Navigate

CCI-002732

CCI-002732 Definition

Defines the user-installed software that is to have its integrity verified prior to execution.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the integrity of [SI-07(12)_ODP; user-installed software requiring integrity verification prior to execution is defined] is verified prior to execution.

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing software, firmware, and information integrity; system design documentation; system configuration settings and associated documentation; integrity verification records; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel responsible for software, firmware, and/or information integrity; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Software, firmware, and information integrity verification tools; mechanisms supporting and/or implementing verification of the integrity of user-installed software prior to execution].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002732.

Control	Description
SI-7(12)	Require that the integrity of the following user-installed software be verified prior to execution: [user-installed software requiring integrity verification prior to execution is defined;].