UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Mainframe product must perform an integrity check of all software from vendors/sources that provide cryptographic mechanisms to enable the validation of code authenticity and integrity at startup, at transitional states as defined in site security plan or security-relevant events, or annually.


Overview

Finding ID Version Rule ID IA Controls Severity
V-205594 SRG-APP-000475-MFP-000374 SV-205594r961740_rule Medium
Description
Unauthorized changes to software can occur due to errors or malicious activity (e.g., tampering). Software includes, for example, operating systems (with key internal components such as kernels, drivers), middleware, and applications. State-of-the-practice integrity-checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications. Security-relevant events include, for example, the identification of a new threat to which organizational information systems are susceptible and the installation of new hardware, software, or firmware. Transitional states include, for example, system startup, restart, shutdown, and abort. This requirement applies to integrity verification tools that are used to detect unauthorized changes to organization-defined software.
STIG Date
Mainframe Product Security Requirements Guide 2024-07-02

Details

Check Text ( C-5860r300009_chk )
If the Mainframe Product has no function or capability for integrity verification, this is not applicable.

Examine installation and configuration settings.

If the Mainframe Product is not configured to perform an integrity check of all software from vendors/sources that provide cryptographic mechanisms to enable the validation of code authenticity and integrity at startup, at transitional states as defined in site security plan or security-relevant events, or annually, this is a finding.
Fix Text (F-5860r539615_fix)
Configure the Mainframe Product to perform an integrity check of all software from vendors/sources that provide cryptographic mechanisms to enable the validation of code authenticity and integrity at startup, at transitional states as defined in site security plan or security-relevant events, or annually.