SI-10(3): Predictable Behavior

Control Family:

System And Information Integrity

Parent Control:

SI-10: Information Input Validation

Priority:

P1: Implement P1 security controls first.

Threats Addressed:

Tampering
Information Disclosure
Denial of Service
Elevation of Privilege

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SI-10(3): Predictable Behavior

Control Statement

The information system behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

Supplemental Guidance

A common vulnerability in organizational information systems is unpredictable behavior when invalid inputs are received. This control enhancement ensures that there is predictable behavior in the face of invalid inputs by specifying information system responses that facilitate transitioning the system to known states without adverse, unintended side effects.