myctrl.tools
Compare

SI-7(12)Integrity Verification

>Control Description

Require that the integrity of the following software be verified prior to execution: organization-defined software.

>Supplemental Guidance

Organizations verify the integrity of software prior to execution to reduce the likelihood of executing malicious code or programs that contains errors from unauthorized modifications. Organizations consider the source of the software, ensuring the software and updates come from authorized sources and/or sites, and the practicality of approaches to verifying software integrity, including the availability of trustworthy checksums from software developers and vendors. 

>Related Controls

CM-11
SI-2

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern integrity verification?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?
  • What is your patch management process and timeline?

Technical Implementation:

  • What technical controls detect and respond to integrity verification issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What anti-malware solutions are deployed and how are they configured?
  • How do you ensure timely installation of security-relevant patches?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-7(12) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you show recent malware detection reports and response actions?
  • Can you show recent patch installation records?

Ask AI

Configure your API key to use AI features.