>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-7 (07)Software, Firmware, and Information Integrity | Integration of Detection and Response

Moderate
High

>Control Description

Incorporate the detection of the following unauthorized changes into the organizational incident response capability: organization-defined security-relevant changes to the system.

>FedRAMP Baseline Requirements

No FedRAMP-specific parameter values or requirements for this baseline.

>Discussion

Integrating detection and response helps to ensure that detected events are tracked, monitored, corrected, and available for historical purposes. Maintaining historical records is important for being able to identify and discern adversary actions over an extended time period and for possible legal actions. Security-relevant changes include unauthorized changes to established configuration settings or the unauthorized elevation of system privileges.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern integration of detection and response?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to integration of detection and response issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What systems and events are monitored for integrity violations?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-7(7) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you provide examples of integrity monitoring alerts and responses?

Ask AI

Configure your API key to use AI features.