SI-7(2): Automated Notifications Of Integrity Violations

CSF v1.1 References:

Threats Addressed:


  • High

Next Version:

Control Statement

The organization employs automated tools that provide notification to [Assignment: organization-defined personnel or roles] upon discovering discrepancies during integrity verification.

Supplemental Guidance

The use of automated tools to report integrity violations and to notify organizational personnel in a timely matter is an essential precursor to effective risk response. Personnel having an interest in integrity violations include, for example, mission/business owners, information system owners, systems administrators, software developers, systems integrators, and information security officers.