Unauthorized changes to software, firmware, and information can occur due to errors or malicious activity. Software includes operating systems (with key internal components, such as kernels or drivers), middleware, and applications. Firmware interfaces include Unified Extensible Firmware Interface (UEFI) and Basic Input/Output System (BIOS). Information includes personally identifiable information and metadata that contains security and privacy attributes associated with information. Integrity-checking mechanisms—including parity checks, cyclical redundancy checks, cryptographic hashes, and associated tools—can automatically monitor the integrity of systems and hosted applications.
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| SI-7 | Software, Firmware, and Information Integrity | Protects | T1003 | OS Credential Dumping |
| SI-7 | Software, Firmware, and Information Integrity | Protects | T1003.003 | NTDS |
| SI-7 | Software, Firmware, and Information Integrity | Protects | T1020.001 | Traffic Duplication |
| SI-7 | Software, Firmware, and Information Integrity | Protects | T1027 | Obfuscated Files or Information |
| SI-7 | Software, Firmware, and Information Integrity | Protects | T1027.002 | Software Packing |
| SI-7 | Software, Firmware, and Information Integrity | Protects | T1036 | Masquerading |
| SI-7 | Software, Firmware, and Information Integrity | Protects | T1036.001 | Invalid Code Signature |
| SI-7 | Software, Firmware, and Information Integrity | Protects | T1036.005 | Match Legitimate Name or Location |
| SI-7 | Software, Firmware, and Information Integrity | Protects | T1037 | Boot or Logon Initialization Scripts |
| SI-7 | Software, Firmware, and Information Integrity | Protects | T1037.002 | Logon Script (Mac) |