SI-7 Software, Firmware, and Information Integrity (M) (H)

This page is classified as INTERNAL.

NIST 800-53 (r4) Control:

The organization employs integrity verification tools to detect unauthorized changes to [Assignment: organization-defined software, firmware, and information].

NIST 800-53 (r4) Supplemental Guidance:

Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity (e.g., tampering). Software includes, for example, operating systems (with key internal components such as kernels, drivers), middleware, and applications. Firmware includes, for example, the Basic Input Output System (BIOS). Information includes metadata such as security attributes associated with information. State-of-the-practice integrity- checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications. Related controls: SA-12, SC-8, SC-13, SI-3.

References: NIST Special Publications 800-147, 800-155.

NIST 800-53 (r5) Discussion:

Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity. Software includes operating systems (with key internal components, such as kernels or drivers), middleware, and applications. Firmware interfaces include Unified Extensible Firmware Interface (UEFI) and Basic Input/Output System (BIOS). Information includes personally identifiable information and metadata that contains security and privacy attributes associated with information. Integrity-checking mechanisms—including parity checks, cyclical redundancy checks, cryptographic hashes, and associated tools—can automatically monitor the integrity of systems and hosted applications.

38North Guidance:

Meets Minimum Requirement:

Employ integrity-checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated integrity verification tools (e.g., Tripwire, SolarWinds) to detect unauthorized changes to system software, firmware, and information.

Best Practice: None

Unofficial FedRAMP Guidance: None

Assessment Evidence:

Integrity monitoring tool configurations and alerts along with associated response times for specified events.

CSP Implementation Tips: None

Page updated

Report abuse