Manage the integrity of critical files
Summary
The system must verify and log changes in the integrity of critical system files.
Description
empty
Supported In
This requirement is verified in following services
| Plan | Supported |
|---|---|
| Machine | 🔴 |
| Squad | 🟢 |
References
- CAPEC™-13. Subverting environment variable values
- CAPEC™-23. File content injection
- CAPEC™-35. Leverage executable code in non-executable files
- CAPEC™-38. Leveraging/Manipulating configuration file search paths
- CAPEC™-154. Resource location spoofing
- CAPEC™-176. Configuration/Environment manipulation
- OWASP TOP 10-A9. Security logging and monitoring failures
- OWASP-M TOP 10-M2. Insecure data storage
- NIST Framework-PR_DS-6. Integrity checking mechanisms are used to verify software, firmware and information integrity
- CERT-J-FIO00-J. Do not operate on files in shared directories
- NY SHIELD Act-5575_B_6. Personal and private information
- MITRE ATT&CK®-M1025. Privileged process integrity
- PA-DSS-4_2_2. Actions taken by any individual with root or administrative privileges
- PA-DSS-4_2_6. Initialization, stopping, or pausing of the application audit logs
- PDPA-9B_48E. Improper use of personal data
- ISA/IEC 62443-SI-3_1. Communication integrity
- NIST SSDF-PS_2_1. Provide a mechanism for verifying software release integrity
- NIST SSDF-PS_3_1. Archive and protect each software release
- ISSAF-Y_3_4. Database Security - Database services countermeasures
- OWASP API Security Top 10-API10. Insufficient Logging & Monitoring
- HITRUST CSF-09_ac. Protection of log information
- HITRUST CSF-09_ad. Administrator and operator logs
- CASA-8_1_6. General Data Protection
Vulnerabilities
free trial
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.