SI-7(8): Auditing Capability For Significant Events

Control Family:

System And Information Integrity

Parent Control:

SI-7: Software, Firmware, And Information Integrity

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.DS-6
PR.DS-8

Threats Addressed:

Tampering

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SI-7(8): Auditing Capability for Significant Events

Control Statement

The information system, upon detection of a potential integrity violation, provides the capability to audit the event and initiates the following actions: [Selection (one or more): generates an audit record; alerts current user; alerts [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined other actions]].

Supplemental Guidance

Organizations select response actions based on types of software, specific software, or information for which there are potential integrity violations.