Navigate

SI-7(15)

SI-7(15): Code Authentication

Implement cryptographic mechanisms to authenticate the following software or firmware components prior to installation: [software or firmware components to be authenticated by cryptographic mechanisms prior to installation are defined;].

Supplemental

Cryptographic authentication includes verifying that software or firmware components have been digitally signed using certificates recognized and approved by organizations. Code signing is an effective method to protect against malicious code. Organizations that employ cryptographic mechanisms also consider cryptographic key management solutions.

CIA Levels
Confidentiality	unknown
Integrity	high
Availability	unknown

Overlays
DAF Baseline, NC3

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-7(15).

Control	Description
CM-5	Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.
SC-12	Establish and manage cryptographic keys when cryptography is employed within the system in accordance with the following key management requirements: [requirements for key generation, distribution, storage, access, and destruction are defined;].
SC-13	a: Determine the [cryptographic uses are defined;] ; and b: Implement the following types of cryptography required for each specified cryptographic use: [types of cryptography for each specified cryptographic use are defined;].

Enhancements

The controls below (if any) add on to the requirements of SI-7(15).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-7(15).

CCI	Definition
CCI-002739	Defines the software or firmware components on which cryptographic mechanisms are to be implemented to support authentication prior to installation.
CCI-002740	Implement cryptographic mechanisms to authenticate organization-defined software or firmware components prior to installation.