STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SI-6 — Security and Privacy Function Verification

CCI-002702

Definition

Shut the system down, restart the system, and/or initiate organization-defined alternative action(s) when anomalies in the operation of the organization-defined security functions are discovered.

Parent Control

SI-6Security and Privacy Function VerificationSystem and Information Integrity

Linked STIG Checks (42)

V-274025CAT IIAmazon Linux 2023 must routinely check the baseline configuration for unauthorized changes and notify the system administrator (SA) when anomalies in the operation of any security functions are discovered.Amazon Linux 2023 Security Technical Implementation Guide V-268153CAT IINixOS must notify designated personnel if baseline configurations are changed in an unauthorized manner.Anduril NixOS Security Technical Implementation Guide V-268568CAT IIThe macOS system must ensure Secure Boot level is set to "full".Apple macOS 15 (Sequoia) Security Technical Implementation Guide V-277178CAT IIThe macOS system must ensure Secure Boot level is set to "full".Apple macOS 26 (Tahoe) Security Technical Implementation Guide V-272632CAT IICylanceON-PREM must be configured to support integration with a third-party Security Information and Event Management (SIEM) to support notifications.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-272418CAT IIIn the event of an error when validating the binding of other DNS servers' identity to the BIND 9.x information, when anomalies in the operation of the signed zone transfers are discovered, for the success and failure of start and stop of the name server service or daemon, and for the success and failure of all name server events, a BIND 9.x server implementation must generate a log entry.BIND 9.x Security Technical Implementation Guide V-219338CAT IIThe Ubuntu operating system must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered.Canonical Ubuntu 18.04 LTS Security Technical Implementation Guide V-238372CAT IIThe Ubuntu operating system must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the System Administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered.Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide V-260584CAT IIUbuntu 22.04 LTS must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered.Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide V-270652CAT IIUbuntu 24.04 LTS must notify designated personnel if baseline configurations are changed in an unauthorized manner. The file integrity tool must notify the system administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered.Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide V-269457CAT IIAlmaLinux OS 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered.Cloud Linux AlmaLinux OS 9 Security Technical Implementation Guide V-233244CAT IIThe container platform must provide system notifications to the system administrator and operational staff when anomalies in the operation of the organization-defined security functions are discovered.Container Platform Security Requirements Guide V-205223CAT IIThe DNS server implementation must log the event and notify the system administrator when anomalies in the operation of the signed zone transfers are discovered.Domain Name System (DNS) Security Requirements Guide V-279967CAT IIThe DNS server implementation must, when a component failure is detected, activate a notification to the system administrator.Domain Name System (DNS) Security Requirements Guide V-279968CAT IIIn the event of an error when validating the binding of another DNS servers identity to the DNS information, the DNS server implementation must log the event and send notification to the DNS administrator.Domain Name System (DNS) Security Requirements Guide V-279969CAT IIThe DNS server implementation must follow procedures to re-role a secondary name server as the master name server should the master name server permanently lose functionality.Domain Name System (DNS) Security Requirements Guide V-203758CAT IIThe operating system must shut down the information system, restart the information system, and/or notify the system administrator when anomalies in the operation of any security functions are discovered.General Purpose Operating System Security Requirements Guide V-223582CAT IIIBM z/OS system administrator must develop a procedure to shut down the information system, restart the information system, and/or notify the system administrator when anomalies in the operation of any security functions are discovered.IBM z/OS ACF2 Security Technical Implementation Guide V-223804CAT IIIBM z/OS must shut down the information system, restart the information system, and/or notify the system administrator when anomalies in the operation of any security functions are discovered.IBM z/OS RACF Security Technical Implementation Guide V-224041CAT IIIBM z/OS system administrator must develop a procedure to shut down the information system, restart the information system, and/or notify the system administrator when anomalies in the operation of any security functions are discovered.IBM z/OS TSS Security Technical Implementation Guide V-214200CAT IIThe DNS server implementation must log the event and notify the system administrator when anomalies in the operation of the signed zone transfers are discovered.Infoblox 7.x DNS Security Technical Implementation Guide V-233928CAT IIThe Infoblox DNS service member implementation must log the event and notify the system administrator when anomalies in the operation of the signed zone transfers are discovered.Infoblox 8.x DNS Security Technical Implementation Guide V-205593CAT IIThe Mainframe Product must either shut down, restart, and/or notify the appropriate personnel when anomalies in the operation of the security functions as defined in site security plan are discovered.Mainframe Product Security Requirements Guide V-259408CAT IIThe Windows DNS Server must log the event and notify the system administrator when anomalies in the operation of the signed zone transfers are discovered.Microsoft Windows Server Domain Name System (DNS) Security Technical Implementation Guide V-260915CAT IIMKE must be configured to send audit data to a centralized log server.Mirantis Kubernetes Engine Security Technical Implementation Guide V-254237CAT IINutanix AOS must be configured to use SELinux Enforcing mode.Nutanix AOS 5.20.x OS Security Technical Implementation Guide V-279565CAT IINutanix OS must have the audit.x86_64 package installed.Nutanix Acropolis GPOS Security Technical Implementation Guide V-248573CAT IIThe OL 8 file integrity tool must notify the system administrator (SA) when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency.Oracle Linux 8 Security Technical Implementation Guide V-271497CAT IIOL 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator (SA) when anomalies in the operation of any security functions are discovered.Oracle Linux 9 Security Technical Implementation Guide V-253530CAT IIPrisma Cloud Compute must be configured to send events to the hosts' syslog.Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-280980CAT IIRHEL 10 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered.Red Hat Enterprise Linux 10 Security Technical Implementation Guide V-258135CAT IIRHEL 9 must routinely check the baseline configuration for unauthorized changes and notify the system administrator when anomalies in the operation of any security functions are discovered.Red Hat Enterprise Linux 9 Security Technical Implementation Guide V-257559CAT IIOpenShift must configure Alert Manger Receivers to notify SA and ISSO of all audit failure events requiring real-time alerts.Red Hat OpenShift Container Platform 4.x Security Technical Implementation Guide V-275671CAT IIUbuntu OS must notify designated personnel if baseline configurations are changed in an unauthorized manner.Riverbed NetIM OS Security Technical Implementation Guide V-261408CAT IISLEM 5 must notify the system administrator (SA) when Advanced Intrusion Detection Environment (AIDE) discovers anomalies in the operation of any security functions.SUSE Linux Enterprise Micro (SLEM) 5 Security Technical Implementation Guide V-217149CAT IIThe SUSE operating system must notify the System Administrator (SA) when AIDE discovers anomalies in the operation of any security functions.SUSE Linux Enterprise Server 12 Security Technical Implementation Guide V-241187CAT IITrend Deep Security must notify the system administrator when anomalies in the operation of the security functions are discovered.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-252929CAT IIThe TOSS file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency.Tri-Lab Operating System Stack (TOSS) 4 Security Technical Implementation Guide V-282580CAT IITOSS 5 must routinely check the baseline configuration for unauthorized changes and notify the system administrator (SA) when anomalies in the operation of any security functions are discovered.Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide V-234624CAT IIThe UEM server must alert the system administrator when anomalies in the operation of security functions are discovered.Unified Endpoint Management Server Security Requirements Guide V-239616CAT IIThe SLES for vRealize must shut down the information system, restart the information system, and/or notify the system administrator when anomalies in the operation of any security functions are discovered.VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide V-207508CAT IIThe VMM must shut down, restart, and/or notify the system administrator when anomalies in the operation of any security functions are discovered.Virtual Machine Manager Security Requirements Guide