800-53|SI-7

Title

SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY

Description

The organization employs integrity verification tools to detect unauthorized changes to [Assignment: organization-defined software, firmware, and information].

Supplemental

Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity (e.g., tampering). Software includes, for example, operating systems (with key internal components such as kernels, drivers), middleware, and applications. Firmware includes, for example, the Basic Input Output System (BIOS). Information includes metadata such as security attributes associated with information. State-of-the-practice integrity-checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications.

Reference Item Details

Related: SA-12,SC-13,SC-8,SI-3

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.2.2 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to EnabledWindowsCIS Microsoft Office Access 2013 v1.0.1
1.1.3.2.2 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to EnabledWindowsCIS Microsoft Office Access 2016 v1.0.1
1.1.3.17.9 Set 'User Account Control: Only elevate executables that are signed and validated' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.1.11 - /etc/security/login.cfg - 'pwd_algorithm = ssha256 (AIX 5.3 TL7+ only)'UnixCIS AIX 5.3/6.1 L2 v1.1.0
1.2.2 Ensure GPG keys are configuredUnixCIS Amazon Linux v2.1.0 L1
1.2.2 Ensure GPG keys are configuredUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.2.2 Ensure GPG keys are configuredUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.2.3 Ensure gpgcheck is globally activatedUnixCIS Amazon Linux v2.1.0 L1
1.2.3.9 Set 'Choose the boot-start drivers that can be initialized:' to 'Enabled:Good, unknown and bad but critical'WindowsCIS Windows 8 L1 v1.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 17 L1 v2.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 16 L1 v2.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 17 L1 v2.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 16 L1 v2.0.0
1.2.4 Ensure software packages have been digitally signed by a Certificate Authority (CA)UnixCIS Amazon Linux 2 STIG v1.0.0 L3
1.2.4.2.2.28 Set 'Minimum characters:' to 'Enabled:7 or more characters'WindowsCIS Windows 8 L1 v1.0.0
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS 17 L1 v2.0.0
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS 16 L1 v2.0.0
1.3.2 Ensure 'Restrict legacy JScript execution for Office' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.1.0 L1
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Amazon Linux v2.1.0 L1
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctlUnixCIS AlmaLinux OS 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctlUnixCIS Oracle Linux 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctlUnixCIS Red Hat EL9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctlUnixCIS AlmaLinux OS 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctlUnixCIS Rocky Linux 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctlUnixCIS Red Hat EL9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctlUnixCIS Oracle Linux 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctlUnixCIS Rocky Linux 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditdUnixCIS Oracle Linux 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditdUnixCIS AlmaLinux OS 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditdUnixCIS Red Hat EL9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditdUnixCIS Rocky Linux 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditdUnixCIS Oracle Linux 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditdUnixCIS Rocky Linux 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditdUnixCIS Red Hat EL9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditdUnixCIS AlmaLinux OS 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrulesUnixCIS AlmaLinux OS 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrulesUnixCIS Rocky Linux 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrulesUnixCIS Red Hat EL9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrulesUnixCIS Oracle Linux 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrulesUnixCIS AlmaLinux OS 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrulesUnixCIS Red Hat EL9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrulesUnixCIS Oracle Linux 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrulesUnixCIS Rocky Linux 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - aureportUnixCIS Rocky Linux 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - aureportUnixCIS Oracle Linux 9 Server L1 v1.0.0