CCI-002704

Employ integrity verification tools to detect unauthorized changes to organization-defined software, firmware, and information.

Implementation Guidance

The organization being inspected/assessed designs the information system to employ integrity verification tools to detect unauthorized changes to software, firmware, and information defined in SI-7, CCI 2703.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the hardware/software lists and any other documentation applicable to integrity verification tools to ensure the organization being inspected/assessed employs integrity verification tools to detect unauthorized changes to software, firmware, and information defined in SI-7, CCI 2703.

Compelling Evidence

1.) Signed and dated System security plan defines the software, firmware and information which will be subjected to integrity verification tools to check for unauthorized changes. 2.) Implementation documentation of integrity verification tools that will check the firmware for unauthorized changes.

The controls below (if any) were marked by NIST as being related to CCI-002704.