CCI-002721

Defines the personnel or roles that are to be alerted when a potential integrity violation is detected.

Implementation Guidance

Determine if: - the capability to audit an event upon the detection of a potential integrity violation is provided. - [SI-07(08)_ODP[01]; one or more of the following PARAMETER VALUES is/are selected: {generate an audit record; alert current user; alert [SI-07(08)_ODP[02]; personnel or roles to be alerted upon the detection of a potential integrity violation is/are defined (if selected)]; [SI-07(08)_ODP[03]; other actions to be taken upon the detection of a potential integrity violation are defined (if selected)]}] is/are initiated upon the detection of a potential integrity violation.

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing software, firmware, and information integrity; system design documentation; system configuration settings and associated documentation; integrity verification tools and associated documentation; records of integrity scans; incident response records; list of security-relevant changes to the system; automated tools supporting alerts and notifications if unauthorized security changes are detected; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel responsible for software, firmware, and/or information integrity; organizational personnel with information security responsibilities; system/network administrators; system developer]. Test: [SELECT FROM: Software, firmware, and information integrity verification tools; mechanisms supporting and/or implementing the capability to audit potential integrity violations; mechanisms supporting and/or implementing alerts about potential integrity violations].

The controls below (if any) were marked by NIST as being related to CCI-002721.