NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-7(12)Integrity Verification

Require that the integrity of the following user-installed software be verified prior to execution: {{ insert: param, si-07.12_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Organizations verify the integrity of user-installed software prior to execution to reduce the likelihood of executing malicious code or programs that contains errors from unauthorized modifications. Organizations consider the source of the software, ensuring the software and updates come from authorized sources and/or sites, and the practicality of approaches to verifying software integrity, including the availability of trustworthy checksums from software developers and vendors.

Practitioner Notes

Verify the integrity of specific data elements — not just software files — to detect unauthorized modification of critical information.

Example 1: Implement database audit logging that tracks changes to critical data tables (user accounts, financial records, configuration data). Any modification is logged with the user, timestamp, old value, and new value. Alert on bulk modifications or changes from unexpected sources.

Example 2: Use blockchain or cryptographic hash chains to protect the integrity of audit logs and compliance records. Each entry is cryptographically linked to the previous entry, making it impossible to alter or delete records without detection.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status