Organizations are required to employ integrity verification applications on information systems to look for evidence of information tampering, errors, and omissions. The organization is also required to employ good software engineering practices with regard to commercial off-the-shelf integrity mechanisms (e.g., parity checks, cyclical redundancy checks, and cryptographic hashes) and use tools to automatically monitor the integrity of the information system and the applications it hosts.
Application servers are not used for integrity checking. This requirement is more in line with a tool like Tripwire. |