An error occurred:

Check: 1.024

Windows 2008 Domain Controller STIG: 1.024 (in versions v6 r47 through v6 r35)

Title

System files are not checked for unauthorized changes. (Cat II impact)

Discussion

Comparing system files against a baseline on a regular basis will detect the possibility of introduction of malicious code on the system.

Check Content

Interview the SA to determine if the site uses a tool to compare system files (*.exe, *.bat, *.com, *.cmd and *.dll) on servers against a baseline, on a weekly basis. Note: A properly configured HBSS Policy Auditor 5.2 or later, File Integrity Monitor (FIM) module will meet the requirement for file integrity checking. The Asset module within HBSS does not meet this requirement.

Fix Text

The site should use a tool to compare system files (*.exe, *.bat, *.com, *.cmd and *.dll) on servers against a baseline, on a weekly basis.

Additional Identifiers

Rule ID: SV-29692r1_rule

Vulnerability ID: V-2907

Group Title: System File Changes

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

Implement the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings