Navigate

CCI-002708

CCI-002708 Definition

The organization defines the transitional state or security-relevant events when the information system will perform integrity checks on software, firmware, and information.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the transitional state or security-relevant events when the information system will perform integrity checks on software, firmware and information. DoD has determined the transitional state or security-relevant events are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented transitional state or security-relevant event to ensure the organization being inspected/assessed defines the transitional state or security-relevant events when the information system will perform integrity checks on software, firmware and information. DoD has determined the transitional state or security-relevant events are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated System security plan defines the transitional state or security-relevant events when the information system will perform integrity checks on software, firmware and information. 2.) Implementation documentation of integrity verification tool.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002708.

Control	Description
SI-7 (1)	The information system performs an integrity check of [Assignment: organization-defined software, firmware, and information] [Selection (one or more): at startup; at [Assignment: organization-defined transitional states or security-relevant events]; [Assignment: organization-defined frequency]].