Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >SP 800-53
  3. >System And Information Integrity
  4. >SP800-53-SI-2(7)
SP800-53-SI-2(7)Active

Root Cause Analysis

Statement

Conduct root cause analysis to identify underlying causes of issues or failures. Develop actions to address the root cause of the issue or failure. Implement the actions and monitor the implementation for effectiveness.

Location

Control Family
System and Information Integrity

Control Details

Identifier
SP800-53-SI-2(7)
Family
SI
Parent Control
SP800-53-SI-2

Supplemental Guidance

Root cause analysis includes a wide range of approaches, tools, and techniques to systematically identify the underlying cause of issues or failures to systems and systems components (hardware, software, and firmware). Organizations consider the severity of the incident to determine what root cause analysis method is used and how quickly implementation of the remediation actions. The root cause analysis includes a timeline, missed warning signs, key decisions, gaps, mitigations, and verification of effectiveness. The actions identified to address the source of the issue are implemented and integrated into applicable organizational policy, procedures, and control implementation.

Assessment Objective

Determine if: Root cause analysis is conducted to identify underlying causes of issues or failures Actions to address the root cause of the issue of failure are developed The actions (defined in SI-02(07)b.) are implemented The implementation of actions is monitored for effectiveness.

No cross-framework mappings available

← Back to System and Information Integrity
System and Information Integrity119 controls
SP800-53-SI-1Policy and ProceduresSP800-53-SI-2Flaw RemediationSP800-53-SI-2(1)Central ManagementSP800-53-SI-2(2)Automated Flaw Remediation StatusSP800-53-SI-2(3)Time to Remediate Flaws and Benchmarks for Corrective ActionsSP800-53-SI-2(4)Automated Patch Management ToolsSP800-53-SI-2(5)Automatic Software and Firmware UpdatesSP800-53-SI-2(6)Removal of Previous Versions of Software and FirmwareSP800-53-SI-2(7)Root Cause AnalysisSP800-53-SI-3Malicious Code ProtectionSP800-53-SI-3(1)Central ManagementSP800-53-SI-3(2)Automatic UpdatesSP800-53-SI-3(3)Non-privileged UsersSP800-53-SI-3(4)Updates Only by Privileged UsersSP800-53-SI-3(5)Portable Storage DevicesSP800-53-SI-3(6)Testing and VerificationSP800-53-SI-3(7)Nonsignature-based DetectionSP800-53-SI-3(8)Detect Unauthorized CommandsSP800-53-SI-3(9)Authenticate Remote CommandsSP800-53-SI-3(10)Malicious Code AnalysisSP800-53-SI-4System MonitoringSP800-53-SI-4(1)System-wide Intrusion Detection SystemSP800-53-SI-4(2)Automated Tools and Mechanisms for Real-time AnalysisSP800-53-SI-4(3)Automated Tool and Mechanism IntegrationSP800-53-SI-4(4)Inbound and Outbound Communications TrafficSP800-53-SI-4(5)System-generated AlertsSP800-53-SI-4(6)Restrict Non-privileged UsersSP800-53-SI-4(7)Automated Response to Suspicious EventsSP800-53-SI-4(8)Protection of Monitoring InformationSP800-53-SI-4(9)Testing of Monitoring Tools and MechanismsSP800-53-SI-4(10)Visibility of Encrypted CommunicationsSP800-53-SI-4(11)Analyze Communications Traffic AnomaliesSP800-53-SI-4(12)Automated Organization-generated AlertsSP800-53-SI-4(13)Analyze Traffic and Event PatternsSP800-53-SI-4(14)Wireless Intrusion DetectionSP800-53-SI-4(15)Wireless to Wireline CommunicationsSP800-53-SI-4(16)Correlate Monitoring InformationSP800-53-SI-4(17)Integrated Situational AwarenessSP800-53-SI-4(18)Analyze Traffic and Covert ExfiltrationSP800-53-SI-4(19)Risk for IndividualsSP800-53-SI-4(20)Privileged UsersSP800-53-SI-4(21)Probationary PeriodsSP800-53-SI-4(22)Unauthorized Network ServicesSP800-53-SI-4(23)Host-based DevicesSP800-53-SI-4(24)Indicators of CompromiseSP800-53-SI-4(25)Optimize Network Traffic AnalysisSP800-53-SI-5Security Alerts, Advisories, and DirectivesSP800-53-SI-5(1)Automated Alerts and AdvisoriesSP800-53-SI-6Security and Privacy Function VerificationSP800-53-SI-6(1)Notification of Failed Security TestsSP800-53-SI-6(2)Automation Support for Distributed TestingSP800-53-SI-6(3)Report Verification ResultsSP800-53-SI-7Software, Firmware, and Information IntegritySP800-53-SI-7(1)Integrity ChecksSP800-53-SI-7(2)Automated Notifications of Integrity ViolationsSP800-53-SI-7(3)Centrally Managed Integrity ToolsSP800-53-SI-7(4)Tamper-evident PackagingSP800-53-SI-7(5)Automated Response to Integrity ViolationsSP800-53-SI-7(6)Cryptographic ProtectionSP800-53-SI-7(7)Integration of Detection and ResponseSP800-53-SI-7(8)Auditing Capability for Significant EventsSP800-53-SI-7(9)Verify Boot ProcessSP800-53-SI-7(10)Protection of Boot FirmwareSP800-53-SI-7(11)Confined Environments with Limited PrivilegesSP800-53-SI-7(12)Integrity VerificationSP800-53-SI-7(13)Code Execution in Protected EnvironmentsSP800-53-SI-7(14)Binary or Machine Executable CodeSP800-53-SI-7(15)Code AuthenticationSP800-53-SI-7(16)Time Limit on Process Execution Without SupervisionSP800-53-SI-7(17)Runtime Application Self-protectionSP800-53-SI-8Spam ProtectionSP800-53-SI-8(1)Central ManagementSP800-53-SI-8(2)Automatic UpdatesSP800-53-SI-8(3)Continuous Learning CapabilitySP800-53-SI-9Information Input RestrictionsSP800-53-SI-10Information Input ValidationSP800-53-SI-10(1)Manual Override CapabilitySP800-53-SI-10(2)Review and Resolve ErrorsSP800-53-SI-10(3)Predictable BehaviorSP800-53-SI-10(4)Timing InteractionsSP800-53-SI-10(5)Restrict Inputs to Trusted Sources and Approved FormatsSP800-53-SI-10(6)Injection PreventionSP800-53-SI-11Error HandlingSP800-53-SI-12Information Management and RetentionSP800-53-SI-12(1)Limit Personally Identifiable Information ElementsSP800-53-SI-12(2)Minimize Personally Identifiable Information in Testing, Training, and ResearchSP800-53-SI-12(3)Information DisposalSP800-53-SI-13Predictable Failure PreventionSP800-53-SI-13(1)Transferring Component ResponsibilitiesSP800-53-SI-13(2)Time Limit on Process Execution Without SupervisionSP800-53-SI-13(3)Manual Transfer Between ComponentsSP800-53-SI-13(4)Standby Component Installation and NotificationSP800-53-SI-13(5)Failover CapabilitySP800-53-SI-14Non-persistenceSP800-53-SI-14(1)Refresh from Trusted SourcesSP800-53-SI-14(2)Non-persistent InformationSP800-53-SI-14(3)Non-persistent ConnectivitySP800-53-SI-15Information Output FilteringSP800-53-SI-16Memory ProtectionSP800-53-SI-17Fail-safe ProceduresSP800-53-SI-18Personally Identifiable Information Quality OperationsSP800-53-SI-18(1)Automation SupportSP800-53-SI-18(2)Data TagsSP800-53-SI-18(3)CollectionSP800-53-SI-18(4)Individual RequestsSP800-53-SI-18(5)Notice of Correction or DeletionSP800-53-SI-19De-identificationSP800-53-SI-19(1)CollectionSP800-53-SI-19(2)ArchivingSP800-53-SI-19(3)ReleaseSP800-53-SI-19(4)Removal, Masking, Encryption, Hashing, or Replacement of Direct IdentifiersSP800-53-SI-19(5)Statistical Disclosure ControlSP800-53-SI-19(6)Differential PrivacySP800-53-SI-19(7)Validated Algorithms and SoftwareSP800-53-SI-19(8)Motivated IntruderSP800-53-SI-20TaintingSP800-53-SI-21Information RefreshSP800-53-SI-22Information DiversitySP800-53-SI-23Information Fragmentation