SI-7(15)
SI-7(15): Code Authentication
The information system implements cryptographic mechanisms to authenticate [organization-defined software or firmware components] prior to installation.
Supplemental
Cryptographic authentication includes, for example, verifying that software or firmware components have been digitally signed using certificates recognized and approved by organizations. Code signing is an effective method to protect against malicious code.
CIA Levels | |
---|---|
Confidentiality | unknown |
Integrity | high |
Availability | unknown |
Overlays |
---|
None |
CSF Categories |
---|
None |