Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system automatically [Selection (one or more): shuts the information system down; restarts the information system; implements [Assignment: organization-defined security safeguards]] when integrity violations are discovered.
NIST 800-53 (r4) Supplemental Guidance:
Organizations may define different integrity checking and anomaly responses: (i) by type of information (e.g., firmware, software, user data); (ii) by specific information (e.g., boot firmware, boot firmware for a specific types of machines); or (iii) a combination of both. Automatic implementation of specific safeguards within organizational information systems includes, for example, reversing the changes, halting the information system, or triggering audit alerts when unauthorized modifications to critical security files occur.
NIST 800-53 (r5) Discussion:
Organizations may define different integrity-checking responses by type of information, specific information, or a combination of both. Types of information include firmware, software, and user data. Specific information includes boot firmware for certain types of machines. The automatic implementation of controls within organizational systems includes reversing the changes, halting the system, or triggering audit alerts when unauthorized modifications to critical security files occur.
38North Guidance:
Meets Minimum Requirement:
When integrity violations are discovered, automatically shut down, restart, and/or implement security safeguards.
Best Practice: None
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Integrity monitoring tool configurations and alerts
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse