SI-7

Requirement
1. Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information: [Assignment: organization-defined software, firmware, and information]; and
2. Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions].

Discussion

Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity. Software includes operating systems (with key internal components, such as kernels or drivers), middleware, and applications. Firmware interfaces include Unified Extensible Firmware Interface (UEFI) and Basic Input/Output System (BIOS). Information includes personally identifiable information and metadata that contains security and privacy attributes associated with information. Integrity-checking mechanisms including parity checks, cyclical redundancy checks, cryptographic hashes, and associated tools can automatically monitor the integrity of systems and hosted applications.

Related NIST 800-53 ID

AC-4;CM-3;CM-7;CM-8;MA-3;MA-4;RA-5;SA-8;SA-9;SA-10;SC-8;SC-12;SC-13;SC-28;SC-37;SI-3;SR-3;SR-4;SR-5;SR-6;SR-9;SR-10;SR-11

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing software, firmware, and information integrity; personally identifiable information processing policy; system design documentation; system configuration settings and associated documentation; integrity verification tools and associated documentation; records generated or triggered by integrity verification tools regarding unauthorized software, firmware, and information changes; system audit records; system security plan; privacy plan; other relevant documents or records].

Interview

[SELECT FROM: Organizational personnel responsible for software, firmware, and/or information integrity; organizational personnel with information security and privacy responsibilities; system/network administrators].

Test

[SELECT FROM: Software, firmware, and information integrity verification tools].

ID	Assessment Objectives
SI-07b.[02]	<SI-07_ODP[05] actions> are taken when unauthorized changes to the firmware are detected;
SI-07b.[03]	<SI-07_ODP[06] actions> are taken when unauthorized changes to the information are detected.
SI-07a.[01]	integrity verification tools are employed to detect unauthorized changes to <SI-07_ODP[01] software>;
SI-07a.[02]	integrity verification tools are employed to detect unauthorized changes to <SI-07_ODP[02] firmware>;
SI-07a.[03]	integrity verification tools are employed to detect unauthorized changes to <SI-07_ODP[03] information>;
SI-07b.[01]	<SI-07_ODP[04] actions> are taken when unauthorized changes to the software, are detected;

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!