Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system performs an integrity check of [Assignment: organization-defined software, firmware, and information] [FedRAMP Selection (one or more): at startup; at [FedRAMP Assignment: (M)(H) to include security-relevant events]; [FedRAMP Assignment: (M)(H) at least monthly]].
NIST 800-53 (r4) Supplemental Guidance:
Security-relevant events include, for example, the identification of a new threat to which organizational information systems are susceptible, and the installation of new hardware, software, or firmware. Transitional states include, for example, system startup, restart, shutdown, and abort.
NIST 800-53 (r5) Discussion:
Security-relevant events include the identification of new threats to which organizational systems are susceptible and the installation of new hardware, software, or firmware. Transitional states include system startup, restart, shutdown, and abort.
38North Guidance:
Meets Minimum Requirement:
Perform an integrity check of software at startup and during security relevant events and at least monthly.
There is no requirement for automatic correlation or review of the FIM reports (despite FedRAMP's desires that everything should be automated).
Best Practice: None
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Integrity monitoring tool configurations and alerts along with associated response times for specified events.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse