800-53|SI-7(9)

Title

VERIFY BOOT PROCESS

Description

The information system verifies the integrity of the boot process of [Assignment: organization-defined devices].

Supplemental

Ensuring the integrity of boot processes is critical to starting devices in known/trustworthy states. Integrity verification mechanisms provide organizational personnel with assurance that only trusted code is executed during boot processes.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.1 Use an EFI password	Unix	CIS Apple OSX 10.6 Snow Leopard L2 v1.0.0
1.2.3.9 Set 'Choose the boot-start drivers that can be initialized:' to 'Enabled:Good, unknown and bad but critical'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.2.2.28 Set 'Minimum characters:' to 'Enabled:7 or more characters'	Windows	CIS Windows 8 L1 v1.0.0
1.4.1 Enable SELinux in /etc/grub.conf 'enforcing != 0'	Unix	CIS Red Hat Enterprise Linux 5 L2 v2.2
1.4.1 Enable SELinux in /etc/grub.conf 'selinux != 0'	Unix	CIS Red Hat Enterprise Linux 5 L2 v2.2
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS Amazon Linux v2.1.0 L1
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L1 v1.1.0
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS Oracle Linux 6 Server L1 v1.1.0
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS Debian 8 Server L1 v2.0.1
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS Amazon Linux 2 v1.0.0 L1
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS CentOS 6 Server L1 v2.1.0
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS Oracle Linux 6 Workstation L1 v1.1.0
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS Red Hat 6 Server L1 v2.1.0
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS Red Hat 6 Workstation L1 v2.1.0
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS Debian 8 Workstation L1 v2.0.1
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS CentOS 6 Workstation L1 v2.1.0
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS SUSE Linux Enterprise Server 11 L1 v2.1.1
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS SUSE Linux Enterprise Server 12 L1 v2.1.0
1.4.1 Ensure permissions on bootloader config are configured	Unix	CIS Ubuntu Linux 16.04 LTS Server L1 v1.1.0
1.4.2 Ensure authentication required for single user mode	Unix	CIS Amazon Linux v2.1.0 L1
1.4.2 Ensure authentication required for single user mode - emergency.service	Unix	CIS Amazon Linux 2 v1.0.0 L1
1.4.2 Ensure authentication required for single user mode - rescue.service	Unix	CIS Amazon Linux 2 v1.0.0 L1
1.4.2 Ensure bootloader password is set	Unix	CIS CentOS 6 Server L1 v2.1.0
1.4.2 Ensure bootloader password is set	Unix	CIS Red Hat 6 Server L1 v2.1.0
1.4.2 Ensure bootloader password is set	Unix	CIS Oracle Linux 6 Server L1 v1.1.0
1.4.2 Ensure bootloader password is set	Unix	CIS Red Hat 6 Workstation L1 v2.1.0
1.4.2 Ensure bootloader password is set	Unix	CIS CentOS 6 Workstation L1 v2.1.0
1.4.2 Ensure bootloader password is set	Unix	CIS Oracle Linux 6 Workstation L1 v1.1.0
1.4.2 Ensure bootloader password is set - 'passwd_pbkdf2'	Unix	CIS Ubuntu Linux 16.04 LTS Server L1 v1.1.0
1.4.2 Ensure bootloader password is set - 'passwd_pbkdf2'	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L1 v1.1.0
1.4.2 Ensure bootloader password is set - 'set superusers'	Unix	CIS Ubuntu Linux 16.04 LTS Server L1 v1.1.0
1.4.2 Ensure bootloader password is set - 'set superusers'	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L1 v1.1.0
1.4.2 Ensure bootloader password is set - password_pbkdf2	Unix	CIS SUSE Linux Enterprise Server 12 L1 v2.1.0
1.4.2 Ensure bootloader password is set - password_pbkdf2	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0
1.4.2 Ensure bootloader password is set - password_pbkdf2	Unix	CIS Debian 8 Workstation L1 v2.0.1
1.4.2 Ensure bootloader password is set - password_pbkdf2	Unix	CIS Debian 8 Server L1 v2.0.1
1.4.2 Ensure bootloader password is set - set superusers	Unix	CIS Debian 8 Workstation L1 v2.0.1
1.4.2 Ensure bootloader password is set - set superusers	Unix	CIS Debian 8 Server L1 v2.0.1
1.4.2 Ensure bootloader password is set - superusers	Unix	CIS SUSE Linux Enterprise Server 12 L1 v2.1.0
1.4.2 Ensure bootloader password is set - superusers	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0
1.4.3 Ensure authentication required for single user mode - emergency	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0
1.4.3 Ensure authentication required for single user mode - emergency	Unix	CIS SUSE Linux Enterprise Server 12 L1 v2.1.0
1.4.3 Ensure authentication required for single user mode - rescue	Unix	CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0
1.4.3 Ensure authentication required for single user mode - rescue	Unix	CIS SUSE Linux Enterprise Server 12 L1 v2.1.0
1.4.3 Ensure authentication required for single user mode - rescue.service	Unix	CIS CentOS 6 Server L1 v2.1.0
1.4.3 Ensure authentication required for single user mode - rescue.service	Unix	CIS Oracle Linux 6 Server L1 v1.1.0

Detections

Analytics