CCI-002699

Install AIDE

Configure Periodic Execution of AIDE

Configure Notification of Post-AIDE Scan Details

The application must perform verification of the correct operation of security functions: upon system startup and/or restart; upon command by a user with privileged access; and/or every 30 days.

The DNS server implementation must perform verification of the correct operation of security functions: upon system start-up and/or restart; upon command by a user with privileged access; and/or every 30 days.

The MaaS360 MDM Agent must provide an alert via the trusted channel to the MDM server for the following event: change in enrollment state.

The Mainframe Product must perform verification of the correct operation of security functions upon system startup and/or restart; upon command by a user with privileged access; and/or every 30 days.

The Windows 2012 DNS Server must log the event and notify the system administrator when anomalies in the operation of the signed zone transfers are discovered.

Nutanix AOS must be configured to use SELinux Enforcing mode.

Configuration of Prisma Cloud Compute must be continuously verified.

The UEM server must run a suite of self-tests during initial start-up (power on) to demonstrate correct operation of the server.

The macOS system must ensure secure boot level set to full.

The Ubuntu operating system must be configured so that a file integrity tool verifies the correct operation of security functions every 30 days.

The Ubuntu operating system must be configured so that the script which runs each 30 days or less to check file integrity is the default one.

The container platform must perform verification of the correct operation of security functions: upon system startup and/or restart; upon command by a user with privileged access; and/or every 30 days. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.

The operating system must perform verification of the correct operation of security functions: upon system start-up and/or restart; upon command by a user with privileged access; and/or every 30 days.

The Oracle Linux operating system must be configured so that a file integrity tool verifies the baseline operating system configuration at least weekly.

The OL 8 file integrity tool must notify the System Administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency.

OpenShift must perform verification of the correct operation of security functions: upon startup and/or restart; upon command by a user with privileged access; and/or every 30 days.

Advanced Intrusion Detection Environment (AIDE) must verify the baseline SUSE operating system configuration at least weekly.

RHEL 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered.

The VMM must perform verification of the correct operation of security functions: upon system startup and/or restart; upon command by a user with privileged access; and/or every 30 days.

The ESXi host must implement Secure Boot enforcement.

The Photon operating system must have the auditd service running.

The Photon operating system must enable the auditd service.

The Windows DNS Server must verify the correct operation of security functions upon startup and/or restart, upon command by a user with privileged access, and/or every 30 days.

The Windows DNS Server must verify the correct operation of security functions upon system startup and/or restart, upon command by a user with privileged access, and/or every 30 days.

Configure Systemd Timer Execution of AIDE

The macOS system must ensure Secure Boot level is set to "full".

Ubuntu 22.04 LTS must be configured so that the script that runs each 30 days or less to check file integrity is the default.

MKE must be configured to integrate with an Enterprise Identity Provider.

Advanced Intrusion Detection Environment (AIDE) must verify the baseline SLEM 5 configuration at least weekly.

The TOSS file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency.