Navigate

SI-7 (1)

SI-7 (1): Integrity Checks

The information system performs an integrity check of [Assignment: organization-defined software, firmware, and information] [Selection (one or more): at startup; at [Assignment: organization-defined transitional states or security-relevant events]; [Assignment: organization-defined frequency]].

Supplemental

Security-relevant events include, for example, the identification of a new threat to which organizational information systems are susceptible, and the installation of new hardware, software, or firmware. Transitional states include, for example, system startup, restart, shutdown, and abort.

CIA Levels
Confidentiality	unknown
Integrity	moderate
Availability	unknown

Overlays
Int-A, Int-B, Int-C

Related Controls

The controls below (if any) were marked by NIST as being related to SI-7 (1).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SI-7 (1).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-7 (1).

CCI	Definition
CCI-002705	The organization defines the software on which integrity checks will be performed.
CCI-002706	The organization defines the firmware on which integrity checks will be performed.
CCI-002707	The organization defines the information on which integrity checks will be performed.
CCI-002708	The organization defines the transitional state or security-relevant events when the information system will perform integrity checks on software, firmware, and information.
CCI-002709	The organization defines the frequency at which it will perform integrity checks of software, firmware, and information.
CCI-002710	The information system performs an integrity check of organization-defined software at startup, at organization-defined transitional states or security-relevant events, or on an organization-defined frequency.
CCI-002711	The information system performs an integrity check of organization-defined firmware at startup, at organization-defined transitional states or security-relevant events, or on an organization-defined frequency.
CCI-002712	The information system performs an integrity check of organization-defined information at startup, at organization-defined transitional states or security-relevant events, or on an organization-defined frequency.