SI-7: Software, Firmware, and Information Integrity
From NIST's SP800-53:
a. Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information: [Assignment: organization-defined software, firmware, and information]; and b. Take the following actions when unauthorized changes to the software, firmware, and information are detected: [Assignment: organization-defined actions].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1491.001 | Internal Defacement | Impact |
| T1552.004 | Private Keys | Credential Access |
| T1218.001 | Compiled HTML File | Defense Evasion |
| T1553.005 | Mark-of-the-Web Bypass | Defense Evasion |
| T1547.003 | Time Providers | Persistence, Privilege Escalation |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1558 | Steal or Forge Kerberos Tickets | Credential Access |
| T1037.004 | RC Scripts | Persistence, Privilege Escalation |
| T1195.003 | Compromise Hardware Supply Chain | Initial Access |
| T1574.013 | KernelCallbackTable | Defense Evasion, Persistence, Privilege Escalation |
| T1553.006 | Code Signing Policy Modification | Defense Evasion |
| T1491 | Defacement | Impact |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1059.008 | Network Device CLI | Execution |
| T1218.009 | Regsvcs/Regasm | Defense Evasion |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1218.014 | MMC | Defense Evasion |
| T1119 | Automated Collection | Collection |
| T1222 | File and Directory Permissions Modification | Defense Evasion |
| T1565.002 | Transmitted Data Manipulation | Impact |
| T1546.006 | LC_LOAD_DYLIB Addition | Persistence, Privilege Escalation |
| T1020.001 | Traffic Duplication | Exfiltration |
| T1114.002 | Remote Email Collection | Collection |
| T1219 | Remote Access Software | Command and Control |
| T1176 | Browser Extensions | Persistence |
| T1574 | Hijack Execution Flow | Defense Evasion, Persistence, Privilege Escalation |
| T1548.004 | Elevated Execution with Prompt | Defense Evasion, Privilege Escalation |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1070.001 | Clear Windows Event Logs | Defense Evasion |
| T1599 | Network Boundary Bridging | Defense Evasion |
| T1574.006 | Dynamic Linker Hijacking | Defense Evasion, Persistence, Privilege Escalation |
| T1542.001 | System Firmware | Defense Evasion, Persistence |
| T1216.001 | PubPrn | Defense Evasion |
| T1070.008 | Clear Mailbox Data | Defense Evasion |
| T1505.001 | SQL Stored Procedures | Persistence |
| T1037.002 | Login Hook | Persistence, Privilege Escalation |
| T1495 | Firmware Corruption | Impact |
| T1547.002 | Authentication Package | Persistence, Privilege Escalation |
| T1569 | System Services | Execution |
| T1486 | Data Encrypted for Impact | Impact |
| T1059.007 | JavaScript | Execution |
| T1037.005 | Startup Items | Persistence, Privilege Escalation |
| T1221 | Template Injection | Defense Evasion |
| T1136.002 | Domain Account | Persistence |
| T1218.004 | InstallUtil | Defense Evasion |
| T1491.002 | External Defacement | Impact |
| T1569.002 | Service Execution | Execution |
| T1059.006 | Python | Execution |
| T1129 | Shared Modules | Execution |
| T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |