https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47769#M497 Masahiro,<BR /><BR />I use hashing to verify the integrity of whitelisted applications before installation. It ensures users have not downloaded any other unapproved versions of the same application or simply added additional files to the file that could be used to cause chaos later on.<BR /><BR />Angel Q Thu, 07 Oct 2021 01:50:39 GMT Pasuking 2021-10-07T01:50:39Z https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47711#M490 <P>According to the question c06.062 of CCSP Official Practice Tests, file hashes can enhance both operational capabilities and configuration management efforts.</P><P>&nbsp;</P><P>What do you think of the operational capabilities in this case?</P><P>&nbsp;</P><P>Its explanatory note says the following.</P><P>&nbsp;</P><P><FONT color="#808080"><EM>File hashes can serve as integrity checks for both configuration management (to determine which systems are not configured to the baseline) and audit purposes (as artifacts/common builds of systems for audit review).</EM></FONT></P><P>&nbsp;</P><P>It seems the note says the operational capabilities equal to audit capabilities, though.</P> Mon, 09 Oct 2023 09:59:48 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47711#M490 Masahiro 2023-10-09T09:59:48Z https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47727#M493 <P>Conventionally configuration management includes the practice of configuration auditing, which is probably why.</P><P>&nbsp;</P> Mon, 04 Oct 2021 07:43:37 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47727#M493 Steve-Wilme 2021-10-04T07:43:37Z https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47742#M494 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/783051913">@Steve-Wilme</a>&nbsp;wrote:<BR /><P>Conventionally configuration management includes the practice of configuration auditing, which is probably why.</P><P>&nbsp;</P><HR /></BLOCKQUOTE><P>Thank you, Steve.</P><P>&nbsp;</P><P>File hashes reveal integrity of original files. That is one of facets of configuration management. Right?</P><P>&nbsp;</P> Tue, 05 Oct 2021 10:51:32 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47742#M494 Masahiro 2021-10-05T10:51:32Z https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47769#M497 Masahiro,<BR /><BR />I use hashing to verify the integrity of whitelisted applications before installation. It ensures users have not downloaded any other unapproved versions of the same application or simply added additional files to the file that could be used to cause chaos later on.<BR /><BR />Angel Q Thu, 07 Oct 2021 01:50:39 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47769#M497 Pasuking 2021-10-07T01:50:39Z https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47774#M499 Thanks Angel!<BR /> Thu, 07 Oct 2021 10:51:54 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47774#M499 Masahiro 2021-10-07T10:51:54Z https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47821#M506 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/1459503571">@Masahiro</a>If you dig into the NIST SP800-167 Application Whitelisting, it is also used to check the validity of applications permitted into the system.&nbsp;&nbsp; You will also find a few manufacturers such as Juniper who have actually built in both Characterisation and Application Whitelisting into the Junos, for formally checking that software updates come from the correct resource, and also that someone has not manipulated the original updates.</P><P>&nbsp;</P><P>Other solutions such as VMware Carbon Black does a similar series of checks too.</P><P>&nbsp;</P><P>You will find similar techniques vouched and mandated by the Australian Information Security Manual and also by the New Zealand Information Security Manual too.&nbsp; Both are well worth digging through, as they are both online and available for searching purposes.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Sun, 10 Oct 2021 19:50:52 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47821#M506 Caute_cautim 2021-10-10T19:50:52Z https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47865#M507 <P>Thank you for sharing your knowledge with me,&nbsp;<a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/809125741">@Caute_cautim</a>&nbsp;.</P><P>Your reply made me much clearer about operational capabilities which file hashes can enhance.</P><P>Thanks!</P><P>&nbsp;</P><P>Best regards,</P><P>&nbsp;</P> Wed, 13 Oct 2021 08:55:06 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/What-operational-capabilities-file-hashes-can-enhance/m-p/47865#M507 Masahiro 2021-10-13T08:55:06Z