UCF STIG Viewer Logo



Number Title Impact Priority Subject Area
SA-18 Tamper Resistance And Detection P0 System And Services Acquisition

The organization implements a tamper protection program for the information system, system component, or information system service.
Anti-tamper technologies and techniques provide a level of protection for critical information systems, system components, and information technology products against a number of related threats including modification, reverse engineering, and substitution. Strong identification combined with tamper resistance and/or tamper detection is essential to protecting information systems, components, and products during distribution and when in use.

SA-18 (1) Multiple Phases Of Sdlc
Organizations use a combination of hardware and software techniques for tamper resistance and detection. Organizations employ obfuscation and self-checking, for example, to make reverse engineering and modifications more difficult, time-consuming, and expensive for adversaries. Customization of information systems and system components can make substitutions easier to detect and therefore limit damage.

The organization employs anti-tamper technologies and techniques during multiple phases in the system development life cycle including design, development, integration, operations, and maintenance.

SA-18 (2) Inspection Of Information Systems, Components, Or Devices
This control enhancement addresses both physical and logical tampering and is typically applied to mobile devices, notebook computers, or other system components taken out of organization-controlled areas. Indications of need for inspection include, for example, when individuals return from travel to high-risk locations.

The organization inspects Assignment: organization-defined information systems, system components, or devices Selection (one or more): at random; at Assignment: organization-defined frequency, upon Assignment: organization-defined indications of need for inspection to detect tampering.