diff --git a/controls/sysctl_spec.rb b/controls/sysctl_spec.rb
index 3cc9f34..de4bc3c 100644
--- a/controls/sysctl_spec.rb
+++ b/controls/sysctl_spec.rb
@@ -432,3 +432,14 @@
     its(:value) { should eq 1 }
   end
 end
+
+control 'sysctl-35' do
+  impact 1.0
+  title 'Restrict ptrace attach to privileged users'
+  desc 'Ensure kernel.yama.ptrace_scope is set to at least 2 so unprivileged users cannot attach ptrace to arbitrary processes.'
+  # exclude SuSE because it does not have this parameter
+  only_if { !(container_execution || os.suse?) }
+  describe kernel_parameter('kernel.yama.ptrace_scope') do
+    its(:value) { should >= 2 }
+  end
+end