf_conntrack nf_conntrack_helper=0
 
-## Disable bluetooth to reduce attack surface due to extended history of security vulnerabilities
-## https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns
-#
-## Now replaced by a privacy and security preserving default bluetooth configuration for better usability
-#
-# install bluetooth /usr/bin/disabled-bluetooth-by-security-misc
-# install btusb /usr/bin/disabled-bluetooth-by-security-misc
-
-## Disable thunderbolt and firewire modules to prevent some DMA attacks
-install thunderbolt /usr/bin/disabled-thunderbolt-by-security-misc
-install firewire-core /usr/bin/disabled-firewire-by-security-misc
-install firewire-net /usr/bin/disabled-firewire-by-security-misc
-install firewire-ohci /usr/bin/disabled-firewire-by-security-misc
-install firewire-sbp2 /usr/bin/disabled-firewire-by-security-misc
-install ohci1394 /usr/bin/disabled-firewire-by-security-misc
-install sbp2 /usr/bin/disabled-firewire-by-security-misc
-install dv1394 /usr/bin/disabled-firewire-by-security-misc
-install raw1394 /usr/bin/disabled-firewire-by-security-misc
-install video1394 /usr/bin/disabled-firewire-by-security-misc
-
-## Disable CPU MSRs as they can be abused to write to arbitrary memory.
-## https://security.stackexchange.com/questions/119712/methods-root-can-use-to-elevate-itself-to-kernel-mode
-## https://github.com/Kicksecure/security-misc/issues/215
-#install msr /usr/bin/disabled-msr-by-security-misc
-
-## Disables unneeded network protocols that will likely not be used as these may have unknown vulnerabilties.
-## Credit to Tails (https://tails.boum.org/blueprint/blacklist_modules/) for some of these.
-## > Debian ships a long list of modules for wide support of devices, filesystems, protocols. Some of these modules have a pretty bad security track record, and some of those are simply not used by most of our users.
-## > Other distributions like Ubuntu[1] and Fedora[2] already ship a blacklist for various network protocols which aren't much in use by users and have a poor security track record.
-install dccp /usr/bin/disabled-network-by-security-misc
-install sctp /usr/bin/disabled-network-by-security-misc
-install rds /usr/bin/disabled-network-by-security-misc
-install tipc /usr/bin/disabled-network-by-security-misc
-install n-hdlc /usr/bin/disabled-network-by-security-misc
-install ax25 /usr/bin/disabled-network-by-security-misc
-install netrom /usr/bin/disabled-network-by-security-misc
-install x25 /usr/bin/disabled-network-by-security-misc
-install rose /usr/bin/disabled-network-by-security-misc
-install decnet /usr/bin/disabled-network-by-security-misc
-install econet /usr/bin/disabled-network-by-security-misc
-install af_802154 /usr/bin/disabled-network-by-security-misc
-install ipx /usr/bin/disabled-network-by-security-misc
-install appletalk /usr/bin/disabled-network-by-security-misc
-install psnap /usr/bin/disabled-network-by-security-misc
-install p8023 /usr/bin/disabled-network-by-security-misc
-install p8022 /usr/bin/disabled-network-by-security-misc
-install can /usr/bin/disabled-network-by-security-misc
-install atm /usr/bin/disabled-network-by-security-misc
-
-## Disable uncommon file systems to reduce attack surface
-## HFS and HFS+ are legacy Apple filesystems that may be required depending on the EFI parition format
-install cramfs /usr/bin/disabled-filesys-by-security-misc
-install freevxfs /usr/bin/disabled-filesys-by-security-misc
-install jffs2 /usr/bin/disabled-filesys-by-security-misc
-install hfs /usr/bin/disabled-filesys-by-security-misc
-install hfsplus /usr/bin/disabled-filesys-by-security-misc
-install udf /usr/bin/disabled-filesys-by-security-misc
-
-## Disable uncommon network file systems to reduce attack surface
-install cifs /usr/bin/disabled-netfilesys-by-security-misc
-install nfs /usr/bin/disabled-netfilesys-by-security-misc
-install nfsv3 /usr/bin/disabled-netfilesys-by-security-misc
-install nfsv4 /usr/bin/disabled-netfilesys-by-security-misc
-install ksmbd /usr/bin/disabled-netfilesys-by-security-misc
-install gfs2 /usr/bin/disabled-netfilesys-by-security-misc
-
-## Disables the vivid kernel module as it's only required for testing and has been the cause of multiple vulnerabilities
-## https://forums.whonix.org/t/kernel-recompilation-for-better-hardening/7598/233
-## https://www.openwall.com/lists/oss-security/2019/11/02/1
-## https://github.com/a13xp0p0v/kconfig-hardened-check/commit/981bd163fa19fccbc5ce5d4182e639d67e484475
-install vivid /usr/bin/disabled-vivid-by-security-misc
-
-## Disable Intel Management Engine (ME) interface with the OS
-## https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html
-install mei /usr/bin/disabled-intelme-by-security-misc
-install mei-me /usr/bin/disabled-intelme-by-security-misc
-
-# Disable GPS modules like GNSS (Global Navigation Satellite System)
-install gnss /usr/bin/disabled-gps-by-security-misc
-install gnss-mtk /usr/bin/disabled-gps-by-security-misc
-install gnss-serial /usr/bin/disabled-gps-by-security-misc
-install gnss-sirf /usr/bin/disabled-gps-by-security-misc
-install gnss-usb /usr/bin/disabled-gps-by-security-misc
-install gnss-ubx /usr/bin/disabled-gps-by-security-misc
-
-## Blacklist automatic loading of the Atheros 5K RF MACs madwifi driver
-## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-ath_pci.conf?h=ubuntu/disco
-blacklist ath_pci
-
-## Blacklist automatic loading of miscellaneous modules
-## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist.conf?h=ubuntu/disco
-blacklist evbug
-blacklist usbmouse
-blacklist usbkbd
-blacklist eepro100
-blacklist de4x5
-blacklist eth1394
-blacklist snd_intel8x0m
-blacklist snd_aw2
-blacklist prism54
-blacklist bcm43xx
-blacklist garmin_gps
-blacklist asus_acpi
-blacklist snd_pcsp
-blacklist pcspkr
-blacklist amd76x_edac
-
-## Blacklist automatic loading of framebuffer drivers
+## Framebuffer Drivers:
 ## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-framebuffer.conf?h=ubuntu/disco
+#
 blacklist aty128fb
 blacklist atyfb
 blacklist radeonfb
@@ -147,10 +58,133 @@ blacklist viafb
 blacklist vt8623fb
 blacklist udlfb
 
-## Disable CD-ROM devices
-## https://nvd.nist.gov/vuln/detail/CVE-2018-11506
-## https://forums.whonix.org/t/blacklist-more-kernel-modules-to-reduce-attack-surface/7989/31
-#install cdrom /usr/bin/disabled-cdrom-by-security-misc
-#install sr_mod /usr/bin/disabled-cdrom-by-security-misc
-blacklist cdrom
-blacklist sr_mod
+## Miscellaneous:
+## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist.conf?h=ubuntu/disco
+## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-ath_pci.conf?h=ubuntu/disco
+#
+blacklist ath_pci
+blacklist evbug
+blacklist usbmouse
+blacklist usbkbd
+blacklist eepro100
+blacklist de4x5
+blacklist eth1394
+blacklist snd_intel8x0m
+blacklist snd_aw2
+blacklist prism54
+blacklist bcm43xx
+blacklist garmin_gps
+blacklist asus_acpi
+blacklist snd_pcsp
+blacklist pcspkr
+blacklist amd76x_edac
+
+## Bluetooth:
+## Disable Bluetooth to reduce attack surface due to extended history of security vulnerabilities.
+## https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns
+#
+## Now replaced by a privacy and security preserving default Bluetooth configuration for better usability.
+#
+#install bluetooth /usr/bin/disabled-bluetooth-by-security-misc
+#install btusb /usr/bin/disabled-bluetooth-by-security-misc
+
+## CPU Model-Specific Registers (MSRs):
+## Disable CPU MSRs as they can be abused to write to arbitrary memory.
+## https://security.stackexchange.com/questions/119712/methods-root-can-use-to-elevate-itself-to-kernel-mode
+## https://github.com/Kicksecure/security-misc/issues/215
+#
+#install msr /usr/bin/disabled-msr-by-security-misc
+
+## FireWire (IEEE 1394):
+## Disable IEEE 1394 (FireWire/i.LINK/Lynx) modules to prevent some DMA attacks.
+## https://en.wikipedia.org/wiki/IEEE_1394#Security_issues
+#
+install firewire-core /usr/bin/disabled-firewire-by-security-misc
+install firewire-net /usr/bin/disabled-firewire-by-security-misc
+install firewire-ohci /usr/bin/disabled-firewire-by-security-misc
+install firewire-sbp2 /usr/bin/disabled-firewire-by-security-misc
+install ohci1394 /usr/bin/disabled-firewire-by-security-misc
+install sbp2 /usr/bin/disabled-firewire-by-security-misc
+install dv1394 /usr/bin/disabled-firewire-by-security-misc
+install raw1394 /usr/bin/disabled-firewire-by-security-misc
+install video1394 /usr/bin/disabled-firewire-by-security-misc
+
+## File Systems:
+## Disable uncommon file systems to reduce attack surface.
+## HFS and HFS+ are legacy Apple filesystems that may be required depending on the EFI partition format.
+#
+install cramfs /usr/bin/disabled-filesys-by-security-misc
+install freevxfs /usr/bin/disabled-filesys-by-security-misc
+install jffs2 /usr/bin/disabled-filesys-by-security-misc
+install hfs /usr/bin/disabled-filesys-by-security-misc
+install hfsplus /usr/bin/disabled-filesys-by-security-misc
+install udf /usr/bin/disabled-filesys-by-security-misc
+
+## Global Positioning Systems:
+## Disable GPS-related modules like GNSS (Global Navigation Satellite System).
+#
+install gnss /usr/bin/disabled-gps-by-security-misc
+install gnss-mtk /usr/bin/disabled-gps-by-security-misc
+install gnss-serial /usr/bin/disabled-gps-by-security-misc
+install gnss-sirf /usr/bin/disabled-gps-by-security-misc
+install gnss-usb /usr/bin/disabled-gps-by-security-misc
+install gnss-ubx /usr/bin/disabled-gps-by-security-misc
+
+## Intel Management Engine (ME):
+## Partially disable the Intel ME interface with the OS.
+## https://www.kernel.org/doc/html/latest/driver-api/mei/mei.html
+#
+install mei /usr/bin/disabled-intelme-by-security-misc
+install mei-me /usr/bin/disabled-intelme-by-security-misc
+
+## Network File Systems:
+## Disable uncommon network file systems to reduce attack surface.
+#
+install cifs /usr/bin/disabled-netfilesys-by-security-misc
+install nfs /usr/bin/disabled-netfilesys-by-security-misc
+install nfsv3 /usr/bin/disabled-netfilesys-by-security-misc
+install nfsv4 /usr/bin/disabled-netfilesys-by-security-misc
+install ksmbd /usr/bin/disabled-netfilesys-by-security-misc
+install gfs2 /usr/bin/disabled-netfilesys-by-security-misc
+
+## Network Protocols:
+## Disables rare and unneeded network protocols that are a common source of unknown vulnerabilities.
+## https://tails.boum.org/blueprint/blacklist_modules/
+## https://fedoraproject.org/wiki/Security_Features_Matrix#Blacklist_Rare_Protocols)
+## https://git.launchpad.net/ubuntu/+source/kmod/tree/debian/modprobe.d/blacklist-rare-network.conf?h=ubuntu/disco
+#
+install dccp /usr/bin/disabled-network-by-security-misc
+install sctp /usr/bin/disabled-network-by-security-misc
+install rds /usr/bin/disabled-network-by-security-misc
+install tipc /usr/bin/disabled-network-by-security-misc
+install n-hdlc /usr/bin/disabled-network-by-security-misc
+install ax25 /usr/bin/disabled-network-by-security-misc
+install netrom /usr/bin/disabled-network-by-security-misc
+install x25 /usr/bin/disabled-network-by-security-misc
+install rose /usr/bin/disabled-network-by-security-misc
+install decnet /usr/bin/disabled-network-by-security-misc
+install econet /usr/bin/disabled-network-by-security-misc
+install af_802154 /usr/bin/disabled-network-by-security-misc
+install ipx /usr/bin/disabled-network-by-security-misc
+install appletalk /usr/bin/disabled-network-by-security-misc
+install psnap /usr/bin/disabled-network-by-security-misc
+install p8023 /usr/bin/disabled-network-by-security-misc
+install p8022 /usr/bin/disabled-network-by-security-misc
+install can /usr/bin/disabled-network-by-security-misc
+install atm /usr/bin/disabled-network-by-security-misc
+
+## Miscellaneous:
+#
+## Vivid:
+## Disables the vivid kernel module since it has been the cause of multiple vulnerabilities.
+## https://forums.whonix.org/t/kernel-recompilation-for-better-hardening/7598/233
+## https://www.openwall.com/lists/oss-security/2019/11/02/1
+## https://github.com/a13xp0p0v/kconfig-hardened-check/commit/981bd163fa19fccbc5ce5d4182e639d67e484475
+#
+install vivid /usr/bin/disabled-vivid-by-security-misc
+
+## Thunderbolt:
+## Disables Thunderbolt modules to prevent some DMA attacks.
+## https://en.wikipedia.org/wiki/Thunderbolt_(interface)#Security_vulnerabilities
+#
+install thunderbolt /usr/bin/disabled-thunderbolt-by-security-misc