PR.DS-8: Integrity checking mechanisms are used to verify hardware integrity
PF v1.0 References:
Threats Addressed:
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
SA-10: Developer Configuration Management
Require the developer of the system, system component, or system service to: Perform configuration management during system, component, or service [Assignment (one or more): design, development, implementation, operation, disposal]; Document, manage, and control the integrity of changes to [Assignment: organization-defined configuration items under configuration management]; Implement only organization-approved changes to the system, component, or service;…
Cloud Controls Matrix v3.0.1
CCC-01: New Development / Acquisition
Policies and procedures shall be established, and supporting business processes and technical measures implemented, to ensure the development and/or acquisition of new data, physical or virtual applications, infrastructure network, and systems components, or any corporate, operations and/or data center facilities have been pre-authorized by the organization’s business leadership or other accountable business role or function.
Critical Security Controls Version 8
16: Application Software Security
Manage the security life cycle of in-house developed, hosted, or acquired software to prevent, detect, and remediate security weaknesses before they can impact the enterprise.
NIST Special Publication 800-53 Revision 4
SA-10: Developer Configuration Management
The organization requires the developer of the information system, system component, or information system service to: Perform configuration management during system, component, or service [Selection (one or more): design; development; implementation; operation]; Document, manage, and control the integrity of changes to [Assignment: organization-defined configuration items under configuration management]; Implement only organization-approved changes to the system,…
SI-7: Software, Firmware, And Information Integrity
The organization employs integrity verification tools to detect unauthorized changes to [Assignment: organization-defined software, firmware, and information].