SI-7(1)

Requirement

Perform an integrity check of [Assignment: organization-defined software, firmware, and information] [Selection (one or more): at startup; at [Assignment: organization-defined transitional states or security-relevant events]; [Assignment: organization-defined frequency]].

Discussion

Security-relevant events include the identification of new threats to which organizational systems are susceptible and the installation of new hardware, software, or firmware. Transitional states include system startup, restart, shutdown, and abort.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing software, firmware, and information integrity testing; system design documentation; system configuration settings and associated documentation; integrity verification tools and associated documentation; records of integrity scans; system security plan; other relevant documents or records].

Interview

[SELECT FROM: Organizational personnel responsible for software, firmware, and/or information integrity; organizational personnel with information security responsibilities; system/network administrators; system developer].

Test

[SELECT FROM: Software, firmware, and information integrity verification tools].

ID	Assessment Objectives
SI-07(01)[01]	an integrity check of <SI-07(01)_ODP[01] software> is performed <SI-07(01)_ODP[02] SELECTED PARAMETER VALUES>;
SI-07(01)[02]	an integrity check of <SI-07(01)_ODP[05] firmware> is performed <SI-07(01)_ODP[06] SELECTED PARAMETER VALUES>;
SI-07(01)[03]	an integrity check of <SI-07(01)_ODP[09] information> is performed <SI-07(01)_ODP[10] SELECTED PARAMETER VALUES>.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!