SI-7(5): Automated Response to Integrity Violations

Control Family:

System and Information Integrity

Parent Control:

SI-7: Software, Firmware, and Information Integrity

CSF v1.1 References:

PR.DS-6

Threats Addressed:

Tampering

Baselines:

High

Previous Version:

NIST Special Publication 800-53 Revision 4:
SI-7(5): Automated Response To Integrity Violations

Control Statement

Automatically [Assignment (one or more): shut the system down, restart the system, implement [Assignment: organization-defined controls] ] when integrity violations are discovered.

Supplemental Guidance

Organizations may define different integrity-checking responses by type of information, specific information, or a combination of both. Types of information include firmware, software, and user data. Specific information includes boot firmware for certain types of machines. The automatic implementation of controls within organizational systems includes reversing the changes, halting the system, or triggering audit alerts when unauthorized modifications to critical security files occur.