NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-7(2)Automated Notifications of Integrity Violations

Employ automated tools that provide notification to {{ insert: param, si-07.02_odp }} upon discovering discrepancies during integrity verification.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

The employment of automated tools to report system and information integrity violations and to notify organizational personnel in a timely matter is essential to effective risk response. Personnel with an interest in system and information integrity violations include mission and business owners, system owners, senior agency information security official, senior agency official for privacy, system administrators, software developers, systems integrators, information security officers, and privacy officers.

Practitioner Notes

Automate notifications when integrity violations are detected so the security team is alerted immediately.

Example 1: Configure your FIM solution to send immediate email and SMS alerts to the security team when critical files are modified. Include the file path, what changed, the user/process that made the change, and a timestamp.

Example 2: Forward FIM alerts to your SIEM and create an automated response playbook. When a critical system binary is modified, the SIEM automatically opens an incident ticket, increases monitoring on the affected system, and notifies the incident response team.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status