An error occurred:

CCI-002708

CCI-002708 Definition

Defines the transitional state or security-relevant events when performing integrity checks on software, firmware, and information.
Status
Type CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if: - an integrity check of [SI-07(01)_ODP[01]; software on which an integrity check is to be performed is defined] is performed [SI-07(01)_ODP[02]; one or more of the following PARAMETER VALUES is/are selected: {at startup; at [SI-07(01)_ODP[03]; transitional states or security-relevant events requiring integrity checks (on software) are defined (if selected)]; [SI-07(01)_ODP[04]; frequency with which to perform an integrity check (on software) is defined (if selected)]}]. - an integrity check of [SI-07(01)_ODP[05]; firmware on which an integrity check is to be performed is defined] is performed [SI-07(01)_ODP[06]; one or more of the following PARAMETER VALUES is/are selected: {at startup; at [SI-07(01)_ODP[07]; transitional states or security-relevant events requiring integrity checks (on firmware) are defined (if selected)]; [SI-07(01)_ODP[08]; frequency with which to perform an integrity check (on firmware) is defined (if selected)]}]. - an integrity check of [SI-07(01)_ODP[09]; information on which an integrity check is to be performed is defined] is performed [SI-07(01)_ODP[10]; one or more of the following PARAMETER VALUES is/are selected: {at startup; at [SI-07(01)_ODP[11]; transitional states or security-relevant events requiring integrity checks (of information) are defined (if selected)]; [SI-07(01)_ODP[12]; frequency with which to perform an integrity check (of information) is defined (if selected)]}].

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing software, firmware, and information integrity testing; system design documentation; system configuration settings and associated documentation; integrity verification tools and associated documentation; records of integrity scans; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel responsible for software, firmware, and/or information integrity; organizational personnel with information security responsibilities; system/network administrators; system developer]. Test: [SELECT FROM: Software, firmware, and information integrity verification tools].