Detections
Analytics

800-53|SI-7(1)

Title

INTEGRITY CHECKS

Description

The information system performs an integrity check of [Assignment: organization-defined software, firmware, and information] [Selection (one or more): at startup; at [Assignment: organization-defined transitional states or security-relevant events]; [Assignment: organization-defined frequency]].

Supplemental

Security-relevant events include, for example, the identification of a new threat to which organizational information systems are susceptible, and the installation of new hardware, software, or firmware. Transitional states include, for example, system startup, restart, shutdown, and abort.

Reference Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Amazon Linux v2.1.0 L1
1.84 Ensure 'Enable renderer code integrity' is set to 'Enabled'WindowsCIS Microsoft Edge L1 v1.1.0
2.2 Scan for TROJAN aka Untrusted/Unauthorized Applications (Implement Allowlist)UnixCIS IBM AIX 7.2 L1 v1.0.0
2.3.5.1 Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only)WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
2.3.5.1 Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only)WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
2.5 Allowlist Authorized Scripts and Report Violations - CHKSCRIPTUnixCIS IBM AIX 7.2 L1 v1.0.0
2.5 Allowlist Authorized Scripts and Report Violations - kern.infoUnixCIS IBM AIX 7.2 L1 v1.0.0
2.5.14.3.2.1 Ensure 'Allow scripts in one-off Outlook forms' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.0.0 L1
2.6 Enforce Allowlist aka Trusted Execution Checks - stop_on_chkfailUnixCIS IBM AIX 7.2 L2 v1.0.0
2.6 Enforce Allowlist aka Trusted Execution Checks - stop_untrustdUnixCIS IBM AIX 7.2 L2 v1.0.0
3.2 Ensure the Apache User Account Has an Invalid ShellUnixCIS Apache HTTP Server 2.4 L1 v2.1.0 Middleware
3.2 Ensure the Apache User Account Has an Invalid ShellUnixCIS Apache HTTP Server 2.4 L1 v2.1.0
4.1.4 Minimize access to create podsGCPCIS Google Kubernetes Engine (GKE) v1.4.0 L1
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 19c DB Unified Auditing v1.1.0
4.2 Ensure All Sample Data And Users Have Been RemovedOracleDBCIS Oracle Server 19c DB Traditional Auditing v1.1.0
4.12 Ensure all signed artifacts are validatedUnixCIS Docker v1.6.0 L1 Docker Linux
5.1.4 Minimize access to create podsOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
5.3.3 Ensure that Content Security Policy (CSP) is enabled and configured properlyUnixCIS NGINX Benchmark v2.0.1 L2 Webserver
5.4 Disable Moving or Resizing of Windows via ScriptsWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
5.4 Disable Moving or Resizing of Windows via ScriptsUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
5.5 Disable Raising or Lowering of Windows via ScriptsUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
5.5 Disable Raising or Lowering of Windows via ScriptsWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
5.15 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen [::ffff:0.0.0.0]:80 does not exists'UnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
5.15 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen [::ffff:0.0.0.0]:80 does not exists'UnixCIS Apache HTTP Server 2.4 L2 v2.1.0
5.15 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen 0.0.0.0:80 does not exists'UnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
5.15 Ensure the IP Addresses for Listening for Requests Are Specified - 'httpd.conf Listen 0.0.0.0:80 does not exists'UnixCIS Apache HTTP Server 2.4 L2 v2.1.0
5.18 Ensure HTTP Header Permissions-Policy is set appropriatelyUnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
5.18 Ensure HTTP Header Permissions-Policy is set appropriatelyUnixCIS Apache HTTP Server 2.4 L2 v2.1.0
5.18 System Integrity Protection statusUnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
5.19 System Integrity Protection statusUnixCIS Apple macOS 10.13 L1 v1.1.0
5.20 System Integrity Protection statusUnixCIS Apple macOS 10.12 L1 v1.2.0
6.1.1 Audit system file permissionsUnixCIS Amazon Linux v2.1.0 L2
6.1.1 Audit system file permissionsUnixCIS Amazon Linux 2 STIG v1.0.0 L2
6.3 Ensure that server-side scripting is disabled if not neededUnixCIS MongoDB 3.6 L2 Unix Audit v1.1.0
10.12 Do not allow symbolic linkingUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.12 Do not allow symbolic linkingUnixCIS Apache Tomcat 10 L1 v1.0.0
10.12 Do not allow symbolic linkingUnixCIS Apache Tomcat 10 L1 v1.0.0 Middleware
10.12 Do not allow symbolic linkingUnixCIS Apache Tomcat 9 L1 v1.2.0
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 9 L1 v1.2.0
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 9 L1 v1.2.0 Middleware
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 10 L1 v1.0.0
10.14 Do not allow cross context requestsUnixCIS Apache Tomcat 10 L1 v1.0.0 Middleware
11.4 Ensure Only the Necessary SELinux Booleans are EnabledUnixCIS Apache HTTP Server 2.4 L2 v2.1.0
11.4 Ensure Only the Necessary SELinux Booleans are EnabledUnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
12.1 Ensure the AppArmor Framework Is EnabledUnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
12.1 Ensure the AppArmor Framework Is EnabledUnixCIS Apache HTTP Server 2.4 L2 v2.1.0