800-53|SI-7(1)

Title

INTEGRITY CHECKS

Description

The information system performs an integrity check of [Assignment: organization-defined software, firmware, and information] [Selection (one or more): at startup; at [Assignment: organization-defined transitional states or security-relevant events]; [Assignment: organization-defined frequency]].

Supplemental

Security-relevant events include, for example, the identification of a new threat to which organizational information systems are susceptible, and the installation of new hardware, software, or firmware. Transitional states include, for example, system startup, restart, shutdown, and abort.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.3.2 Ensure 'Restrict legacy JScript execution for Office' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
1.3.2 Ensure filesystem integrity is regularly checked	Unix	CIS Amazon Linux v2.1.0 L1
1.3.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
2.1.1.3.2.2 Ensure 'Block macros from running in Office files from the internet' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.1.1.3.2.3 Ensure 'Disable Trust Bar Notification for unsigned application add-ins and block them' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.1.1.3.2.4 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.2 Scan for TROJAN aka Untrusted/Unauthorized Applications (Implement Allowlist)	Unix	CIS IBM AIX 7.2 L1 v1.1.0
2.2.4.7.2.6 Ensure 'Block macros from running in Office files from the internet' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.2.4.7.2.7 Ensure 'Disable Trust Bar Notification for unsigned application add-ins and block them' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.2.4.7.2.8 Ensure 'Macro Notification Settings' is set to 'Enabled: Disable VBA macros except digitally signed macros'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.2.4.7.2.9 Ensure 'Macro Notification Settings' is set to 'Require macros to be signed by a trusted publisher'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.2.4.7.2.10 Ensure 'Prevent Excel from running XLM macros' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.2.4.7.2.11 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.2.4.7.2.12 Ensure 'Store macro in Personal Macro Workbook by default' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.3.27.7 Ensure 'Automation Security' is set to 'Enabled: Disable Macros by default'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.5 Allowlist Authorized Scripts and Report Violations	Unix	CIS IBM AIX 7.2 L1 v1.1.0
2.5.10.6.1.3 Ensure 'Do not allow Outlook object model scripts to run for public folders' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.5.10.6.1.4 Ensure 'Do not allow Outlook object model scripts to run for shared folders' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.5.14.3.2.1 Ensure 'Allow scripts in one-off Outlook forms' is set to 'Disabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.5.14.4.3 Ensure 'Security setting for macros' is set to 'Enabled: Warn for signed, disable unsigned'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.6 Enforce Allowlist aka Trusted Execution Checks	Unix	CIS IBM AIX 7.2 L2 v1.1.0
2.6.6.6.2.4 Ensure 'Block macros from running in Office files from the Internet' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.6.6.6.2.5 Ensure 'Disable Trust Bar Notification for unsigned application add-ins and block them' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.6.6.6.2.6 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.8.4.1.1 Ensure 'Block macros from running in Office files from the internet' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.8.4.1.2 Ensure 'Disable Trust Bar Notification for unsigned application add-ins and block them' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.8.4.1.3 Ensure 'Require that application add-ins are signed by Trusted Publisher' to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.8.4.1.4 Ensure 'VBA Macro Notification Settings' is set to 'Enabled: Disable all except digitally signed macros'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.8.4.1.5 Ensure 'VBA Macro Notification Settings' is set to 'Require macros to be signed by a trusted publisher'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.11.8.7.2.4 Ensure 'Block macros from running in Office files from the Internet' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.11.8.7.2.5 Ensure 'Disable Trust Bar Notification for unsigned application add-ins and block them' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.11.8.7.2.7 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.11.8.7.2.10 Ensure 'VBA Macro Notification Settings' is set to 'Enabled: Disable all except digitally signed macros'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.11.8.7.2.11 Ensure 'VBA Macro Notification Settings' is set to 'Require macros to be signed by a trusted publisher'	Windows	CIS Microsoft Office Enterprise v1.2.0 L1
2.27 Ensure 'Http Allowlist' Is Properly Configured	Windows	CIS Google Chrome L1 v3.0.0
3.1 Set a nondeterministic Shutdown command value	Unix	CIS Apache Tomcat 10 L1 v1.1.0
3.1 Set a nondeterministic Shutdown command value	Unix	CIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.12 Do not allow symbolic linking	Unix	CIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.12 Do not allow symbolic linking	Unix	CIS Apache Tomcat 9 L1 v1.2.0
10.12 Do not allow symbolic linking	Unix	CIS Apache Tomcat 10 L1 v1.1.0
10.12 Do not allow symbolic linking	Unix	CIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.14 Do not allow cross context requests	Unix	CIS Apache Tomcat 10 L1 v1.1.0
10.14 Do not allow cross context requests	Unix	CIS Apache Tomcat 10 L1 v1.1.0 Middleware
10.14 Do not allow cross context requests	Unix	CIS Apache Tomcat 9 L1 v1.2.0
10.14 Do not allow cross context requests	Unix	CIS Apache Tomcat 9 L1 v1.2.0 Middleware
11.4 Ensure Only the Necessary SELinux Booleans are Enabled	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0
11.4 Ensure Only the Necessary SELinux Booleans are Enabled	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
12.1 Ensure the AppArmor Framework Is Enabled	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
12.1 Ensure the AppArmor Framework Is Enabled	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0

Detections

Analytics