|

controlSI-7

Software, Firmware, and Information Integrity (SI-7)

Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information: [organization-defined] ; and Take the following actions when unauthorized changes to the software, firmware, and information are detected: [organization-defined].

Security Baselines

MODERATEHIGHLOW

integritymalwareflaw-remediationmonitoring

Why These Connect

Baselined In2

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports62

These related controls work together — a change to one may affect the others.

Mitigates12

This control helps defend against or reduce the risk of the linked threat technique.

Enhances17

These enhancements add specific capabilities or refinements to the base control.

Related Controls(39)

AU-2Event Logging (AU-2)

AU-3Content of Audit Records (AU-3)

AU-6Audit Record Review, Analysis, and Reporting (AU-6)

AU-12Audit Record Generation (AU-12)

CM-3Configuration Change Control (CM-3)

CM-11User-installed Software (CM-11)

CM-12Information Location (CM-12)

CM-14Signed Components (CM-14)IR-4Incident Handling (IR-4)

IR-5Incident Monitoring (IR-5)

RA-5Vulnerability Monitoring and Scanning (RA-5)

SA-24Design For Cyber Resiliency (SA-24)SC-12Cryptographic Key Establishment and Management (SC-12)

SC-13Cryptographic Protection (SC-13)

SC-28Protection of Information at Rest (SC-28)

SC-34Non-modifiable Executable Programs (SC-34)SC-37Out-of-band Channels (SC-37)SC-44Detonation Chambers (SC-44)SI-2Flaw Remediation (SI-2)

SI-3Malicious Code Protection (SI-3)

SI-4System Monitoring (SI-4)

SI-6Security and Privacy Function Verification (SI-6)

AC-4Information Flow Enforcement (AC-4)

CM-7Least Functionality (CM-7)

CM-8System Component Inventory (CM-8)

MA-3Maintenance Tools (MA-3)

MA-4Nonlocal Maintenance (MA-4)

SA-8Security and Privacy Engineering Principles (SA-8)

SA-9External System Services (SA-9)

SA-10Developer Configuration Management (SA-10)

SC-8Transmission Confidentiality and Integrity (SC-8)

SR-3Supply Chain Controls and Processes (SR-3)

SR-4Provenance (SR-4)SR-5Acquisition Strategies, Tools, and Methods (SR-5)

SR-6Supplier Assessments and Reviews (SR-6)

SR-9Tamper Resistance and Detection (SR-9)

SR-10Inspection of Systems or Components (SR-10)

SR-11Component Authenticity (SR-11)

SI-16Memory Protection (SI-16)

Threat Coverage(12 ATT&CK techniques)

T1190Exploit Public-Facing Application T1059Command and Scripting Interpreter T1203Exploitation for Client Execution T1547Boot or Logon Autostart Execution T1505Server Software Component T1068Exploitation for Privilege Escalation T1027Obfuscated Files or Information T1562Impair Defenses T1036Masquerading T1112Modify Registry T1110Brute Force T1486Data Encrypted for Impact

Control Enhancements(17)

SI-7(1)Integrity Checks (SI-7(1))

SI-7(2)Automated Notifications of Integrity Violations (SI-7(2))

SI-7(3)Centrally Managed Integrity Tools (SI-7(3))

SI-7(4)Tamper-evident Packaging (SI-7(4))W

SI-7(5)Automated Response to Integrity Violations (SI-7(5))

SI-7(6)Cryptographic Protection (SI-7(6))

SI-7(7)Integration of Detection and Response (SI-7(7))

SI-7(8)Auditing Capability for Significant Events (SI-7(8))

SI-7(9)Verify Boot Process (SI-7(9))

SI-7(10)Protection of Boot Firmware (SI-7(10))

SI-7(11)Confined Environments with Limited Privileges (SI-7(11))W

SI-7(12)Integrity Verification (SI-7(12))

SI-7(13)Code Execution in Protected Environments (SI-7(13))W

SI-7(14)Binary or Machine Executable Code (SI-7(14))W

SI-7(15)Code Authentication (SI-7(15))

SI-7(16)Time Limit on Process Execution Without Supervision (SI-7(16))

SI-7(17)Runtime Application Self-protection (SI-7(17))

See Also

@SP 800-53 Overview ⚖Compare Baselines