800-53|SI-7

Title

SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY

Description

The organization employs integrity verification tools to detect unauthorized changes to [Assignment: organization-defined software, firmware, and information].

Supplemental

Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity (e.g., tampering). Software includes, for example, operating systems (with key internal components such as kernels, drivers), middleware, and applications. Firmware includes, for example, the Basic Input Output System (BIOS). Information includes metadata such as security attributes associated with information. State-of-the-practice integrity-checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SA-12,SC-13,SC-8,SI-3

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.2.2 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to Enabled	Windows	CIS Microsoft Office Access 2013 v1.0.1
1.1.3.2.2 Ensure 'Require that application add-ins are signed by Trusted Publisher' is set to Enabled	Windows	CIS Microsoft Office Access 2016 v1.0.1
1.1.3.17.9 Set 'User Account Control: Only elevate executables that are signed and validated' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.11 - /etc/security/login.cfg - 'pwd_algorithm = ssha256 (AIX 5.3 TL7+ only)'	Unix	CIS AIX 5.3/6.1 L2 v1.1.0
1.2.2 Ensure GPG keys are configured	Unix	CIS Amazon Linux v2.1.0 L1
1.2.2 Ensure GPG keys are configured	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.2.2 Ensure GPG keys are configured	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.2.2 Ensure GPG keys are configured	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.2.2 Ensure GPG keys are configured	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.2.3 Ensure gpgcheck is globally activated	Unix	CIS Amazon Linux v2.1.0 L1
1.2.3.9 Set 'Choose the boot-start drivers that can be initialized:' to 'Enabled:Good, unknown and bad but critical'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'	Cisco	CIS Cisco IOS 17 L1 v2.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'	Cisco	CIS Cisco IOS 16 L1 v2.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'	Cisco	CIS Cisco IOS 16 L1 v2.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'	Cisco	CIS Cisco IOS 17 L1 v2.0.0
1.2.4 Ensure software packages have been digitally signed by a Certificate Authority (CA)	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
1.2.4.2.2.28 Set 'Minimum characters:' to 'Enabled:7 or more characters'	Windows	CIS Windows 8 L1 v1.0.0
1.2.5 Set 'access-class' for 'line vty'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.2.5 Set 'access-class' for 'line vty'	Cisco	CIS Cisco IOS 17 L1 v2.0.0
1.2.5 Set 'access-class' for 'line vty'	Cisco	CIS Cisco IOS 16 L1 v2.0.0
1.3.2 Ensure 'Restrict legacy JScript execution for Office' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.1.0 L1
1.3.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checked	Unix	CIS Amazon Linux v2.1.0 L1
1.3.2 Ensure filesystem integrity is regularly checked	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctl	Unix	CIS AlmaLinux OS 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctl	Unix	CIS Red Hat EL9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctl	Unix	CIS Oracle Linux 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctl	Unix	CIS Red Hat EL9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctl	Unix	CIS Rocky Linux 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctl	Unix	CIS Rocky Linux 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctl	Unix	CIS Oracle Linux 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditctl	Unix	CIS AlmaLinux OS 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditd	Unix	CIS Rocky Linux 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditd	Unix	CIS AlmaLinux OS 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditd	Unix	CIS Red Hat EL9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditd	Unix	CIS Oracle Linux 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditd	Unix	CIS Oracle Linux 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditd	Unix	CIS Red Hat EL9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditd	Unix	CIS AlmaLinux OS 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - auditd	Unix	CIS Rocky Linux 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrules	Unix	CIS AlmaLinux OS 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrules	Unix	CIS Rocky Linux 9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrules	Unix	CIS Red Hat EL9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrules	Unix	CIS Oracle Linux 9 Workstation L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrules	Unix	CIS Red Hat EL9 Server L1 v1.0.0
1.3.3 Ensure cryptographic mechanisms are used to protect the integrity of audit tools - augenrules	Unix	CIS Rocky Linux 9 Workstation L1 v1.0.0

Detections

Analytics