>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-7(7)Software, Firmware, and Information Integrity | Integration of Detection and Response

IL4 Mod
IL4 High
IL5
IL6

>Control Description

Incorporate the detection of the following unauthorized changes into the organizational incident response capability: organization-defined security-relevant changes to the system.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Integrating detection and response helps to ensure that detected events are tracked, monitored, corrected, and available for historical purposes. Maintaining historical records is important for being able to identify and discern adversary actions over an extended time period and for possible legal actions. Security-relevant changes include unauthorized changes to established configuration settings or the unauthorized elevation of system privileges.

>Programmatic Queries

Beta

Related Services

Amazon GuardDuty
AWS Lambda
AWS Systems Manager

CLI Commands

Get GuardDuty findings for integrity violations
aws guardduty list-findings --detector-id detector-id --finding-criteria '{"Criterion":{"type":{"Eq":["CryptoCurrency:EC2/BitcoinTool.B","Trojan:EC2/DGADomainRequest.C"]}}}'
Create Lambda function for automated response
aws lambda create-function --function-name IntegrityResponseFunction --runtime python3.11 --role arn:aws:iam::123456789012:role/lambda-role --handler index.handler --zip-file fileb://function.zip
Set up EventBridge rule to trigger response
aws events put-targets --rule security-findings-rule --targets Id=1,Arn=arn:aws:lambda:us-east-1:123456789012:function:IntegrityResponseFunction
Create Systems Manager automation for remediation
aws ssm create-document --content file://remediation.json --document-type Automation --name IntegrityRemediationPlaybook
Open AWS ConsoleDocumentation

>Related Controls

AU-2
AU-6
IR-4
IR-5
SI-4

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern integration of detection and response?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to integration of detection and response issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What systems and events are monitored for integrity violations?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-7(7) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you provide examples of integrity monitoring alerts and responses?

Ask AI

Configure your API key to use AI features.