The information system performs an integrity check of [Assignment: organization-defined software, firmware, and information] [Selection (one or more): at startup; at [Assignment: organization-defined transitional states or security-relevant events]; [Assignment: organization- defined frequency]].
Not appropriate for DoD to define for all CSP's infrastructure or service offerings
Not appropriate for DoD to define for all CSP's infrastructure or service offerings
Annually
Source:
DoD RMF TAG
Security-relevant events include, for example, the identification of a new threat to which organizational information systems are susceptible, and the installation of new hardware, software, or firmware. Transitional states include, for example, system startup, restart, shutdown, and abort.