| CGI or equivalent files must be monitored by a security tool that reports unauthorized changes. It is the purpose of such software to monitor key files for unauthorized changes to them. The reviewer should query the ISSO, the SA, and the web administrator and verify the information provided by asking to see the template file or configuration file of the software being used to accomplish this security task. Example file extensions for files considered to provide active content are, but not limited to, .cgi, .asp, .aspx, .class, .vb, .php, .pl, and .c. |
If the site does not have a process in place to monitor changes to CGI program files, this is a finding.