800-53|SI-7(6)

Title

CRYPTOGRAPHIC PROTECTION

Description

The information system implements cryptographic mechanisms to detect unauthorized changes to software, firmware, and information.

Supplemental

Cryptographic mechanisms used for the protection of integrity include, for example, digital signatures and the computation and application of signed hashes using asymmetric cryptography, protecting the confidentiality of the key used to generate the hash, and using the public key to verify the hash information.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SC-13

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.3.17.9 Set 'User Account Control: Only elevate executables that are signed and validated' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.11 - /etc/security/login.cfg - 'pwd_algorithm = ssha256 (AIX 5.3 TL7+ only)'	Unix	CIS AIX 5.3/6.1 L2 v1.1.0
1.2.2 Ensure GPG keys are configured	Unix	CIS Amazon Linux v2.1.0 L1
1.2.2 Ensure GPG keys are configured	Unix	CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0
1.2.2 Ensure GPG keys are configured	Unix	CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0
1.2.2 Ensure GPG keys are configured	Unix	CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.2.2 Ensure GPG keys are configured	Unix	CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
1.2.3 Ensure gpgcheck is globally activated	Unix	CIS Amazon Linux v2.1.0 L1
1.2.4 Ensure software packages have been digitally signed by a Certificate Authority (CA)	Unix	CIS Amazon Linux 2 STIG v1.0.0 L3
2.3.31.1 Ensure 'Legacy format signatures' is set to 'Disabled'	Windows	CIS Microsoft Office Enterprise v1.1.0 L1
2.4 Do not use insecure registries	Unix	CIS Docker 1.11.0 v1.0.0 L1 Docker
2.4 Do not use insecure registries	Unix	CIS Docker 1.12.0 v1.0.0 L1 Docker
2.4 Do not use insecure registries	Unix	CIS Docker 1.13.0 v1.0.0 L1 Docker
2.4 Ensure insecure registries are not used	Unix	CIS Docker Community Edition v1.1.0 L1 Docker
2.5 Do not use insecure registries	Unix	CIS Docker 1.6 v1.0.0 L1 Docker
2.5.6 - NFS - secure NFS - 'all entries in /etc/exports contain sec='	Unix	CIS AIX 5.3/6.1 L2 v1.1.0
2.15.1 - TE - implementation (AIX 6.1 only) - 'TE is enabled'	Unix	CIS AIX 5.3/6.1 L2 v1.1.0
2.15.1 - TE - implementation (AIX 6.1 only) - 'TEP is enabled'	Unix	CIS AIX 5.3/6.1 L2 v1.1.0
2.29.2 Ensure 'Legacy Format Signatures' is set to Disabled	Windows	CIS Microsoft Office 2016 v1.1.0
4.5 Enable Content trust for Docker	Unix	CIS Docker 1.11.0 v1.0.0 L2 Docker
4.5 Enable Content trust for Docker	Unix	CIS Docker 1.13.0 v1.0.0 L2 Docker
4.5 Enable Content trust for Docker	Unix	CIS Docker 1.12.0 v1.0.0 L2 Docker
4.5 Ensure Content trust for Docker is Enabled	Unix	CIS Docker Community Edition v1.1.0 L2 Docker
4.8.1 TE - implementation	Unix	CIS IBM AIX 7.2 L2 v1.1.0
Big Sur - Enable Authenticated Root	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Enable Authenticated Root	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Enable Authenticated Root	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Enable Authenticated Root	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Low
Big Sur - Enable Authenticated Root	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Low
Big Sur - Enable Authenticated Root	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Enable Authenticated Root	Unix	NIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Enable Authenticated Root	Unix	NIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Enable Authenticated Root	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Ensure GPG keys are configured - apt-key list	Unix	Tenable Cisco Firepower Management Center OS Best Practices Audit
Ensure GPG keys are configured - yum	Unix	Tenable Cisco Firepower Management Center OS Best Practices Audit
FireEye - Boot image must be signed	FireEye	TNS FireEye
IBM i : Verify Object on Restore (QVFYOBJRST) - '3'	AS/400	IBM iSeries Security Reference v5r4
IBM i : Verify Object on Restore (QVFYOBJRST) - '3'	AS/400	IBM System i Security Reference for V7R1 and V6R1
IBM i : Verify Object on Restore (QVFYOBJRST) - '3'	AS/400	IBM System i Security Reference for V7R2
IBM i : Verify Object on Restore (QVFYOBJRST) - '3'	AS/400	IBM System i Security Reference for V7R3
Monterey - Enable Authenticated Root	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Enable Authenticated Root	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 Low
Monterey - Enable Authenticated Root	Unix	NIST macOS Monterey v1.0.0 - All Profiles
Monterey - Enable Authenticated Root	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Enable Authenticated Root	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Enable Authenticated Root	Unix	NIST macOS Monterey v1.0.0 - 800-171
Monterey - Enable Authenticated Root	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Enable Authenticated Root	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 Low
Monterey - Enable Authenticated Root	Unix	NIST macOS Monterey v1.0.0 - CNSSI 1253
O121-C2-019600 - The system must verify there have not been unauthorized changes to the DBMS software and information.	OracleDB	DISA STIG Oracle 12c v2r8 Database

Detections

Analytics