800-53|SI-6b.

Title

SECURITY FUNCTION VERIFICATION

Description

Performs this verification [Selection (one or more): [Assignment: organization-defined system transitional states]; upon command by user with appropriate privilege; [Assignment: organization-defined frequency]];

Reference Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
APPL-14-005100 - The macOS system must ensure secure boot level set to full.UnixDISA Apple macOS 14 (Sonoma) STIG v2r2
APPL-15-005100 - The macOS system must ensure Secure Boot level is set to 'full'.UnixDISA Apple macOS 15 (Sequoia) STIG v1r1
ESXI-70-000095 - The ESXi host must implement Secure Boot enforcement.UnixDISA STIG VMware vSphere 7.0 ESXi OS v1r2
ESXI-80-000085 The ESXi host must implement Secure Boot enforcement.UnixDISA VMware vSphere 8.0 ESXi STIG OS v2r1
OL07-00-020030 - The Oracle Linux operating system must be configured so that a file integrity tool verifies the baseline operating system configuration at least weekly.UnixDISA Oracle Linux 7 STIG v3r1
OL08-00-010360 - The OL 8 file integrity tool must notify the System Administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency.UnixDISA Oracle Linux 8 STIG v2r2
PHTN-30-000013 - The Photon operating system must have the auditd service running.UnixDISA STIG VMware vSphere 7.0 Photon OS v1r3
PHTN-40-000016 The Photon operating system must enable the auditd service.UnixDISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1
PHTN-67-000018 - The Photon operating system must have the auditd service running.UnixDISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-09-651015 - RHEL 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered.UnixDISA Red Hat Enterprise Linux 9 STIG v2r2
SLES-12-010500 - Advanced Intrusion Detection Environment (AIDE) must verify the baseline SUSE operating system configuration at least weekly.UnixDISA SLES 12 STIG v3r1
SLES-15-010420 - Advanced Intrusion Detection Environment (AIDE) must verify the baseline SUSE operating system configuration at least weekly.UnixDISA SLES 15 STIG v2r2
UBTU-16-010510 - The file integrity tool must perform verification of the correct operation of security functions: upon system start-up and/or restart; upon command by a user with privileged access; and/or every 30 days.UnixDISA STIG Ubuntu 16.04 LTS v2r3
UBTU-18-010516 - The Ubuntu operating system must be configured so that a file integrity tool verifies the correct operation of security functions every 30 days.UnixDISA STIG Ubuntu 18.04 LTS v2r15
UBTU-20-010074 - The Ubuntu operating system must be configured so that the script which runs each 30 days or less to check file integrity is the default one.UnixDISA STIG Ubuntu 20.04 LTS v2r1
UBTU-22-651025 - Ubuntu 22.04 LTS must be configured so that the script that runs each 30 days or less to check file integrity is the default.UnixDISA STIG Canonical Ubuntu 22.04 LTS v2r2
WDNS-SI-000007 - The Windows 2012 DNS Server must log the event and notify the system administrator when anomalies in the operation of the signed zone transfers are discovered.WindowsDISA Microsoft Windows 2012 Server DNS STIG v2r7