STIGQter: STIG Summary: Microsoft Windows Server 2012/2012 R2 Member Server Security Technical Implementation Guide Version: 3 Release: 2 Benchmark Date: 04 May 2021:

System files must be monitored for unauthorized changes.

DISA Rule

SV-225428r569268_rule

Vulnerability Number

V-225428

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

WN12-GE-000017

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Monitor system files (e.g., *.exe, *.bat, *.com, *.cmd, and *.dll) on servers for unauthorized changes against a baseline on a weekly basis. This can be done with the use of various monitoring tools.

Check Contents

Determine whether the site monitors system files (e.g., *.exe, *.bat, *.com, *.cmd, and *.dll) on servers for unauthorized changes against a baseline on a weekly basis. If system files are not monitored for unauthorized changes, this is a finding.

A properly configured and approved DoD HBSS solution that supports a File Integrity Monitor (FIM) module will meet the requirement for file integrity checking.

Vulnerability Number

V-225428

Documentable

False

Rule Version

WN12-GE-000017

Severity Override Guidance

Determine whether the site monitors system files (e.g., *.exe, *.bat, *.com, *.cmd, and *.dll) on servers for unauthorized changes against a baseline on a weekly basis. If system files are not monitored for unauthorized changes, this is a finding.

A properly configured and approved DoD HBSS solution that supports a File Integrity Monitor (FIM) module will meet the requirement for file integrity checking.

Check Content Reference

M

Target Key

4214

Comments