Applications utilized for integrity verification must detect unauthorized changes to software and information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35696	SRG-APP-000262-MAPP-NA	SV-46983r1_rule		Medium

Description
Organizations are required to employ integrity verification applications on information systems to look for evidence of information tampering, errors, and omissions. The organization is also required to employ good software engineering practices with regard to commercial off-the-shelf integrity mechanisms (e.g., parity checks, cyclical redundancy checks, and cryptographic hashes) and uses tools to automatically monitor the integrity of the information system and the applications it hosts. Rationale for non-applicability: The MDM SRG addresses integrity verification on mobile devices.

Description

Organizations are required to employ integrity verification applications on information systems to look for evidence of information tampering, errors, and omissions. The organization is also required to employ good software engineering practices with regard to commercial off-the-shelf integrity mechanisms (e.g., parity checks, cyclical redundancy checks, and cryptographic hashes) and uses tools to automatically monitor the integrity of the information system and the applications it hosts. Rationale for non-applicability: The MDM SRG addresses integrity verification on mobile devices.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-44039r1_chk )
This requirement is NA for the MAPP SRG.

Fix Text (F-40239r1_fix)
The requirement is NA. No fix is required.