compliance controls are associated with this Policy definition 'Employ automatic shutdown/restart when violations are detected' (1b8a7ec3-11cc-a2d3-8cd0-eedf074424a4)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
SI-7(5) |
FedRAMP_High_R4_SI-7(5) |
FedRAMP High SI-7 (5) |
System And Information Integrity |
Automated Response To Integrity Violations |
Shared |
n/a |
The information system automatically [Selection (one or more): shuts the information system down; restarts the information system; implements [Assignment: organization-defined security safeguards]] when integrity violations are discovered.
Supplemental Guidance: Organizations may define different integrity checking and anomaly responses: (i) by type of information (e.g., firmware, software, user data); (ii) by specific information (e.g., boot firmware, boot firmware for a specific types of machines); or (iii) a combination of both. Automatic implementation of specific safeguards within organizational information systems includes, for example, reversing the changes, halting the information system, or triggering audit alerts when unauthorized modifications to critical security files occur. |
link |
1 |
| hipaa |
0209.09m3Organizational.7-09.m |
hipaa-0209.09m3Organizational.7-09.m |
0209.09m3Organizational.7-09.m |
02 Endpoint Protection |
0209.09m3Organizational.7-09.m 09.06 Network Security Management |
Shared |
n/a |
File sharing is disabled on wireless-enabled devices. |
|
6 |
| hipaa |
0626.10h1System.3-10.h |
hipaa-0626.10h1System.3-10.h |
0626.10h1System.3-10.h |
06 Configuration Management |
0626.10h1System.3-10.h 10.04 Security of System Files |
Shared |
n/a |
Operational systems only hold approved programs or executable code. |
|
3 |
| hipaa |
0628.10h1System.6-10.h |
hipaa-0628.10h1System.6-10.h |
0628.10h1System.6-10.h |
06 Configuration Management |
0628.10h1System.6-10.h 10.04 Security of System Files |
Shared |
n/a |
If systems or system components in production are no longer supported by the developer, vendor, or manufacturer, the organization is able to provide evidence of a formal migration plan approved by management to replace the system or system components. |
|
4 |
| hipaa |
0663.10h1System.7-10.h |
hipaa-0663.10h1System.7-10.h |
0663.10h1System.7-10.h |
06 Configuration Management |
0663.10h1System.7-10.h 10.04 Security of System Files |
Shared |
n/a |
The operating system has in place supporting technical controls such as antivirus, file integrity monitoring, host-based (personal) firewalls or port filtering tools, and logging as part of its baseline. |
|
16 |
| hipaa |
0672.10k3System.5-10.k |
hipaa-0672.10k3System.5-10.k |
0672.10k3System.5-10.k |
06 Configuration Management |
0672.10k3System.5-10.k 10.05 Security In Development and Support Processes |
Shared |
n/a |
The integrity of all virtual machine images is ensured at all times by (i) logging and raising an alert for any changes made to virtual machine images, and (ii) making available to the business owner(s) and/or customer(s) through electronic methods (e.g., portals or alerts) the results of a change or move and the subsequent validation of the image's integrity. |
|
12 |
| hipaa |
0869.09m3Organizational.19-09.m |
hipaa-0869.09m3Organizational.19-09.m |
0869.09m3Organizational.19-09.m |
08 Network Protection |
0869.09m3Organizational.19-09.m 09.06 Network Security Management |
Shared |
n/a |
The router configuration files are secured and synchronized. |
|
11 |
| hipaa |
1206.09aa2System.23-09.aa |
hipaa-1206.09aa2System.23-09.aa |
1206.09aa2System.23-09.aa |
12 Audit Logging & Monitoring |
1206.09aa2System.23-09.aa 09.10 Monitoring |
Shared |
n/a |
Auditing is always available while the system is active and tracks key events, success/failed data access, system security configuration changes, privileged or utility use, any alarms raised, activation and de-activation of protection systems (e.g., A/V and IDS), activation and deactivation of identification and authentication mechanisms, and creation and deletion of system-level objects. |
|
6 |
| NIST_SP_800-53_R4 |
SI-7(5) |
NIST_SP_800-53_R4_SI-7(5) |
NIST SP 800-53 Rev. 4 SI-7 (5) |
System And Information Integrity |
Automated Response To Integrity Violations |
Shared |
n/a |
The information system automatically [Selection (one or more): shuts the information system down; restarts the information system; implements [Assignment: organization-defined security safeguards]] when integrity violations are discovered.
Supplemental Guidance: Organizations may define different integrity checking and anomaly responses: (i) by type of information (e.g., firmware, software, user data); (ii) by specific information (e.g., boot firmware, boot firmware for a specific types of machines); or (iii) a combination of both. Automatic implementation of specific safeguards within organizational information systems includes, for example, reversing the changes, halting the information system, or triggering audit alerts when unauthorized modifications to critical security files occur. |
link |
1 |
| NIST_SP_800-53_R5 |
SI-7(5) |
NIST_SP_800-53_R5_SI-7(5) |
NIST SP 800-53 Rev. 5 SI-7 (5) |
System and Information Integrity |
Automated Response to Integrity Violations |
Shared |
n/a |
Automatically [Selection (OneOrMore): shut the system down;restart the system;implement [Assignment: organization-defined controls] ] when integrity violations are discovered. |
link |
1 |
| PCI_DSS_v4.0 |
11.5.2 |
PCI_DSS_v4.0_11.5.2 |
PCI DSS v4.0 11.5.2 |
Requirement 11: Test Security of Systems and Networks Regularly |
Network intrusions and unexpected file changes are detected and responded to |
Shared |
n/a |
A change-detection mechanism (for example, file integrity monitoring tools) is deployed as follows:
• To alert personnel to unauthorized modification (including changes, additions, and deletions) of critical files
• To perform critical file comparisons at least once weekly. |
link |
4 |
| PCI_DSS_v4.0 |
11.6.1 |
PCI_DSS_v4.0_11.6.1 |
PCI DSS v4.0 11.6.1 |
Requirement 11: Test Security of Systems and Networks Regularly |
Unauthorized changes on payment pages are detected and responded to |
Shared |
n/a |
A change- and tamper-detection mechanism is deployed as follows:
• To alert personnel to unauthorized modification (including indicators of compromise, changes, additions, and deletions) to the HTTP headers and the contents of payment pages as received by the consumer browser.
• The mechanism is configured to evaluate the received HTTP header and payment page.
• The mechanism functions are performed as follows:
– At least once every seven days
OR
– Periodically (at the frequency defined in the entity’s targeted risk analysis, which is performed according to all elements specified in Requirement 12.3.1). |
link |
3 |
| SWIFT_CSCF_v2022 |
6.2 |
SWIFT_CSCF_v2022_6.2 |
SWIFT CSCF v2022 6.2 |
6. Detect Anomalous Activity to Systems or Transaction Records |
Ensure the software integrity of the SWIFT-related components and act upon results. |
Shared |
n/a |
A software integrity check is performed at regular intervals on messaging interface, communication interface, and other SWIFT-related components and results are considered for appropriate resolving actions. |
link |
6 |