System & Information Integrity (SI): Preventing Data Tampering & Security Risks

See below all the 7 controls

← or go back to the NIST SP 800-171 R2 Guide

Got questions? Contact our team today for a free CMMC Consultation

3.14.1

Implement tools and processes to detect, report, prioritize, and remediate known system vulnerabilities. Define timelines for applying patches based on severity and verify remediation through vulnerability scans or compliance tools.

More details

+
NIST 800-171 Control Identifier: 3.14.1
CMMC Control Identifier: SI.L1-3.14.1
Control CMMC Level: 1
Basic or Derived Security: Basic

Relevant NIST SP 800-53 R5

SI-2: System Flaw Remediation

SI-3: Malware Protection

SI-5: Security Advisories

Recommended Microsoft Licensing

Microsoft 365 E5 with GCC High

(includes Microsoft Defender Vulnerability Management and centralized alerting through Security Center)

3.14.2

Implement malware protection across designated system entry points (e.g., endpoints, email gateways, SharePoint, Teams). Use anti-malware tools capable of real-time detection, file scanning, and threat mitigation at these locations.

More details

+
NIST 800-171 Control Identifier: 3.14.2
CMMC Control Identifier: SI.L1-3.14.2
Control CMMC Level: 1
Basic or Derived Security: Basic

Relevant NIST SP 800-53 R5

SI-2: System Flaw Remediation

SI-3: Malware Protection

SI-5: Handling of Security Alerts and Advisories

Recommended Microsoft Licensing

Microsoft 365 E5 with GCC High

(includes Defender for Endpoint and Defender for Office 365 for multi-layer malware protection)

3.14.3

Monitor system security alerts and advisories and take action in response

More details

+
NIST 800-171 Control Identifier: 3.14.3
CMMC Control Identifier: SI.L2-3.14.3
Control CMMC Level: 2
Basic or Derived Security: Basic

Relevant NIST SP 800-53 R5

SI-2: Identify, report, and correct system flaws in a timely manner

SI-3: Detect, prevent, and respond to malware threats

SI-5: Receive, generate, disseminate, and act upon security alerts, advisories, and directives in a timely manner

Recommended Microsoft Licensing

Microsoft 365 E5 with GCC High

(includes Microsoft Defender and Threat Analytics Center for alert monitoring and automated threat response)

3.14.4

Ensure that malware protection mechanisms are updated automatically with the latest definitions, signatures, and detection engines. Updates should be applied promptly when released by the vendor to maintain continuous protection against emerging threats.

More details

+
NIST 800-171 Control Identifier: 3.14.4
CMMC Control Identifier: SI.L1-3.14.4
Control CMMC Level: 1
Basic or Derived Security: Derived

Relevant NIST SP 800-53 R5

SI-3: Detect, prevent, and respond to malware threats

Recommended Microsoft Licensing

Microsoft 365 E5 with GCC High

(includes Defender for Endpoint with automatic protection updates and cloud-based threat intelligence)

3.14.5

Implement both periodic and real-time malware scans on organizational systems. Ensure files from external sources (e.g., downloads, USB devices, email attachments) are scanned upon download, access, or execution.

More details

+
NIST 800-171 Control Identifier: 3.14.5
CMMC Control Identifier: SI.L1-3.14.5
Control CMMC Level: 1
Basic or Derived Security: Derived

Relevant NIST SP 800-53 R5

SI-3: Detect, prevent, and respond to malware threats

Recommended Microsoft Licensing

Microsoft 365 E5 with GCC High

(includes Defender for Endpoint P2 with real-time and scheduled scans, plus threat intelligence integration)

3.14.6

Continuously monitor organizational systems — including endpoint and network traffic—for signs of attack or compromise. Correlate log data with updated threat intelligence to detect, alert, and respond to suspicious activity in real time.

More details

+
NIST 800-171 Control Identifier: 3.14.6
CMMC Control Identifier: SI.L2-3.14.6
Control CMMC Level: 2
Basic or Derived Security: Derived

Relevant NIST SP 800-53 R5

AU-2: Event logging

AU-6: Audit Review and Analysis

SI-4: System Monitoring

SI-4 (4): Threat Intelligence Integration

Recommended Microsoft Licensing

Microsoft 365 E5 with GCC High

(includes Sentinel for threat correlation, Defender XDR for traffic and behavior analysis, and Audit Premium for event log centralization)

3.14.7

Detect and alert unauthorized use of organizational systems through audit log review, anomaly detection, and behavioral analysis. Monitoring must cover login attempts, role abuse, and unusual access patterns.

More details

+
NIST 800-171 Control Identifier: 3.14.7
CMMC Control Identifier: SI.L2-3.14.7
Control CMMC Level: 2
Basic or Derived Security: Derived

Relevant NIST SP 800-53 R5

SI-4: Monitor system activities to detect and respond to security incidents

Recommended Microsoft Licensing

Microsoft 365 E5 with GCC High

(includes Defender XDR for behavioral monitoring, Purview Audit Premium for audit log inspection, and Sentinel for SIEM correlation)

Microsoft Cloud for CMMC Compliance

Contact our team today

See how Agile IT's MSP for CMMC can strengthen your data security and allow your team to focus on your business's objectives and success.

Schedule a FREE
consultation