Open jgb1128 opened 2 months ago
jgb1128
commented
1 month ago Possible answer: We mean integrity as defined in NIST SP 800-59: The term 'integrity' means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.
tstodart
commented
1 month ago We could also refer to the introduction to CC:2022 part 1 page ix, para 6: "The CC addresses the protection of assets from unauthorized disclosure, modification, or loss of use. The categories of protection relating to these three types of failure of security are commonly called confidentiality, integrity, and availability, respectively."
ISO 27001 refers to Information Integrity as one of the three principles, aka the CIA triad https://www.iso.org/standard/27001. A common term and definition in many ISO documents (https://www.iso.org/obp/ui#search) is "property that data has not been altered or destroyed in an unauthorized manner".
3rd paragraph of page 17 "This environment will establish controls provided by the CSP to ensure effective isolation to maintain the integrity of results." What exactly is meant by "integrity"? Do you mean comparability / transferability?