VMware Tanzu Platform for Cloud Foundry Compliance

Tanzu Platform for Cloud Foundry is compliant with this requirement.

The File Integrity Monitoring add-on for Tanzu Platform for Cloud Foundry monitors file integrity for all BOSH-deployed VMs.

By default, all BOSH-deployed VMs run the Linux audit daemon. Operators can edit their BOSH runtime config to customize the audit daemon and other native Linux auditing tools.

Tanzu Platform for Cloud Foundry supports third-party security scanning, either through remote access, or through local installation of a third-party agent on the stemcell as a BOSH add-on.

The Broadcom Support portal provides checksums for all software releases, enabling deployers to check file integrity before deployment.

Control Description

The organization employs integrity verification tools to detect unauthorized changes to [Assignment: organization-defined software, firmware, and information].

Supplemental Guidance

Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity (e.g., tampering). Software includes, for example, operating systems (with key internal components such as kernels, drivers), middleware, and applications. Firmware includes, for example, the Basic Input Output System (BIOS). Information includes metadata such as security attributes associated with information. State-of-the-practice integrity-checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications.