SI-7—Software, Firmware, and Information Integrity

Employ integrity verification tools to detect unauthorized changes to software, firmware, and information systems that contain or process CJI; and

Take the following actions when unauthorized changes to the software, firmware, and information are detected: notify organizational personnel responsible for software, firmware, and/or information integrity and implement incident response procedures as appropriate.