Establish, implement, and maintain system and information integrity procedures.
CONTROL ID 14051
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain a system and information integrity policy., CC ID: 14034
This Control has the following implementation support Control(s):
Disseminate and communicate the system and information integrity procedures to interested personnel and affected parties., CC ID: 14142
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
Standard: Integrity. Implement policies and procedures to protect electronic protected health information from improper alteration or destruction. (§ 164.312(c)(1), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
Integrity controls (Addressable). Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of. (§ 164.312(e)(2)(i), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
System and information integrity procedures [Assignment: at least annually or whenever a significant change occurs]. (SI-1b.2. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
System and information integrity procedures [FedRAMP Assignment: at least annually]. (SI-1b.2. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
System and information integrity procedures [FedRAMP Assignment: at least annually]. (SI-1b.2. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., FedRAMP Security Controls High Baseline, Version 5)
Procedures [FedRAMP Assignment: at least annually] and following [FedRAMP Assignment: significant changes]. (SI-1c.2., FedRAMP Security Controls High Baseline, Version 5)
Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., FedRAMP Security Controls Low Baseline, Version 5)
Procedures [FedRAMP Assignment: at least annually] and following [FedRAMP Assignment: significant changes]. (SI-1c.2., FedRAMP Security Controls Low Baseline, Version 5)
Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., FedRAMP Security Controls Moderate Baseline, Version 5)
Procedures [FedRAMP Assignment: at least annually] and following [FedRAMP Assignment: significant changes]. (SI-1c.2., FedRAMP Security Controls Moderate Baseline, Version 5)
Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
Review and update the policy and procedures [Assignment: organization-defined frequency]. (PM-17b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
Review and update the policy and procedures [Assignment: organization-defined frequency]. (PM-17b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
Review and update the policy and procedures [Assignment: organization-defined frequency]. (PM-17b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Review and update the policy and procedures [Assignment: organization-defined frequency]. (PM-17b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., TX-RAMP Security Controls Baseline Level 1)
System and information integrity procedures [TX-RAMP Assignment: at least annually]. (SI-1b.2., TX-RAMP Security Controls Baseline Level 1)
Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., TX-RAMP Security Controls Baseline Level 2)
System and information integrity procedures [TX-RAMP Assignment: at least annually]. (SI-1b.2., TX-RAMP Security Controls Baseline Level 2)