Security Control SI-7 - Software, Firmware, and Information Integrity #130
Assignees
Comments
|
One strategy for the release assets might be to generate and add a checksums.txt file. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
a. Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information; and
b. Take the following actions when unauthorized changes to the software, firmware, and information are detected.
https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=SI-7
Implement mechanisms verify integrity of software and data that is deployed to the GC Cloud. @anthonyfok I know you've looked into this already for some assets so perhaps there is an issue related to this already. In any case, we need to enumerate the assets that need to have integrity verification and decide how to implement it. In general, this is a good practice. Not sure how to provide integrity verification for release assets, but that could be nice to have.
The text was updated successfully, but these errors were encountered: