CCI-002719

Defines the unauthorized security-relevant changes to the system that are to be incorporated into the organizational incident response capability.

Implementation Guidance

Determine if the detection of [SI-07(07)_ODP; security-relevant changes to the system are defined] are incorporated into the organizational incident response capability.

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing software, firmware, and information integrity; procedures addressing incident response; system design documentation; system configuration settings and associated documentation; incident response records; audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel responsible for software, firmware, and/or information integrity; organizational personnel with information security responsibilities; organizational personnel with incident response responsibilities]. Test: [SELECT FROM: Organizational processes for incorporating the detection of unauthorized security-relevant changes into the incident response capability; software, firmware, and information integrity verification tools; mechanisms supporting and/or implementing the incorporation of detection of unauthorized security-relevant changes into the incident response capability].

The controls below (if any) were marked by NIST as being related to CCI-002719.