20.59 Ensure 'System files must be monitored for unauthorized changes'

Information

This policy setting ensures that system files are monitored for unauthorized changes.

Monitoring system files for changes against a baseline on a regular basis may help detect the possible introduction of malicious code on a system.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Monitor the system for unauthorized changes to system files (e.g., *.exe, *.bat, *.com, *.cmd, and *.dll) against a baseline on a weekly basis. This can be done with the use of various monitoring tools including the approved DoD HBSS solution that supports a File Integrity Monitor (FIM) module.

Impact:

Monitoring system files for changes against a baseline on a regular basis will be required.

See Also

https://workbench.cisecurity.org/benchmarks/15301

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-3(5)

Plugin: Windows

Control ID: 5fdf370e08bdc1469547ebb2a6d91dbd4b294f47e2f2e9073e56dab3a64745da