NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-7(15)Code Authentication

Implement cryptographic mechanisms to authenticate the following software or firmware components prior to installation: {{ insert: param, si-07.15_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Cryptographic authentication includes verifying that software or firmware components have been digitally signed using certificates recognized and approved by organizations. Code signing is an effective method to protect against malicious code. Organizations that employ cryptographic mechanisms also consider cryptographic key management solutions.

Practitioner Notes

Verify the authenticity of code through digital signatures or other authentication mechanisms before allowing it to execute.

Example 1: Require Authenticode signatures on all executables in your environment. Configure GPO to only allow signed scripts (PowerShell execution policy set to AllSigned). Unsigned code is blocked from running.

Example 2: Verify GPG signatures on Linux packages before installation. Configure yum or apt to require signed packages and reject unsigned ones. Import only trusted GPG keys from verified sources.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status