Back

Respond when an integrity violation is detected, as necessary.


CONTROL ID
10678
CONTROL TYPE
Technical Security
CLASSIFICATION
Corrective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain incident response procedures., CC ID: 01206

This Control has the following implementation support Control(s):
  • Shut down systems when an integrity violation is detected, as necessary., CC ID: 10679
  • Restart systems when an integrity violation is detected, as necessary., CC ID: 10680


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • To prevent any defective data from entering systems, it is necessary to reinforce the functions for detecting and eliminating any defective data. (P6.1., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Perform automated port scans on a regular basis against all key servers and compared to a known effective baseline. If a change that is not listed on the organization’s approved baseline is discovered, an alert should be generated and reviewed. (Control 9.3, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
  • Perform automated port scans on a regular basis against all systems and alert if unauthorized ports are detected on a system. (CIS Control 9: Sub-Control 9.3 Perform Regular Automated Port Scans, CIS Controls, 7.1)
  • Perform automated port scans on a regular basis against all systems and alert if unauthorized ports are detected on a system. (CIS Control 9: Sub-Control 9.3 Perform Regular Automated Port Scans, CIS Controls, V7)
  • The information system automatically [Selection (one or more): shuts the information system down; restarts the information system; implements [Assignment: organization-defined security safeguards]] when integrity violations are discovered. (SI-7(5) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Detecting, preventing, and responding to attacks, intrusions, or other systems failures; and (Section 4.C ¶ 1(4)(c), Insurance Data Security Model Law, NAIC MDL-668, Q4 2017)
  • The agency shall implement an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery. Wherever feasible, the agency shall employ automated mechanisms to support the incident handling process. (§ 5.3.2.1 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • The information system automatically [Selection (one or more): shuts the information system down; restarts the information system; implements [Assignment: organization-defined security safeguards]] when integrity violations are discovered. (SI-7(5) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Automatically [Selection (one or more): shut the system down; restart the system; implement [Assignment: organization-defined controls]] when integrity violations are discovered. (SI-7(5) ¶ 1, FedRAMP Security Controls High Baseline, Version 5)
  • Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions]. (SI-7b., FedRAMP Security Controls High Baseline, Version 5)
  • Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions]. (SI-7b., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions]. (SI-7b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Automatically [Selection (one or more): shut the system down; restart the system; implement [Assignment: organization-defined controls]] when integrity violations are discovered. (SI-7(5) ¶ 1, Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions]. (SI-7b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions]. (SI-7b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions]. (SI-7b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Flow Down Controls)
  • Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions]. (SI-7b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions]. (SI-7b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • The information system automatically [Selection (one or more): shuts the information system down; restarts the information system; implements [Assignment: organization-defined security safeguards]] when integrity violations are discovered. (SI-7(5) ¶ 1 High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The information system automatically {implements organizationally documented security safeguards} when integrity violations are discovered. (SI-7(5), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The information system implements cryptographic mechanisms to detect unauthorized changes to software, firmware, and information. (SI-7(6), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The information system automatically {implements organizationally documented security safeguards} when integrity violations are discovered. (SI-7(5), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The information system automatically [Selection (one or more): shuts the information system down; restarts the information system; implements [Assignment: organization-defined security safeguards]] when integrity violations are discovered. (SI-7(5) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The information system automatically [Selection (one or more): shuts the information system down; restarts the information system; implements [Assignment: organization-defined security safeguards]] when integrity violations are discovered. (SI-7(5) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • [Selection (one or more): activates [Assignment: organization-defined alarm]; automatically shuts down the information system]. (SI-13(4)(b), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The information system, upon detection of a potential integrity violation, provides the capability to audit the event and initiates the following actions: [Selection (one or more): generates an audit record; alerts current user; alerts [Assignment: organization-defined personnel or roles]; [Assignme… (SI-7(8) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The information system implements cryptographic mechanisms to detect unauthorized changes to software, firmware, and information. (SI-7(6) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The information system invokes a [Selection: full system shutdown; partial system shutdown; degraded operational mode with limited mission/business functionality available] in the event of [Assignment: organization-defined audit failures], unless an alternate audit capability exists. (AU-5(4) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Invoke a [Selection: full system shutdown; partial system shutdown; degraded operational mode with limited mission or business functionality available] in the event of [Assignment: organization-defined audit logging failures], unless an alternate audit logging capability exists. (AU-5(4) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Automatically [Selection (one or more): shut the system down; restart the system; implement [Assignment: organization-defined controls]] when integrity violations are discovered. (SI-7(5) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Upon detection of a potential integrity violation, provide the capability to audit the event and initiate the following actions: [Selection (one or more): generate an audit record; alert current user; alert [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined othe… (SI-7(8) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Implement cryptographic mechanisms to detect unauthorized changes to software, firmware, and information. (SI-7(6) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions]. (SI-7b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • [Selection (one or more): Activate [Assignment: organization-defined alarm]; Automatically shut down the system; [Assignment: organization-defined action]]. (SI-13(4) ¶ 1(b), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Invoke a [Selection: full system shutdown; partial system shutdown; degraded operational mode with limited mission or business functionality available] in the event of [Assignment: organization-defined audit logging failures], unless an alternate audit logging capability exists. (AU-5(4) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Automatically [Selection (one or more): shut the system down; restart the system; implement [Assignment: organization-defined controls]] when integrity violations are discovered. (SI-7(5) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Upon detection of a potential integrity violation, provide the capability to audit the event and initiate the following actions: [Selection (one or more): generate an audit record; alert current user; alert [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined othe… (SI-7(8) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Implement cryptographic mechanisms to detect unauthorized changes to software, firmware, and information. (SI-7(6) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions]. (SI-7b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • [Selection (one or more): Activate [Assignment: organization-defined alarm]; Automatically shut down the system; [Assignment: organization-defined action]]. (SI-13(4) ¶ 1(b), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Detecting, preventing, and responding to attacks, intrusions, or other systems failures. (Section 27-62-4(c)(4) c., Code of Alabama, Title 27, Chapter 62, Sections 1-11, Insurance Data Security Law)
  • Detection, prevention and response to attacks, intrusions or other systems failures; (Part VI(c)(3)(D)(iii), Connecticut General Statutes, Title 38a, Chapter 697, Part VI, Section 38a-38, Insurance Data Security Law)
  • Detecting, preventing, and responding to an attack, intrusion, or other system failure. (§ 8604.(c)(4) c., Delaware Code, Title 18, Chapter 86, Sections 8601-8611, Insurance Data Security Act)
  • Detecting, preventing, and responding to attacks, intrusions, or other systems failures; and (§431:3B-202(b)(4)(C), Hawaii Revised Statute, Volume 9, Chapter 431, Article 3B, Sections 101-306, Insurance Data Security Law)
  • Procedures for detecting, preventing, and responding to cybersecurity events or other systems failures. (Sec. 17.(4)(C), Indiana Code, Title 27, Article 2, Chapter 27, Sections 1-32, Insurance Data Security)
  • Detection, prevention, and response to an attack, intrusion, or other system failure. (507F.4 3.d.(3), Iowa Code, Title XIII, Chapter 507F, Sections 1-16, Insurance Data Security)
  • Detecting, preventing, and responding to attacks, intrusions, or other systems failures. (§2504.C.(4)(c), Louisiana Revised Statutes, Title 22, Chapter 21, Sections 2501-2511, Insurance Data Security)
  • Detecting, preventing and responding to attacks, intrusions or other system failures; and (§2264 3.D.(3), Maine Revised Statutes, Title 24-A, Chapter 24-B, Sections 2261-2272, Maine Insurance Data Security Act)
  • Detecting, preventing, and responding to attacks, intrusions, or other systems failures. (Sec. 555.(3)(d)(iii), Michigan Compiled Laws, Chapter 5A Sections 550-565, Data Security)
  • detecting, preventing, and responding to attacks, intrusions, or other systems failures; and (§ 60A.9851 Subdivision 3(4)(iii), Minnesota Statutes, Chapter 60A, Sections 985 - 9857, Information Security Program)
  • Detecting, preventing and responding to attacks, intrusions or other systems failures; and (§ 83-5-807 (3)(d)(iii), Mississippi Code Annotated, Title 83, Chapter 5, Article 11, Sections 801 - 825, Insurance Data Security Law)
  • Detecting, preventing, and responding to attacks, intrusions, or other systems failures. (§ 420-P:4 III.(d)(3), New Hampshire Revised Statutes, Title XXXVIII, Chapter 420-P, Sections 1-14, Insurance Data Security Law)
  • Detecting, preventing, and responding to attacks, intrusions, or other systems failures; and (26.1-02.2-03. 3.d.(3), North Dakota Century Code, Title 26.1, Chapter 26.1‑02.2, Sections 1-11, Insurance Data Security)
  • Detecting, preventing, and responding to attacks, intrusions, or other systems failures. (Section 3965.02 (C)(4)(c), Ohio Revised Code, Title 39, Chapter 3965, Sections 1-11, Cybersecurity Requirements For Insurance Companies)
  • detecting, preventing, and responding to attacks, intrusions, or other systems failures; and (SECTION 38-99-20. (C)(4)(c), South Carolina Code of Laws, Title 38, Chapter 99, Sections 10-100, Insurance Data Security Act)
  • Detection, prevention, and response to attacks, intrusions, or other information systems failures; and (§ 56-2-1004 (3)(D)(iii), Tennessee Code Annotated, Title 56, Chapter 2, Part 10, Sections 1-11, Insurance Data Security Law)
  • Processes for detecting, preventing, and responding to attacks, intrusions, and other system failures. (§ 601.952(2)(c)3., Wisconsin Statutes, Chapter 601, Subchapter IX, Sections 95-956, Insurance Data Security)