System and Information Integrity

System and information integrity is the security objective of ensuring that systems operate correctly, software is free from unauthorized modifications, and data remains accurate and complete. It covers flaw remediation (patching), malware protection, security monitoring, software integrity verification, and information input validation.

Maintaining integrity means your systems do what they're supposed to do, your data is accurate, and unauthorized changes are detected quickly. This includes monitoring for unauthorized software installations, verifying the integrity of critical files, and ensuring security tools are functioning correctly.

Why It Matters

System and information integrity is a CMMC domain with requirements for patching, malware protection, monitoring, and alerting. Assessors will verify that you're actively maintaining the integrity of your systems and detecting when something changes unexpectedly.

Related Resources

NIST 800-171: 3.14.1
NIST 800-171: 3.14.2
NIST 800-171: 3.14.3
NIST 800-171: 3.14.4
NIST 800-171: 3.14.5
NIST 800-171: 3.14.6
NIST 800-171: 3.14.7
NIST 800-53: SI-1