Device Class 1: Software, Firmware, And Information Integrity
Control ID: SI-7 Software, Firmware, And Information Integrity | Family: System and Information Integrity | Source: NIST 800-53r4 | |||||||||||||||||||||||||||||||||||
Control: The organization employs integrity verification tools to detect unauthorized changes to [Assignment: organization-defined software, firmware, and information]. | |||||||||||||||||||||||||||||||||||||
Supplemental Guidance: Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity (e.g.,tampering). Software includes, for example, operating systems (with key internal components such as kernels, drivers), middleware, and applications. Firmware includes, for example, the Basic Input Output System (BIOS). Information includes metadata such as security attributes associated with information. State-of-the-practice integrity-checking mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and associated tools can automatically monitor the integrity of information systems and hosted applications. Related Controls: SA-12, SC-8, SC-13, SI-3 |
|||||||||||||||||||||||||||||||||||||
Control Enhancements:
(1) Software, Firmware, And Information Integrity | Integrity Checks The information system performs an integrity check of [Assignment: organization-defined software, firmware, and information] [Selection (one or more): at startup; at [Assignment: organization-defined transitional states or security-relevant events]; [Assignment: organization-defined frequency]]. Supplemental Guidance: Security-relevant events include, for example, the identification of a new threat to which organizational information systems are susceptible, and the installation of new hardware, software, or firmware. Transitional states include, for example, system startup, restart, shutdown, and abort. Related Controls: N/A (7) Software, Firmware, And Information Integrity | Integration Of Detection And Response The organization incorporates the detection of unauthorized [Assignment: organization-defined security-relevant changes to the information system] into the organizational incident response capability. Supplemental Guidance: This control enhancement helps to ensure that detected events are tracked, monitored, corrected, and available for historical purposes. Maintaining historical records is important both for being able to identify and discern adversary actions over an extended period of time and for possible legal actions. Security-relevant changes include, for example, unauthorized changes to established configuration settings or unauthorized elevation of information system privileges. Related Controls: IR-4, IR-5, SI-4 (9) Software, Firmware, And Information Integrity | Verify Boot Process The information system verifies the integrity of the boot process of [Assignment: organization-defined devices]. Supplemental Guidance: Ensuring the integrity of boot processes is critical to starting devices in known/trustworthy states. Integrity verification mechanisms provide organizational personnel with assurance that only trusted code is executed during boot processes. Related Controls: N/A (10) Software, Firmware, And Information Integrity | Protection Of Boot Firmware The information system implements [Assignment: organization-defined security safeguards] to protect the integrity of boot firmware in [Assignment: organization-defined devices]. Supplemental Guidance: Unauthorized modifications to boot firmware may be indicative of a sophisticated, targeted cyber-attack. These types of cyber-attacks can result in a permanent denial of service (e.g., if the firmware is corrupted) or a persistent malicious code presence (e.g., if code is embedded within the firmware). Devices can protect the integrity of the boot firmware in organizational information systems by: (i) verifying the integrity and authenticity of all updates to the boot firmware prior to applying changes to the boot devices; and (ii) preventing unauthorized processes from modifying the boot firmware. Related Controls: N/A |
|||||||||||||||||||||||||||||||||||||
References: NIST Special Publications 800-147, 800-155. | |||||||||||||||||||||||||||||||||||||
Mechanisms:
|
|||||||||||||||||||||||||||||||||||||
Protocol Implementation Conformance Statements:
|