• Requirement

    Automatically [Selection (one or more): shut the system down; restart the system; implement [Assignment: organization-defined controls]] when integrity violations are discovered.

  • Discussion

    Organizations may define different integrity-checking responses by type of information, specific information, or a combination of both. Types of information include firmware, software, and user data. Specific information includes boot firmware for certain types of machines. The automatic implementation of controls within organizational systems includes reversing the changes, halting the system, or triggering audit alerts when unauthorized modifications to critical security files occur.

More Info

  • Title

    Software, Firmware, and Information Integrity | Automated Response to Integrity Violations
  • Family

    System and Information Integrity
  • NIST 800-53B Baseline(s)

    • High
  • Related NIST 800-53 ID

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!