CCI-001301

Implementation Guidance

Determine if centrally managed integrity verification tools are employed.

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing software, firmware, and information integrity; system design documentation; system configuration settings and associated documentation; integrity verification tools and associated documentation; records of integrity scans; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel responsible for the central management of integrity verification tools; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms supporting and/or implementing the central management of integrity verification tools].