UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Mainframe Product must perform an integrity check of information as defined in site security plan at startup, at transitional states as defined in site security plan or security-relevant events, or annually.


Overview

Finding ID Version Rule ID IA Controls Severity
V-68503 SRG-APP-000477-MFP-000376 SV-82993r1_rule Medium
Description
Unauthorized changes to information can occur due to errors or malicious activity (e.g., tampering). Information includes metadata, such as security attributes associated with information. State-of-the-practice integrity-checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications. Security-relevant events include, for example, the identification of a new threat to which organizational information systems are susceptible and the installation of new hardware, software, or firmware. Transitional states include, for example, system startup, restart, shutdown, and abort. This requirement applies to integrity verification tools that are used to detect unauthorized changes to organization-defined information.
STIG Date
Mainframe Product Security Requirements Guide 2016-04-18

Details

Check Text ( C-69035r1_chk )
If the Mainframe Product has no function or capability for integrity verification, this is not applicable.

Examine installation and configuration settings.

If the Mainframe Product is not configured to perform an integrity check of information as defined in site security plan at startup, at transitional states as defined in site security plan or security-relevant events, or annually, this is a finding.
Fix Text (F-74619r1_fix)
Configure the Mainframe Product to perform integrity check of inform as defined in site security plan at startup, at transitional states as defined in site security plan or security-relevant events, or annually.