Definitions[edit | edit source]
Computer security[edit | edit source]
|“||the assurance that data are protected against unauthorized modification or destruction of information.||”|
|“||[the] assurance that a message was not modified accidentally or deliberately in transit, by replacement, insertion or deletion.||”|
|“||[g]uarding against improper information modification or destruction; includes ensuring the non-repudiation and authenticity of information.||”|
|“||[the q]uality of an IS (information system) reflecting the logical correctness and reliability of the operating system; the logical completeness of the hardware and software implementing the protection mechanisms; and the consistency of the data structures and occurrence of the stored data.||”|
|“||the property that data or information have not been altered or destroyed in an unauthorized manner.||”|
|“||the state that exists when information is unchanged from its source and has not been accidentally or intentionally modified, altered, or destroyed.||”|
|“||[t]he property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner.||”|
Copyright[edit | edit source]
See Right of integrity.
FISMA[edit | edit source]
Under the Federal Information Security Management Act of 2002, integrity means
|“||guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.||”|
General[edit | edit source]
Integrity is "[s]ound, unimpaired or perfect condition."
Information[edit | edit source]
|“||the security of information — protection of the information from unauthorized unanticipated, or unintentional modification — to prevent information from being compromised through corruption or falsification.||”|
Office of Management and Budget[edit | edit source]
Integrity refers to
|“||the security of information — protection of the information from unauthorized access or revision, to ensure that the information is not compromised through corruption or falsification.||”|
Overview[edit | edit source]
Integrity is the attribute of information that addresses its authenticity, correctness, and reliability. Protecting and monitoring information integrity are the goals of technologies and tools that prevent tampering and detect unauthorized modification or destruction of information.
Information integrity is a prerequisite for trust throughout the IT infrastructure. Without integrity, data, information, messages, and systems cannot be trusted. Without trust in the underlying information, higher-level functionalities, including measures to protect and safeguard the system itself, cannot be relied upon.
Data integrity assures that unauthorized modification of a system’s data resources is detected and that messages or data in transit, including headers and content, are unchanged between the data’s source and destination. Data resources include system configurations, data structures, the code controlling the behavior of the operating system, and other system or application software. Integrity controls also provide non-repudiation — that is, proof of the origin and integrity of data that can be verified by a third party, which prevents an entity from successfully denying involvement in a previous action. Integrity is necessary for a system to provide reliable services, including security services. Many attacks begin by undermining system integrity.
Information integrity can be compromised through accidental or intentional action by system developers, system administrators, operations and maintenance staff, end users, routine equipment failures, or malicious actors.
References[edit | edit source]
- Information Security: Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology, at 72.
- NIST Special Publication 800-2.
- Cybersecurity A Primer for State Utility Regulators, App. B.
- CNSSI 4009.
- 45 C.F.R. §164.304.
- Executive Order 13526, at §6.1(w).
- NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
- 44 U.S.C. §3542(b)(1)(A).
- Glossary of Computer Security Terms.
- Final Office of Management and Budget Information Quality Guidelines, at 4.
- Guidelines for Ensuring and Maximizing the Quality, Objectivity, Utility, and Integrity of Information Disseminated by Federal Agencies; Republication, at 8460.