PR.DS-01.225

Does your organization validate digital signatures to verify the integrity and authenticity of software before installation or use?

Explanation

Digital signature validation ensures that software has not been tampered with and comes from a legitimate source. This process typically involves checking cryptographic signatures against trusted certificates or keys to confirm that code hasn't been modified since it was signed by the developer or publisher. Evidence could include documented procedures for signature verification, screenshots of signature validation processes, logs showing signature verification steps during software deployment, or configuration settings in deployment tools that enforce signature validation before installation.

Implementation Example

Confirm the integrity of software by validating signatures

ID: PR.DS-01.225

Context

Function: PR: PROTECT
Category: PR.DS: Data Security
Sub-Category: The confidentiality, integrity, and availability of data-at-rest are protected

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub