Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.047 Classify critical files for monitoring

This documents contains the details of the security requirements related to file management in the organization. This requirement establishes the importance of classify critical files and establish tools to monitor them in order to detect any alteration that may result in a security breach.


The critical files must be established for each system in order to follow up its integrity.


Each system has files that are necessary for its operation (master files, setting files, among others), each one of these files must be identified and tracked using tools that permanently monitor the activities carried out on them.


Each system has a file structure that contains information about its configuration and operation, if these files are modified they can alter the execution of the system and for this reason it is important to establish a permanent monitoring of the integrity of these. The monitoring should notify the system administrator of the changes made immediately, and enable a record of the activities carried out.


  1. An incident occurs in which a modification of critical files is identified, however it was not possible to detect in advance by not having a tool that registers the modifications in the compromised files.


  • Layer: Application Layer.

  • Asset: Critical Files.

  • Scope: Integrity.

  • Phase: Operation.

  • Type of Control: Recommendation.


  1. OWASP-ASVS v3.1-1.4 Data considered sensitive in the context of the application is clearly identified.

Service status - Terms of Use