SC-16(1)—Integrity Verification
>Control Description
Verify the integrity of transmitted security and privacy attributes.
>Kubernetes Implementation Examples
# Verify integrity of transmitted attributes via signed JWT claims
apiVersion: security.istio.io/v1
kind: RequestAuthentication
metadata:
name: require-attribute-jwt
namespace: protected-workloads
spec:
selector:
matchLabels:
app: api
jwtRules:
- issuer: "https://issuer.example.com"
jwksUri: "https://issuer.example.com/.well-known/jwks.json"Source: SC-16(1): JWT Integrity Verification
>Cross-Framework Mappings
>Relevant Technologies
Technology-specific guidance with authoritative sources and verification commands.
>Supplemental Guidance
Part of verifying the integrity of transmitted information is ensuring that security and privacy attributes that are associated with such information have not been modified in an unauthorized manner. Unauthorized modification of security or privacy attributes can result in a loss of integrity for transmitted information.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of integrity verification?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-16(1)?
Technical Implementation:
- •How is integrity verification technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that integrity verification remains effective as the system evolves?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-16(1)?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
Ask AI
Configure your API key to use AI features.