Navigate

SI-7 (15)

SI-7 (15): Code Authentication

The information system implements cryptographic mechanisms to authenticate [Assignment: organization-defined software or firmware components] prior to installation.

Supplemental

Cryptographic authentication includes, for example, verifying that software or firmware components have been digitally signed using certificates recognized and approved by organizations. Code signing is an effective method to protect against malicious code.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
NC3

Related Controls

The controls below (if any) were marked by NIST as being related to SI-7 (15).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SI-7 (15).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-7 (15).

CCI	Definition
CCI-002739	The organization defines the software or firmware components on which cryptographic mechanisms are to be implemented to support authentication prior to installation.
CCI-002740	The information system implements cryptographic mechanisms to authenticate organization-defined software or firmware components prior to installation.