CCI-001300

Employ automated tools that provide notification to organization-defined personnel or roles upon discovering discrepancies during integrity verification.

Implementation Guidance

Determine if automated tools that provide notification to [SI-07(02)_ODP; personnel or roles to whom notification is to be provided upon discovering discrepancies during integrity verification is/are defined] upon discovering discrepancies during integrity verification are employed.

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing software, firmware, and information integrity; personally identifiable information processing policy; system design documentation; system configuration settings and associated documentation; integrity verification tools and associated documentation; records of integrity scans; automated tools supporting alerts and notifications for integrity discrepancies; notifications provided upon discovering discrepancies during integrity verifications; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel responsible for software, firmware, and/or information integrity; organizational personnel with information security and privacy responsibilities; system administrators; software developers]. Test: [SELECT FROM: Software, firmware, and information integrity verification tools; mechanisms providing integrity discrepancy notifications].

The controls below (if any) were marked by NIST as being related to CCI-001300.