Software installed on the ca signing system is periodically checked for integrity by comparing strong cryptographic message digests. Firmware and hardware are not explicitly checked for correct operations.
