800-53|SA-10(1)

Title

SOFTWARE / FIRMWARE INTEGRITY VERIFICATION

Description

The organization requires the developer of the information system, system component, or information system service to enable integrity verification of software and firmware components.

Supplemental

This control enhancement allows organizations to detect unauthorized changes to software and firmware components through the use of tools, techniques, and/or mechanisms provided by developers. Integrity checking mechanisms can also address counterfeiting of software and firmware components. Organizations verify the integrity of software and firmware components, for example, through secure one-way hashes provided by developers. Delivered software and firmware components also include any updates to such components.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SI-7

Category: SYSTEM AND SERVICES ACQUISITION

Parent Title: DEVELOPER CONFIGURATION MANAGEMENT

Family: SYSTEM AND SERVICES ACQUISITION

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.3.1 Ensure 'Image Integrity' is correct	Cisco	CIS Cisco Firewall ASA 8 L1 v4.1.0
2.6.6.6.2.9 Ensure 'VBA Macro Notification Settings' is set to 'Require macros to be signed by a trusted publisher'	Windows	CIS Microsoft Office Enterprise v1.1.0 L1
APPNET0063 - .NET must be configured to validate strong names on full-trust assemblies - Wow6432Node	Windows	DISA STIG for Microsoft Dot Net Framework 4.0 v2r1
APPNET0063 - .NET must be configured to validate strong names on full-trust assemblies - Wow6432Node	Windows	DISA STIG for Microsoft Dot Net Framework 4.0 v1r9
APPNET0063 - .NET must be configured to validate strong names on full-trust assemblies.	Windows	DISA STIG for Microsoft Dot Net Framework 4.0 v1r9
APPNET0063 - .NET must be configured to validate strong names on full-trust assemblies.	Windows	DISA STIG for Microsoft Dot Net Framework 4.0 v2r1
GEN006565 - The system package management tool must be used to verify system software periodically.	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN006565 - The system package management tool must be used to verify system software periodically.	Unix	DISA STIG Solaris 10 X86 v2r4
GEN006565 - The system package management tool must be used to verify system software periodically.	Unix	DISA STIG for Oracle Linux 5 v2r1
GEN006565 - The system package management tool must be used to verify system software periodically.	Unix	DISA STIG AIX 5.3 v1r2
GEN006565 - The system package management tool must be used to verify system software periodically.	Unix	DISA STIG AIX 6.1 v1r14
GEN006565 - The system package management tool must be used to verify system software periodically.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
Macro Notification Settings - vbadigsigtrustedpublishers	Windows	MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0
VBA Macro Notification Settings - access - vbadigsigtrustedpublishers	Windows	MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0
VBA Macro Notification Settings - powerpoint - vbadigsigtrustedpublishers	Windows	MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0
VBA Macro Notification Settings - publisher - vbadigsigtrustedpublishers	Windows	MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0
VBA Macro Notification Settings - word - vbadigsigtrustedpublishers	Windows	MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0

Detections

Analytics