SA-18 — Tamper Resistance and Detection

For systems that require high assurance, implement tamper resistance (making tampering difficult) and tamper detection (detecting when tampering has occurred). This applies to both hardware and software.

Example 1: Deploy hardware security modules (HSMs) for cryptographic key storage. HSMs are designed with tamper-resistant enclosures that destroy the keys if physical tampering is detected. This protects your most sensitive cryptographic material even if an attacker gains physical access.

Example 2: Implement file integrity monitoring (FIM) using tools like OSSEC, Tripwire, or Microsoft Defender for Endpoint to detect unauthorized changes to critical system files, configuration files, and application binaries. When a change is detected outside of an approved change window, generate an immediate alert.