SI-07 Software And Information Integrity
System and Information Integrity
Description
The information system detects and protects against unauthorized changes to software and information.\n
Supplemental Guidance
The organization employs integrity verification applications on the information system to look for evidence of information tampering, errors, and omissions. The organization employs good software engineering practices with regard to commercial off-the-shelf integrity mechanisms (e.g., parity checks, cyclical redundancy checks, cryptographic hashes) and uses tools to automatically monitor the integrity of the information system and the applications it hosts.\n
Changes from Rev 4
Control text adds requirement to take actions when unauthorized changes are detected Parameter added for specifying organization-defined actions Discussion includes additional examples
Enhancements
\n