800-53|SI-7(5)

Title

AUTOMATED RESPONSE TO INTEGRITY VIOLATIONS

Description

The information system automatically [Selection (one or more): shuts the information system down; restarts the information system; implements [Assignment: organization-defined security safeguards]] when integrity violations are discovered.

Supplemental

Organizations may define different integrity checking and anomaly responses: (i) by type of information (e.g., firmware, software, user data); (ii) by specific information (e.g., boot firmware, boot firmware for a specific types of machines); or (iii) a combination of both. Automatic implementation of specific safeguards within organizational information systems includes, for example, reversing the changes, halting the information system, or triggering audit alerts when unauthorized modifications to critical security files occur.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
Big Sur - Ensure Secure Boot Level Set to Full	Unix	NIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Ensure Secure Boot Level Set to Full	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Ensure Secure Boot Level Set to Full	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Ensure Secure Boot Level Set to Full	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Ensure Secure Boot Level Set to Full	Unix	NIST macOS Catalina v1.5.0 - All Profiles
Catalina - Ensure Secure Boot Level Set to Full	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Ensure Secure Boot Level Set to Full	Unix	NIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Ensure Secure Boot Level Set to Full	Unix	NIST macOS Catalina v1.5.0 - 800-53r5 Moderate
DKER-EE-003610 - Only trusted, signed images must be on Universal Control Plane (UCP) in Docker Enterprise.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix v2r1
DKER-EE-004260 - Only trusted, signed images must be stored in Docker Trusted Registry (DTR) in Docker Enterprise.	Unix	DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r1
Monterey - Ensure Secure Boot Level Set to Full	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 Moderate
Monterey - Ensure Secure Boot Level Set to Full	Unix	NIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Ensure Secure Boot Level Set to Full	Unix	NIST macOS Monterey v1.0.0 - All Profiles
Monterey - Ensure Secure Boot Level Set to Full	Unix	NIST macOS Monterey v1.0.0 - 800-53r4 High

Detections

Analytics