diff --git a/db/tests.db b/db/tests.db
index 44a9a410..3fc66b9a 100644
--- a/db/tests.db
+++ b/db/tests.db
@@ -136,6 +136,8 @@ FINT-4334:test:security:file_integrity::Check lfd daemon status:
 FINT-4336:test:security:file_integrity::Check lfd configuration status:
 FINT-4338:test:security:file_integrity::osqueryd syscheck daemon running:
 FINT-4339:test:security:file_integrity:Linux:Check IMA/EVM Status
+FINT-4340:test:security:file_integrity:Linux:Check dm-integrity status
+FINT-4341:test:security:file_integrity:Linux:Check dm-verity status
 FINT-4350:test:security:file_integrity::File integrity software installed:
 FINT-4402:test:security:file_integrity::Checksums (SHA256 or SHA512):
 FIRE-4502:test:security:firewalls:Linux:Check iptables kernel module:
diff --git a/include/binaries b/include/binaries
index b538eb56..bae053d2 100644
--- a/include/binaries
+++ b/include/binaries
@@ -176,6 +176,7 @@
                             httpd2-prefork)         HTTPDBINARY=${BINARY};             LogText "  Found known binary: apache2 (web server) - ${BINARY}" ;;
                             initctl)                INITCTLBINARY=${BINARY};           SERVICE_MANAGER="upstart";  LogText "  Found known binary: initctl (client to upstart init) - ${BINARY}" ;;
                             ifconfig)               IFCONFIGBINARY="${BINARY}";        LogText "  Found known binary: ipconfig (IP configuration) - ${BINARY}" ;;
+                            integritysetup)         INTEGRITYSETUPBINARY="${BINARY}";  LogText "  Found known binary: integritysetup (dm-integrity setup tool) - ${BINARY}" ;;
                             ip)                     IPBINARY="${BINARY}";              LogText "  Found known binary: ip (IP configuration) - ${BINARY}" ;;
                             ipf)                    IPFBINARY="${BINARY}";             LogText "  Found known binary: ipf (firewall) - ${BINARY}" ;;
                             iptables)               IPTABLESBINARY="${BINARY}";        LogText "  Found known binary: iptables (firewall) - ${BINARY}" ;;
@@ -282,6 +283,7 @@
                             uname)                  UNAMEBINARY="${BINARY}";           LogText "  Found known binary: uname (operating system details) - ${BINARY}" ;;
                             uniq)                   UNIQBINARY="${BINARY}";            LogText "  Found known binary: uniq (text manipulation utility) - ${BINARY}";;
                             usbguard)               USBGUARDBINARY="${BINARY}";        LogText "  Found known binary: usbguard (USB security tool) - ${BINARY}" ;;
+                            veritysetup)            VERITYSETUPBINARY="${BINARY}";     LogText "  Found known binary: veritysetup (dm-verity setup tool) - ${BINARY}" ;;
                             vgdisplay)              VGDISPLAYBINARY="${BINARY}";       LogText "  Found known binary: vgdisplay (LVM tool) - ${BINARY}" ;;
                             vmtoolsd)               VMWARETOOLSDBINARY="${BINARY}";    LogText "  Found known binary: vmtoolsd (VMWare tools) - ${BINARY}" ;;
                             wc)                     WCBINARY="${BINARY}";              LogText "  Found known binary: wc (word count) - ${BINARY}" ;;
diff --git a/include/tests_file_integrity b/include/tests_file_integrity
index a387c248..dc32411d 100644
--- a/include/tests_file_integrity
+++ b/include/tests_file_integrity
@@ -319,6 +319,85 @@
     fi
 #
 #################################################################################
+#
+    # Test        : FINT-4340
+    # Description : Check dm-integrity status
+    if [ ! -z "${INTEGRITYSETUPBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; SKIPREASON="No integritysetup binary found"; fi
+    Register --test-no FINT-4340 --os Linux --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check dm-integrity status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        ROOTPROTECTED=0
+	ROOTDEVICE=$(${MOUNTBINARY} | ${AWKBINARY} '/ on \/ type / { print $1 }')
+	for DEVICE in /dev/mapper/*; do
+	    if [ -e "${DEVICE}" ]; then
+		FIND=$(${INTEGRITYSETUPBINARY} status "${DEVICE}" | ${EGREPBINARY} 'type:.*INTEGRITY')
+		if [ ! -z "${FIND}" ]; then
+		    FOUND=1
+		    LogText "Result: found dm-integrity device ${DEVICE}"
+		    if [ "${DEVICE}" = "${ROOTDEVICE}" ]; then
+			ROOTPROTECTED=1
+		    fi
+		fi
+	    fi
+	done
+        if [ "${FOUND}" -ne 1 ]; then
+            LogText "Result: dm-integrity tools found but no active devices"
+            Display --indent 2 --text "- dm-integrity (status)" --result "${STATUS_DISABLED}" --color WHITE
+        else
+            LogText "Result: dm-integrity tools found, active devices"
+	    if [ ${ROOTPROTECTED} -eq 1 ]; then
+		LogText "Result: root filesystem is protected by dm-integrity"
+		Display --indent 2 --text "- dm-integrity (status)" --result "${STATUS_ENABLED}" --color GREEN
+	    else
+		LogText "Result: root filesystem is not protected by dm-integrity but active devices found"
+		Display --indent 2 --text "- dm-integrity (status)" --result "${STATUS_FOUND}" --color YELLOW
+	    fi
+            FILE_INT_TOOL="dm-integrity"
+            FILE_INT_TOOL_FOUND=1
+            Display --indent 2 --text "- dm-integrity (status)" --result "${STATUS_ENABLED}" --color GREEN
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FINT-4341
+    # Description : Check dm-verity status
+    if [ ! -z "${VERITYSETUPBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; SKIPREASON="No veritysetup binary found"; fi
+    Register --test-no FINT-4341 --os Linux --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check dm-verity status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        ROOTPROTECTED=0
+	ROOTDEVICE=$(${MOUNTBINARY} | ${AWKBINARY} '/ on \/ type / { print $1 }')
+	for DEVICE in /dev/mapper/*; do
+	    if [ -e "${DEVICE}" ]; then
+		FIND=$(${VERITYSETUPBINARY} status "${DEVICE}" | ${EGREPBINARY} 'type:.*VERITY')
+		if [ ! -z "${FIND}" ]; then
+		    FOUND=1
+		    LogText "Result: found dm-verity device ${DEVICE}"
+		    if [ "${DEVICE}" = "${ROOTDEVICE}" ]; then
+			ROOTPROTECTED=1
+		    fi
+		fi
+	    fi
+	done
+        if [ "${FOUND}" -ne 1 ]; then
+            LogText "Result: dm-verity tools found but no active devices"
+            Display --indent 2 --text "- dm-verity (status)" --result "${STATUS_DISABLED}" --color WHITE
+        else
+            LogText "Result: dm-verity tools found, active devices"
+	    if [ ${ROOTPROTECTED} -eq 1 ]; then
+		LogText "Result: root filesystem is protected by dm-verity"
+		Display --indent 2 --text "- dm-verity (status)" --result "${STATUS_ENABLED}" --color GREEN
+	    else
+		LogText "Result: root filesystem is not protected by dm-verity but active devices found"
+		Display --indent 2 --text "- dm-verity (status)" --result "${STATUS_FOUND}" --color YELLOW
+	    fi
+            FILE_INT_TOOL="dm-verity"
+            FILE_INT_TOOL_FOUND=1
+        fi
+    fi
+#
+#################################################################################
 #
     # Test        : FINT-4402 (was FINT-4316)
     # Description : Check if AIDE is configured to use SHA256 or SHA512 checksums