NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-7(9)Verify Boot Process

Verify the integrity of the boot process of the following system components: {{ insert: param, si-07.09_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Ensuring the integrity of boot processes is critical to starting system components in known, trustworthy states. Integrity verification mechanisms provide a level of assurance that only trusted code is executed during boot processes.

Practitioner Notes

Verify the integrity of the boot process — from firmware through bootloader to operating system kernel — to detect rootkits and bootkits that hide below the OS level.

Example 1: Enable UEFI Secure Boot on all systems and verify it is active via GPO reporting or your asset management tool. Secure Boot checks digital signatures on every component in the boot chain, preventing unsigned or modified code from loading during startup.

Example 2: Use Windows Defender System Guard with hardware-based attestation. The TPM measures each boot component and reports the measurements to a cloud attestation service. If the boot chain has been tampered with, the attestation fails and the machine is flagged as potentially compromised.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status