SI-7(2): Automated Notifications of Integrity Violations

Control Family:

System and Information Integrity

Parent Control:

SI-7: Software, Firmware, and Information Integrity

CSF v1.1 References:

PR.DS-6

Threats Addressed:

Tampering

Baselines:

High

Previous Version:

NIST Special Publication 800-53 Revision 4:
SI-7(2): Automated Notifications Of Integrity Violations

Control Statement

Employ automated tools that provide notification to [Assignment: organization-defined personnel or roles] upon discovering discrepancies during integrity verification.

Supplemental Guidance

The employment of automated tools to report system and information integrity violations and to notify organizational personnel in a timely matter is essential to effective risk response. Personnel with an interest in system and information integrity violations include mission and business owners, system owners, senior agency information security official, senior agency official for privacy, system administrators, software developers, systems integrators, information security officers, and privacy officers.