5.3: Securely Store Master Images
Store the master images and templates on securely configured servers, validated with integrity monitoring tools, to ensure that only authorized changes to the images are possible.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Applications |
Protect |
2, 3 |
Dependencies
None
Inputs
The list of master images/templates
An available integrity monitoring tool
The inventory of master images mapped to the output of the integrity monitoring tool’s identifying information (such as a hash).
A documented procedure detailing authorizations required for updates to the master images/templates
Operations
Collect the list of master images/templates’ integrity monitoring identifying information (i.e. for each master image, collect the hash).
Determine whether the update procedure documentation exists (M3)
Measures
M1 = Count of master images/templates (from Input 3)
M2 = Count of master images/templates identified by integrity monitoring tools
M3 = 1 if the documented master image update procedure exists; 0 otherwise.
M4 = List of master images/templates identified by integrity monitoring tools
M5 = List of master images/templates unidentified by integrity monitoring tools
M6 = Count of master images/templates unidentified by integrity monitoring tools (M5)
Metrics
Integrity Monitoring Coverage
Metric |
The ratio of master images/templates identified by integrity monitoring tools,
to the total number of images/templates.
|
Calculation |
|
Update Procedures
Metric |
Determine if the documented master image update procedure exists
|
Calculation |
|