System and Information Integrity: SP 800-171 Security Family 3.14
Integrity is defined as guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. It is the assertion that data can only be accessed or modified by the authorized employees. System and information integrity provides assurance that the information being accessed has not been meddled with or damaged by an error in the system. Examples of system and information integrity requirements include: flaw remediation, malicious code protection, security function verification, information input validation, error handling, non-persistence, and memory protection.
Companies should
• identify, report, and correct information and system flaws in a timely manner,
• provide protection from malicious code at appropriate locations within company systems, and
• monitor system security alerts and advisories and respond appropriately.
Related Articles
Systems and Communications Protection: SP 800-171 Security Family 3.13
System and communications protection requirements provide an array of safeguards for the system. Some of the requirements in this family address the confidentiality information at rest and in transit. The protection of confidentiality can be provided ...
Personnel Security: SP 800-171 Security Family 3.9
Users play a vital role in protecting a system as many important issues in information security involve users, designers, implementers, and managers. How these individuals interact with the system and the level of access they need to do their jobs ...
Security and Compliance Glossary of Terms
Access Control - The process of granting or denying specific requests to: 1) obtain and use information and related information processing services and 2) enter specific physical facilities (e.g., federal buildings, military ...
Security Assessment: SP 800-171 Security Family 3.12
A security requirement assessment is the testing and/or evaluation of the management, operational, and technical security requirements on a system to determine the extent to which the requirements are implemented correctly, operating as intended, and ...
CMMC CM.5.074 - Verify Software Integrity
Requirement text: CM.5.074: Verify the integrity and correctness of security critical or essential software as defined by the organization (e.g., roots of trust, formal verification, or cryptographic signatures). DISCUSSION FROM SOURCE: DRAFT NIST SP ...