home || catalog: SP800-53rev3 / class: Operational / family: (SI) System and Information Integrity ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA
SC
SI

SI-01
SI-02
SI-03
SI-04
SI-05
SI-06
SI-07 *
SI-08
SI-09
SI-10
SI-11
SI-12
SI-13
MMMMM

  SI-07: Software and Information Integrity  

base control objective:
The information system detects unauthorized changes to software and information.

supplemental objective information:
The organization employs integrity verification applications on the information system to look for evidence of information tampering, errors, and omissions. The organization employs good software engineering practices with regard to commercial off-the-shelf integrity mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and uses tools to automatically monitor the integrity of the information system and the applications it hosts.

enhancements to the base objective:

(1) The organization reassesses the integrity of software and information by performing [Assignment: organization-defined frequency] integrity scans of the information system.

(2) The organization employs automated tools that provide notification to designated individuals upon discovering discrepancies during integrity verification.

(3) The organization employs centrally managed integrity verification tools.

(4) The organization requires use of tamper evident packaging for [Assignment: organization-defined information system components] during [Selection: transportation from vendor to operational site; during operation; both].

mapping to FIPS199 baseline:

  LOW: null     MOD: base (1)     HIGH: base (1) (2)  

related (regimented) controls:

None.

documents referenced in SP800-53rev3 for SI-07:

Document Date Status Title
NIST SP800-19 October, 1999 current   Mobile Agent Security
NIST SP800-44 September 2002 current   Guidelines on Securing Public Web Servers
NIST SP800-57, part1 August, 2005 current   Recommendation for Key Management, part 1
NIST SP800-57, part2 August, 2005 current   Recommendation for Key Management, part 2
NIST SP800-66 October, 2008 current   An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
NIST SP800-94 August, 2006 DRAFT   Guide to Intrusion Detection and Prevention Systems (IDPS)

Search SP800-53rev3 catalog: