Does your organization implement integrity checking mechanisms to verify the authenticity and integrity of software, firmware, and information?
Explanation
Integrity checking mechanisms help ensure that software, firmware, and information have not been tampered with or corrupted, either accidentally or maliciously.
These mechanisms typically use cryptographic hashes, digital signatures, or checksums to verify that data remains unchanged from its original state.
Without proper integrity verification, unauthorized modifications could introduce vulnerabilities, backdoors, or other security issues into your systems.
Evidence of compliance could include documentation of implemented integrity checking tools and processes (such as file integrity monitoring systems), logs showing regular integrity verification activities, code signing certificates and procedures, or configuration files for tools that perform hash verification before software installation or updates.
Context
- Function
- PR: PROTECT
- Category
- PR.DS: Data Security
- Sub-Category
- Integrity checking mechanisms are used to verify software, firmware, and information integrity
Related questions
- Does your organization implement cryptographic controls (encryption, digital signatures, hashing) to protect the confidentiality and integrity of stored data across all relevant storage systems?
- Is full disk encryption implemented on all user endpoints (laptops, desktops, mobile devices) that store company data?
- Does your organization validate digital signatures to verify the integrity and authenticity of software before installation or use?
- Does your organization have a policy and technical controls to restrict the use of removable media devices?
- Does your organization physically secure all removable media containing unencrypted sensitive information?
- Does your organization implement cryptographic controls to protect the confidentiality and integrity of network communications?

