CCI-004792

Provide the capability to check the integrity of organizational information while it resides in the external system.

Implementation Guidance

Determine if the capability is provided to check the integrity of information while it resides in the external system.

Validation Procedures

Examine: [SELECT FROM: System and services acquisition policy; procedures addressing external system services; acquisition contracts for the system, system component, or system service; solicitation documentation; acquisition documentation; service level agreements; procedures addressing organization-controlled integrity checking; information/data and/or system services; organizational security requirements or conditions for external providers; system security plan; supply chain risk management plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system and service acquisition responsibilities; organizational personnel with information security responsibilities; organization personnel with integrity checking responsibilities; external providers of system services; organizational personnel with supply chain risk management responsibilities]. Test: [SELECT FROM: Organizational processes for integrity checking; mechanisms for supporting and implementing integrity checking of information in external systems].

The controls below (if any) were marked by NIST as being related to CCI-004792.