SI-7(5)—Software, Firmware, and Information Integrity | Automated Response to Integrity Violations

IL4 High

IL5

IL6

>Control Description

Automatically [Selection (one or more): shut the system down; restart the system; implement ⚙organization-defined controls] when integrity violations are discovered.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Organizations may define different integrity-checking responses by type of information, specific information, or a combination of both. Types of information include firmware, software, and user data. Specific information includes boot firmware for certain types of machines.

The automatic implementation of controls within organizational systems includes reversing the changes, halting the system, or triggering audit alerts when unauthorized modifications to critical security files occur.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

•What policies and procedures govern automated response to integrity violations?
•Who is responsible for monitoring system and information integrity?
•How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

•What technical controls detect and respond to automated response to integrity violations issues?
•How are integrity violations identified and reported?
•What automated tools support system and information integrity monitoring?

Evidence & Documentation:

•Can you provide recent integrity monitoring reports or alerts?
•What logs demonstrate that SI-7(5) is actively implemented?
•Where is evidence of integrity monitoring maintained and for how long?

Ask AI

Configure your API key to use AI features.