SI-07-727 Software, Firmware, and Information Integrity

Software, Firmware, and Information Integrity

SI-07-727
Software, Firmware, and Information Integrity
System and Information Integrity
Identify
Privacy and Confidentiality
MOD, HIGH
P1
No
Unauthorized tampering of system and/or configuration files is undetected due to the absence of file integrity mechanisms.
The organization employs integrity verification tools to detect unauthorized changes to [Assignment: organization-defined software, firmware, and information].
Software firmware allows for the scanning of information integrity.
No statewide control
Obtain system and information integrity policy; procedures addressing software and information integrity; information system design documentation; information system configuration settings and associated documentation; integrity verification tools and applications documentation; security plan; records of integrity scans; other relevant documents or records and ascertain if : (I)the information system detects and protects against unauthorized changes to software and information. (ii)the organization employs commercial off-the-shelf integrity mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) in accordance with good software engineering practices and uses tools to automatically monitor the integrity of the information system and the applications it hosts. (iii)the organization defines in the security plan, explicitly or by reference, the frequency of integrity scans on the information system; and (iv)the organization reassesses the integrity of software and information by performing integrity scans of the information system in accordance with the organization-defined frequency.