File integrity monitoring

File integrity monitoring is an Internal control or Process that performs the act of assuring Integrity of Operating system and Application software files using a verification method between the current file state and the known, good baseline. This comparison method often involves calculating a known Checksum of the operating system or file's original baseline and comparing with the calculated checksum of the current state of the operating system or application file.

Generally, the act of performing File integrity monitoring is automated using internal controls such as an application or process. Such monitoring can be performed randomly, at a defined polling interval, or in real-time.

Contents

Compliance Objectives

Multiple compliance objectives indicate File integrity monitoring as a requirement. Several examples of compliance objectives with the requirement for File integrity monitoring include:

Applications

Many File integrity monitoring applications exist to perform scheduled, polling interval, or real-time scanning.

References

  1. ^ "Payment Card Industry Data Security Standard". PCI Security Council. https://www.pcisecuritystandards.org/documents/pa-dss_v2.pdf. Retrieved 2011-10-11. 
  2. ^ "Sarbanes-Oxley Sections 302 & 404 - A White Paper Proposing Practival, Cost Effective Compliance Strategies". Card Decisions, Inc.. http://www.sec.gov/rules/proposed/s74002/card941503.pdf. Retrieved 2011-10-11. 
  3. ^ "Standard CIP-011-1 - Cyber Security - BES Cyber System Protection". North American Electric Reliability Corporation (NERC). http://www.nerc.com/docs/standards/sar/CIP-011-1_2010May3.pdf. Retrieved 2011-10-11. 
  4. ^ "Department of Defense Instruction". Department of Defense (DOD). http://www.dtic.mil/whs/directives/corres/pdf/850002p.pdf. Retrieved 2011-10-11. 
  5. ^ "Applying NIST SP 800-53 to Industrial Control Systems". National Institute of Standards and Technology (NIST). http://csrc.nist.gov/groups/SMA/fisma/ics/documents/papers/Apply-SP-800-53-ICS-final-22Aug06.pdf. Retrieved 2011-10-11. 
  6. ^ "An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule". National Institute of Standards and Technology. http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf. Retrieved 2011-10-11. 

External Links