The network device must detect unauthorized changes to software and information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000271-NDM-000183	SRG-NET-000271-NDM-000183	SRG-NET-000271-NDM-000183_rule		Medium

Description
The network device must employ integrity verification tools to detect unauthorized changes to software and firmware used on the network device. Anomalous behavior and unauthorized changes must be detected before the network device is breached or no longer in service. This requirement is usually fulfilled by installing a host-based integrity tool (e.g., HIDS) at the OS level on each device. The integrity software monitors and detects unauthorized changes to the network device application and the OS. However, since many network appliances are unable to run integrity software, other solutions such as periodic scanning or integrity-checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications are also acceptable.

Description

The network device must employ integrity verification tools to detect unauthorized changes to software and firmware used on the network device. Anomalous behavior and unauthorized changes must be detected before the network device is breached or no longer in service. This requirement is usually fulfilled by installing a host-based integrity tool (e.g., HIDS) at the OS level on each device. The integrity software monitors and detects unauthorized changes to the network device application and the OS. However, since many network appliances are unable to run integrity software, other solutions such as periodic scanning or integrity-checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications are also acceptable.

STIG	Date
Network Device Management Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000271-NDM-000183_chk )
If a HIDS is installed at the OS level of the network device, this is not applicable. Verify integrity verification tools to detect unauthorized changes to software and firmware are used to monitor the network device application. If the network device does not detect unauthorized changes to software and information, this is a finding.

Fix Text (F-SRG-NET-000271-NDM-000183_fix)
Configure the network device to detect unauthorized changes to software and information.