800-53|SI-7(1)

Title

INTEGRITY CHECKS

Description

The information system performs an integrity check of [Assignment: organization-defined software, firmware, and information] [Selection (one or more): at startup; at [Assignment: organization-defined transitional states or security-relevant events]; [Assignment: organization-defined frequency]].

Supplemental

Security-relevant events include, for example, the identification of a new threat to which organizational information systems are susceptible, and the installation of new hardware, software, or firmware. Transitional states include, for example, system startup, restart, shutdown, and abort.

Reference Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS SUSE Linux Enterprise Workstation 11 L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS SUSE Linux Enterprise Server 11 L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.3.2 Ensure filesystem integrity is regularly checkedUnixCIS Amazon Linux v2.1.0 L1
1.3.3 Ensure AIDE is configured to verify ACLsUnixCIS Amazon Linux 2 STIG v1.0.0 L3
1.3.4 Ensure AIDE is configured to verify XATTRSUnixCIS Amazon Linux 2 STIG v1.0.0 L3
5.18 System Integrity Protection statusUnixCIS Apple OSX 10.11 El Capitan L1 v1.1.0
5.19 System Integrity Protection statusUnixCIS Apple macOS 10.13 L1 v1.1.0
5.20 System Integrity Protection statusUnixCIS Apple macOS 10.12 L1 v1.2.0
6.1.1 Audit system file permissionsUnixCIS Amazon Linux 2 STIG v1.0.0 L2
6.1.1 Audit system file permissionsUnixCIS Amazon Linux v2.1.0 L2
8.3.2 Implement Periodic Execution of File IntegrityUnixCIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0
8.3.2 Implement Periodic Execution of File IntegrityUnixCIS Debian Linux 7 L2 v1.0.0
9.2 Verify System File PermissionsUnixCIS Solaris 11.1 L1 v1.0.0
9.2 Verify System File PermissionsUnixCIS Solaris 11.2 L1 v1.1.0
9.2 Verify System File PermissionsUnixCIS Solaris 11 L1 v1.1.0
Audit system file permissions - dpkgUnixTenable Cisco Firepower Management Center OS Best Practices Audit
Audit system file permissions - rpmUnixTenable Cisco Firepower Management Center OS Best Practices Audit
Audit system file permissions - zypperUnixTenable Cisco Firepower Management Center OS Best Practices Audit
Big Sur - Apply Gatekeeper Settings to Block Applications from Unidentified DevelopersUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Apply Gatekeeper Settings to Block Applications from Unidentified DevelopersUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Apply Gatekeeper Settings to Block Applications from Unidentified DevelopersUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Apply Gatekeeper Settings to Block Applications from Unidentified DevelopersUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Apply Gatekeeper Settings to Block Applications from Unidentified DevelopersUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Apply Gatekeeper Settings to Block Applications from Unidentified DevelopersUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Apply Gatekeeper Settings to Block Applications from Unidentified DevelopersUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Apply Gatekeeper Settings to Block Applications from Unidentified DevelopersUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Enable GatekeeperUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Apple Mobile File IntegrityUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enforce Apple Mobile File IntegrityUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enforce Apple Mobile File IntegrityUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enforce Apple Mobile File IntegrityUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Ensure Secure Boot Level Set to FullUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Ensure Secure Boot Level Set to FullUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure Secure Boot Level Set to FullUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Ensure Secure Boot Level Set to FullUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Apply Gatekeeper Settings to Block Applications from Unidentified DevelopersUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Apply Gatekeeper Settings to Block Applications from Unidentified DevelopersUnixNIST macOS Catalina v1.5.0 - 800-53r5 Low
Catalina - Apply Gatekeeper Settings to Block Applications from Unidentified DevelopersUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Apply Gatekeeper Settings to Block Applications from Unidentified DevelopersUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate