Back

Establish, implement, and maintain system and information integrity procedures.


CONTROL ID
14051
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a system and information integrity policy., CC ID: 14034

This Control has the following implementation support Control(s):
  • Disseminate and communicate the system and information integrity procedures to interested personnel and affected parties., CC ID: 14142


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Standard: Integrity. Implement policies and procedures to protect electronic protected health information from improper alteration or destruction. (§ 164.312(c)(1), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
  • Integrity controls (Addressable). Implement security measures to ensure that electronically transmitted electronic protected health information is not improperly modified without detection until disposed of. (§ 164.312(e)(2)(i), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • System and information integrity procedures [Assignment: at least annually or whenever a significant change occurs]. (SI-1b.2. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • System and information integrity procedures [FedRAMP Assignment: at least annually]. (SI-1b.2. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • System and information integrity procedures [FedRAMP Assignment: at least annually]. (SI-1b.2. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Review and update the policy and procedures [Assignment: organization-defined frequency]. (PM-17b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Review and update the policy and procedures [Assignment: organization-defined frequency]. (PM-17b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Review and update the policy and procedures [Assignment: organization-defined frequency]. (PM-17b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity controls; (SI-1a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]. (SI-1c.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • System and information integrity procedures [Assignment: organization-defined frequency]. (SI-1b.2., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., TX-RAMP Security Controls Baseline Level 1)
  • System and information integrity procedures [TX-RAMP Assignment: at least annually]. (SI-1b.2., TX-RAMP Security Controls Baseline Level 1)
  • Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls; and (SI-1a.2., TX-RAMP Security Controls Baseline Level 2)
  • System and information integrity procedures [TX-RAMP Assignment: at least annually]. (SI-1b.2., TX-RAMP Security Controls Baseline Level 2)