Applications utilized for integrity verification must detect unauthorized changes to software and information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35679	SRG-APP-000262-AS-NA	SV-46966r1_rule		Medium

Description
Organizations are required to employ integrity verification applications on information systems to look for evidence of information tampering, errors, and omissions. The organization is also required to employ good software engineering practices with regard to commercial off-the-shelf integrity mechanisms (e.g., parity checks, cyclical redundancy checks, and cryptographic hashes) and use tools to automatically monitor the integrity of the information system and the applications it hosts. Application servers are not used for integrity checking. This requirement is more in line with a tool like Tripwire.

Description

Organizations are required to employ integrity verification applications on information systems to look for evidence of information tampering, errors, and omissions. The organization is also required to employ good software engineering practices with regard to commercial off-the-shelf integrity mechanisms (e.g., parity checks, cyclical redundancy checks, and cryptographic hashes) and use tools to automatically monitor the integrity of the information system and the applications it hosts. Application servers are not used for integrity checking. This requirement is more in line with a tool like Tripwire.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-44021r1_chk )
This requirement is NA for the AS SRG.

Fix Text (F-40221r1_fix)
The requirement is NA. No fix is required.