History

Priority

should

2010

Agencies should:• characterise all servers whose functions are critical, and those identified as being at a high risk ofcompromise• store the characterisation information securely off the server in a manner that maintains integrity• update the characterisation information after every legitimate change to a system• as part of the audit schedule, compare the stored characterisation information against currentcharacterisation information to determine whether a compromise, or a legitimate but incorrectlycompleted system modification, has occurred• perform the characterisation from a trusted environment rather than the standard operating systemwherever possible• resolve any detected changes in accordance with cyber security incident management procedures.

2008

Agencies should: a. characterise all servers whose functions are critical to the agency, and those identified as being at a high risk of compromise b. store the characterisation information securely off the server in a manner that maintains integrity c. update the characterisation information after every legitimate change to a system d. as part of the agency’s ongoing audit schedule, compare the stored characterisation information against current characterisation information to determine whether a compromise, or a legitimate but incorrectly completed system modification, has occurred e. perform the characterisation from a trusted environment rather than the standard operating system wherever possible f. resolve any detected changes in accordance with the agency’s information and communications technology (ICT) security incident management procedures.