NIST 800-53

Successfully loaded 424 controls.

Loading control baselines...

Filter Controls by Baseline:

Low

Moderate

High

Privacy

Total Controls: 424 Low: 149 Moderate: 287 High: 370 Privacy: 102

Baseline Files Loaded:

LOW: low.json (Successfully loaded)
MODERATE: moderate.json (Successfully loaded)
HIGH: high.json (Successfully loaded)
PRIVACY: privacy.json (Successfully loaded)

► SI-07 - Software, Firmware, and Information Integrity

System and Information Integrity

moderate high

Baseline Information

Present in Baselines: Moderate High

Description

a.: Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information: {{ insert: param, si-7_prm_1 }} ; and
b.: Take the following actions when unauthorized changes to the software, firmware, and information are detected: {{ insert: param, si-7_prm_2 }}.

Parameters

ID: si-7_prm_1
Label: organization-defined software, firmware, and information

ID: si-7_prm_2
Label: organization-defined actions

ID: si-07_odp.01
Label: software
Guidelines:

software requiring integrity verification tools to be employed to detect unauthorized changes is defined;

ID: si-07_odp.02
Label: firmware
Guidelines:

firmware requiring integrity verification tools to be employed to detect unauthorized changes is defined;

ID: si-07_odp.03
Label: information
Guidelines:

information requiring integrity verification tools to be employed to detect unauthorized changes is defined;

ID: si-07_odp.04
Label: actions
Guidelines:

actions to be taken when unauthorized changes to software are detected are defined;

ID: si-07_odp.05
Label: actions
Guidelines:

actions to be taken when unauthorized changes to firmware are detected are defined;

ID: si-07_odp.06
Label: actions
Guidelines:

actions to be taken when unauthorized changes to information are detected are defined;

Properties

label: SI-07 (Class: zero-padded)

label: SI-7

label: SI-07 (Class: sp800-53a)

sort-id: si-07

implementation-level: organization

implementation-level: system

contributes-to-assurance: true

Related Controls

AC-04, CM-03, CM-07, CM-08, MA-03, MA-04, RA-05, SA-08, SA-09, SA-10, SC-08, SC-12, SC-13, SC-28, SC-37, SI-03, SR-03, SR-04, SR-05, SR-06, SR-09, SR-10, SR-11

Guidance

Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity. Software includes operating systems (with key internal components, such as kernels or drivers), middleware, and applications. Firmware interfaces include Unified Extensible Firmware Interface (UEFI) and Basic Input/Output System (BIOS). Information includes personally identifiable information and metadata that contains security and privacy attributes associated with information. Integrity-checking mechanisms—including parity checks, cyclical redundancy checks, cryptographic hashes, and associated tools—can automatically monitor the integrity of systems and hosted applications.

► SI-07(01) - Integrity Checks

System and Information Integrity

moderate high

Baseline Information

Present in Baselines: Moderate High

Description

Perform an integrity check of {{ insert: param, si-7.1_prm_1 }} {{ insert: param, si-7.1_prm_2 }}.

Parameters

ID: si-7.1_prm_1
Label: organization-defined software, firmware, and information

ID: si-7.1_prm_2

ID: si-7.1_prm_3
Label: organization-defined transitional states or security-relevant events

ID: si-7.1_prm_4
Label: organization-defined frequency

ID: si-07.01_odp.01
Label: software
Guidelines:

software on which an integrity check is to be performed is defined;

ID: si-07.01_odp.02

ID: si-07.01_odp.03
Label: transitional states or security-relevant events
Guidelines:

transitional states or security-relevant events requiring integrity checks (on software) are defined (if selected);

ID: si-07.01_odp.04
Label: frequency
Guidelines:

frequency with which to perform an integrity check (on software) is defined (if selected);

ID: si-07.01_odp.05
Label: firmware
Guidelines:

firmware on which an integrity check is to be performed is defined;

ID: si-07.01_odp.06

ID: si-07.01_odp.07
Label: transitional states or security-relevant events
Guidelines:

transitional states or security-relevant events requiring integrity checks (on firmware) are defined (if selected);

ID: si-07.01_odp.08
Label: frequency
Guidelines:

frequency with which to perform an integrity check (on firmware) is defined (if selected);

ID: si-07.01_odp.09
Label: information
Guidelines:

information on which an integrity check is to be performed is defined;

ID: si-07.01_odp.10

ID: si-07.01_odp.11
Label: transitional states or security-relevant events
Guidelines:

transitional states or security-relevant events requiring integrity checks (of information) are defined (if selected);

ID: si-07.01_odp.12
Label: frequency
Guidelines:

frequency with which to perform an integrity check (of information) is defined (if selected);

Properties

label: SI-07(01) (Class: zero-padded)

label: SI-7(1)

label: SI-07(01) (Class: sp800-53a)

sort-id: si-07.01

implementation-level: system

contributes-to-assurance: true

Guidance

Security-relevant events include the identification of new threats to which organizational systems are susceptible and the installation of new hardware, software, or firmware. Transitional states include system startup, restart, shutdown, and abort.

► SI-07(02) - Automated Notifications of Integrity Violations

System and Information Integrity

high

Baseline Information

Present in Baselines: High

Description

Employ automated tools that provide notification to {{ insert: param, si-07.02_odp }} upon discovering discrepancies during integrity verification.

Parameters

ID: si-07.02_odp
Label: personnel or roles
Guidelines:

personnel or roles to whom notification is to be provided upon discovering discrepancies during integrity verification is/are defined;

Properties

label: SI-07(02) (Class: zero-padded)

label: SI-7(2)

label: SI-07(02) (Class: sp800-53a)

sort-id: si-07.02

implementation-level: system

contributes-to-assurance: true

Guidance

The employment of automated tools to report system and information integrity violations and to notify organizational personnel in a timely matter is essential to effective risk response. Personnel with an interest in system and information integrity violations include mission and business owners, system owners, senior agency information security official, senior agency official for privacy, system administrators, software developers, systems integrators, information security officers, and privacy officers.

► SI-07(05) - Automated Response to Integrity Violations

System and Information Integrity

high

Baseline Information

Present in Baselines: High

Description

Automatically {{ insert: param, si-07.05_odp.01 }} when integrity violations are discovered.

Parameters

ID: si-07.05_odp.01

ID: si-07.05_odp.02
Label: controls
Guidelines:

controls to be implemented automatically when integrity violations are discovered are defined (if selected);

Properties

label: SI-07(05) (Class: zero-padded)

label: SI-7(5)

label: SI-07(05) (Class: sp800-53a)

sort-id: si-07.05

implementation-level: system

contributes-to-assurance: true

Guidance

Organizations may define different integrity-checking responses by type of information, specific information, or a combination of both. Types of information include firmware, software, and user data. Specific information includes boot firmware for certain types of machines. The automatic implementation of controls within organizational systems includes reversing the changes, halting the system, or triggering audit alerts when unauthorized modifications to critical security files occur.

► SI-07(07) - Integration of Detection and Response

System and Information Integrity

moderate high

Baseline Information

Present in Baselines: Moderate High

Description

Incorporate the detection of the following unauthorized changes into the organizational incident response capability: {{ insert: param, si-07.07_odp }}.

Parameters

ID: si-07.07_odp
Label: changes
Guidelines:

security-relevant changes to the system are defined;

Properties

label: SI-07(07) (Class: zero-padded)

label: SI-7(7)

label: SI-07(07) (Class: sp800-53a)

sort-id: si-07.07

implementation-level: organization

contributes-to-assurance: true

Related Controls

AU-02, AU-06, IR-04, IR-05, SI-04

Guidance

Integrating detection and response helps to ensure that detected events are tracked, monitored, corrected, and available for historical purposes. Maintaining historical records is important for being able to identify and discern adversary actions over an extended time period and for possible legal actions. Security-relevant changes include unauthorized changes to established configuration settings or the unauthorized elevation of system privileges.

► SI-07(15) - Code Authentication

System and Information Integrity

high

Baseline Information

Present in Baselines: High

Description

Implement cryptographic mechanisms to authenticate the following software or firmware components prior to installation: {{ insert: param, si-07.15_odp }}.

Parameters

ID: si-07.15_odp
Label: software or firmware components
Guidelines:

software or firmware components to be authenticated by cryptographic mechanisms prior to installation are defined;

Properties

label: SI-07(15) (Class: zero-padded)

label: SI-7(15)

label: SI-07(15) (Class: sp800-53a)

sort-id: si-07.15

implementation-level: system

contributes-to-assurance: true

Related Controls

CM-05, SC-12, SC-13

Guidance

Cryptographic authentication includes verifying that software or firmware components have been digitally signed using certificates recognized and approved by organizations. Code signing is an effective method to protect against malicious code. Organizations that employ cryptographic mechanisms also consider cryptographic key management solutions.