NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-14(1)Refresh from Trusted Sources

Obtain software and data employed during system component and service refreshes from the following trusted sources: {{ insert: param, si-14.01_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Trusted sources include software and data from write-once, read-only media or from selected offline secure storage facilities.

Practitioner Notes

When refreshing components, only use trusted sources — known-good images, verified software repositories, or authenticated baselines.

Example 1: Store your golden images in a hardened, access-controlled repository. Before refreshing a system, verify the image's hash against the stored known-good value to ensure it has not been tampered with.

Example 2: For container-based deployments, only pull images from your private, trusted container registry. Configure Kubernetes admission controllers to reject images from public registries. Sign all images and verify signatures before deployment.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status