>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-7(17)Software, Firmware, and Information Integrity | Runtime Application Self-protection

IL5
IL6

>Control Description

Implement organization-defined controls for application self-protection at runtime.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Runtime application self-protection employs runtime instrumentation to detect and block the exploitation of software vulnerabilities by taking advantage of information from the software in execution. Runtime exploit prevention differs from traditional perimeter-based protections such as guards and firewalls which can only detect and block attacks by using network information without contextual awareness. Runtime application self-protection technology can reduce the susceptibility of software to attacks by monitoring its inputs and blocking those inputs that could allow attacks.

It can also help protect the runtime environment from unwanted changes and tampering. When a threat is detected, runtime application self-protection technology can prevent exploitation and take other actions (e.g., sending a warning message to the user, terminating the user's session, terminating the application, or sending an alert to organizational personnel). Runtime application self-protection solutions can be deployed in either a monitor or protection mode.

>Related Controls

SI-16

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern runtime application self-protection?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to runtime application self-protection issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What systems and events are monitored for integrity violations?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-7(17) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you provide examples of integrity monitoring alerts and responses?

Ask AI

Configure your API key to use AI features.