Detections
Analytics

CCI|CCI-001744

Title

The information system implements organization-defined security responses automatically if baseline configurations are changed in an unauthorized manner.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.3.1 Ensure AIDE is installedUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.2 Ensure filesystem integrity is regularly checked - aideUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.2 Ensure filesystem integrity is regularly checked - cronUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.3.2 Ensure filesystem integrity is regularly checked - mailUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
Big Sur - Configure the System to Notify upon Baseline Configuration ChangesUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Configure the System to Notify upon Baseline Configuration ChangesUnixNIST macOS Catalina v1.5.0 - All Profiles
F5BI-DM-000211 - The BIG-IP appliance must be configured to implement automated security responses if baseline configurations are changed in an unauthorized manner.F5DISA F5 BIG-IP Device Management STIG v2r3
GEN000140 - A file integrity baseline must be created and maintained.UnixDISA STIG Solaris 10 SPARC v2r4
GEN000140 - A file integrity baseline must be created and maintained.UnixDISA STIG Solaris 10 X86 v2r4
GEN000140-2 - A file integrity baseline including cryptographic hashes must be created - '/etc/aide.conf must exist'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000140-2 - A file integrity baseline including cryptographic hashes must be created - 'cryptographic hash is used 'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000140-2 - A file integrity baseline including cryptographic hashes must be created - 'database location'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000140-3 - A file integrity baseline including cryptographic hashes must be maintained - '/etc/aide.conf exists'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000140-3 - A file integrity baseline including cryptographic hashes must be maintained - 'database has been configured'UnixDISA STIG for Oracle Linux 5 v2r1
GEN000220 - A file integrity tool must be used at least weekly to check for unauthorized file changes, particularly the addition of unauthorized system libraries or binaries, or for unauthorized modification to authorized system libraries or binaries.UnixDISA STIG Solaris 10 X86 v2r4
GEN000220 - A file integrity tool must be used at least weekly to check for unauthorized file changes, particularly the addition of unauthorized system libraries or binaries, or for unauthorized modification to authorized system libraries or binaries.UnixDISA STIG for Oracle Linux 5 v2r1
GEN000220 - A file integrity tool must be used at least weekly to check for unauthorized file changes, particularly the addition of unauthorized system libraries or binaries, or for unauthorized modification to authorized system libraries or binaries.UnixDISA STIG Solaris 10 SPARC v2r4
GEN002260 - The system must be checked for extraneous device files at least weekly.UnixDISA STIG Solaris 10 SPARC v2r4
GEN002260 - The system must be checked for extraneous device files at least weekly.UnixDISA STIG Solaris 10 X86 v2r4
GEN002400 - The system must be checked weekly for unauthorized setuid files, as well as, unauthorized modification to authorized setuid files.UnixDISA STIG Solaris 10 X86 v2r4
GEN002400 - The system must be checked weekly for unauthorized setuid files, as well as, unauthorized modification to authorized setuid files.UnixDISA STIG Solaris 10 SPARC v2r4
GEN002460 - The system must be checked weekly for unauthorized setgid files, as well as, unauthorized modification to authorized setgid files.UnixDISA STIG Solaris 10 X86 v2r4
GEN002460 - The system must be checked weekly for unauthorized setgid files, as well as, unauthorized modification to authorized setgid files.UnixDISA STIG Solaris 10 SPARC v2r4
Monterey - Configure the System to Notify upon Baseline Configuration ChangesUnixNIST macOS Monterey v1.0.0 - All Profiles
OL6-00-000016 - A file integrity tool must be installed.UnixDISA STIG Oracle Linux 6 v2r7
OL6-00-000302 - A file integrity tool must be used at least weekly to check for unauthorized file changes, particularly the addition of unauthorized system libraries or binaries, or for unauthorized modification to authorized system libraries or binaries.UnixDISA STIG Oracle Linux 6 v2r7
OL6-00-000303 - The operating system must employ automated mechanisms, per organization defined frequency, to detect the addition of unauthorized components/devices into the operating system.UnixDISA STIG Oracle Linux 6 v2r7
OL6-00-000305 - The operating system must provide a near real-time alert when any of the organization defined list of compromise or potential compromise indicators occurs.UnixDISA STIG Oracle Linux 6 v2r7
OL6-00-000306 - The operating system must detect unauthorized changes to software and information.UnixDISA STIG Oracle Linux 6 v2r7
OL6-00-000307 - The operating system must ensure unauthorized, security-relevant configuration changes detected are tracked.UnixDISA STIG Oracle Linux 6 v2r7
OL07-00-020028 - The Oracle Linux operating system must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel.UnixDISA Oracle Linux 7 STIG v2r14
OL07-00-020030 - The Oracle Linux operating system must be configured so that a file integrity tool verifies the baseline operating system configuration at least weekly - aide.UnixDISA Oracle Linux 7 STIG v2r14
OL07-00-020030 - The Oracle Linux operating system must be configured so that a file integrity tool verifies the baseline operating system configuration at least weekly - cron.UnixDISA Oracle Linux 7 STIG v2r14
OL07-00-020040 - The Oracle Linux operating system must be configured so that designated personnel are notified if baseline configurations are changed in an unauthorized manner - aide.UnixDISA Oracle Linux 7 STIG v2r14
OL07-00-020040 - The Oracle Linux operating system must be configured so that designated personnel are notified if baseline configurations are changed in an unauthorized manner - cron.UnixDISA Oracle Linux 7 STIG v2r14
OL08-00-010358 - OL 8 must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel.UnixDISA Oracle Linux 8 STIG v1r8
PHTN-30-000013 - The Photon operating system must have the auditd service running.UnixDISA STIG VMware vSphere 7.0 Photon OS v1r2
PHTN-67-000018 - The Photon operating system must have the auditd service running.UnixDISA STIG VMware vSphere 6.7 Photon OS v1r6
RHEL-07-020028 - The Red Hat Enterprise Linux operating system must be configured to allow sending email notifications of configuration changes and adverse events to designated personnel.UnixDISA Red Hat Enterprise Linux 7 STIG v3r14
RHEL-07-020030 - The Red Hat Enterprise Linux operating system must be configured so that a file integrity tool verifies the baseline operating system configuration at least weekly.UnixDISA Red Hat Enterprise Linux 7 STIG v3r14
RHEL-07-020040 - The Red Hat Enterprise Linux operating system must be configured so that designated personnel are notified if baseline configurations are changed in an unauthorized manner.UnixDISA Red Hat Enterprise Linux 7 STIG v3r14
RHEL-08-010358 - RHEL 8 must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel.UnixDISA Red Hat Enterprise Linux 8 STIG v1r13
RHEL-08-010360 - The RHEL 8 file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency.UnixDISA Red Hat Enterprise Linux 8 STIG v1r13
RHEL-09-215095 - RHEL 9 must have the s-nail package installed.UnixDISA Red Hat Enterprise Linux 9 STIG v1r2
RHEL-09-651010 - RHEL 9 must have the AIDE package installed.UnixDISA Red Hat Enterprise Linux 9 STIG v1r2
RHEL-09-651015 - RHEL 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered.UnixDISA Red Hat Enterprise Linux 9 STIG v1r2
SLES-12-010498 - The SUSE operating system must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel.UnixDISA SLES 12 STIG v2r13
SLES-12-010500 - Advanced Intrusion Detection Environment (AIDE) must verify the baseline SUSE operating system configuration at least weekly.UnixDISA SLES 12 STIG v2r13
SLES-15-010418 - The SUSE operating system must be configured to allow sending email notifications of unauthorized configuration changes to designated personnel.UnixDISA SLES 15 STIG v1r12
SLES-15-010420 - Advanced Intrusion Detection Environment (AIDE) must verify the baseline SUSE operating system configuration at least weekly.UnixDISA SLES 15 STIG v1r12