SI-7(7): Integration of Detection and Response

Control Family:

System and Information Integrity

Parent Control:

SI-7: Software, Firmware, and Information Integrity

CSF v1.1 References:

PR.DS-6

Threats Addressed:

Tampering

Baselines:

Moderate
High

Previous Version:

NIST Special Publication 800-53 Revision 4:
SI-7(7): Integration Of Detection And Response

Control Statement

Incorporate the detection of the following unauthorized changes into the organizational incident response capability: [Assignment: organization-defined security-relevant changes to the system].

Supplemental Guidance

Integrating detection and response helps to ensure that detected events are tracked, monitored, corrected, and available for historical purposes. Maintaining historical records is important for being able to identify and discern adversary actions over an extended time period and for possible legal actions. Security-relevant changes include unauthorized changes to established configuration settings or the unauthorized elevation of system privileges.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5