Detections
Analytics

800-53|SI-7

Title

SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY

Description

The organization employs integrity verification tools to detect unauthorized changes to [Assignment: organization-defined software, firmware, and information].

Supplemental

Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity (e.g., tampering). Software includes, for example, operating systems (with key internal components such as kernels, drivers), middleware, and applications. Firmware includes, for example, the Basic Input Output System (BIOS). Information includes metadata such as security attributes associated with information. State-of-the-practice integrity-checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications.

Reference Item Details

Related: SA-12,SC-13,SC-8,SI-3

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.17.9 Set 'User Account Control: Only elevate executables that are signed and validated' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.11 - /etc/security/login.cfg - 'pwd_algorithm = ssha256 (AIX 5.3 TL7+ only)'UnixCIS AIX 5.3/6.1 L2 v1.1.0
1.2.2 Ensure GPG keys are configuredUnixCIS Amazon Linux v2.1.0 L1
1.2.2 Ensure GPG keys are configuredUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.2.2 Ensure GPG keys are configuredUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.2.3 Ensure gpgcheck is globally activatedUnixCIS Amazon Linux v2.1.0 L1
1.2.3.9 Set 'Choose the boot-start drivers that can be initialized:' to 'Enabled:Good, unknown and bad but critical'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.2.2.28 Set 'Minimum characters:' to 'Enabled:7 or more characters'WindowsCIS Windows 8 L1 v1.0.0
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Amazon Linux v2.1.0 L1
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.4.1 Ensure permissions on bootloader config are configuredUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.4.1 Ensure permissions on bootloader config are configuredUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.4.2 Ensure authentication required for single user modeUnixCIS Amazon Linux v2.1.0 L1
1.4.3 Ensure interactive boot is not enabledUnixCIS Amazon Linux v2.1.0 L1
1.5.5 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.5.6 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.5.7 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.5.7 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.5.8 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.5.8 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS XE 17.x v2.1.0 L1
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - 'enforcing'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - 'enforcing'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration -'selinux'UnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.6.1.1 Ensure SELinux is not disabled in bootloader configuration -'selinux'UnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.6.2.1 Ensure AppArmor is not disabled in bootloader configurationUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.6.2.1 Ensure AppArmor is not disabled in bootloader configurationUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
2.1.1 Secure Installation via ISC SourceUnixCIS ISC BIND 9.0/9.5 v2.0.0
2.4 Do not use insecure registriesUnixCIS Docker 1.11.0 v1.0.0 L1 Docker
2.4 Do not use insecure registriesUnixCIS Docker 1.12.0 v1.0.0 L1 Docker
2.4 Do not use insecure registriesUnixCIS Docker 1.13.0 v1.0.0 L1 Docker
2.4 Ensure insecure registries are not usedUnixCIS Docker Community Edition v1.1.0 L1 Docker
2.5 Do not use insecure registriesUnixCIS Docker 1.6 v1.0.0 L1 Docker
2.5.6 - NFS - secure NFS - 'all entries in /etc/exports contain sec='UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.13 Ensure EFI version is valid and being regularly checked - daemonUnixCIS Apple macOS 10.13 L1 v1.1.0
2.13 Ensure EFI version is valid and being regularly checked - itegrity-checkUnixCIS Apple macOS 10.13 L1 v1.1.0
2.15.1 - TE - implementation (AIX 6.1 only) - 'TE is enabled'UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.15.1 - TE - implementation (AIX 6.1 only) - 'TEP is enabled'UnixCIS AIX 5.3/6.1 L2 v1.1.0
2.27 Ensure 'Http Allowlist' Is Properly ConfiguredWindowsCIS Google Chrome L1 v3.0.0
10.12 Do not allow symbolic linkingUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.12 Do not allow symbolic linkingUnixCIS Apache Tomcat 9 L1 v1.2.0
10.12 Do not allow symbolic linkingUnixCIS Apache Tomcat 10 L1 v1.1.0
10.12 Do not allow symbolic linkingUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.12 Do not allow symbolic linkingUnixCIS Apache Tomcat 10.1 v1.0.0 L1
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 10 L1 v1.1.0
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 10.1 v1.0.0 L1
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 9 L1 v1.2.0
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware