Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family SI

SI-7Software, Firmware, and Information Integrity

Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information: {{ insert: param, si-7_prm_1 }} ; and Take the following actions when unauthorized changes to the software, firmware, and information are detected: {{ insert: param, si-7_prm_2 }}.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: mostly · 5 mapping(s) from 2 framework(s): CSF 2.0 4 (mostly) · OWASP-Web 1 (partial)

See the full cumulative-coverage rollup →

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (207)

Weaknesses this control addresses (7)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-502Deserialization of Untrusted Data3,432Integrity verification of serialized information can detect tampering before deserialization occurs.
CWE-347Improper Verification of Cryptographic Signature842Integrity tools commonly rely on cryptographic signatures whose improper validation this weakness covers.
CWE-345Insufficient Verification of Data Authenticity699Mandates verification of data authenticity for software, firmware, and information.
CWE-494Download of Code Without Integrity Check252Explicitly detects code or firmware that was obtained or altered without an integrity check.
CWE-354Improper Validation of Integrity Check Value194Requires use of proper integrity verification tools, reducing the chance an incorrect check value is accepted.
CWE-506Embedded Malicious Code85Unauthorized insertion of malicious code into software or firmware is revealed by integrity monitoring.
CWE-353Missing Support for Integrity Check40Directly supplies the missing integrity verification mechanism the weakness describes.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
CVE-2025-15556 KEV10.07.50.0127good
CVE-2026-48027 KEV UPD10.09.80.0185good
CVE-2024-20359 KEV10.06.00.1699good
CVE-2022-40799 KEV10.08.80.3133good
CVE-2022-23748 KEV10.07.80.0909good
CVE-2021-44168 KEV10.03.30.0087good
CVE-2020-1464 KEV10.07.80.4113good
CVE-2012-0151 KEV10.07.80.8878good
CVE-2024-563367.09.80.0051good
CVE-2025-596957.09.80.0055good
CVE-2026-209977.09.80.0026good
CVE-2026-275107.09.60.0029good
CVE-2025-275937.09.30.0039good
CVE-2026-330267.09.10.0033good
CVE-2026-40372 UPD7.09.10.1120good
CVE-2019-252687.09.80.0037good
CVE-2025-50472 UPD7.09.80.0126good
CVE-2025-565137.09.80.0042good
CVE-2025-593347.09.60.0040good
CVE-2023-45217.09.80.3955good
CVE-2025-29331 UPD7.09.80.0039good
CVE-2025-05925.58.80.0033good
CVE-2026-44785.58.10.0027good
CVE-2025-10585.58.10.0022good
CVE-2026-400705.58.10.0014good

Other controls in family SI

SI-1 SI-10 SI-11 SI-12 SI-13 SI-14 SI-15 SI-16 SI-17 SI-18 SI-19 SI-2 SI-20 SI-21 SI-22 SI-23 SI-3 SI-4 SI-5 SI-6 SI-8 SI-9