SI-3(6): Testing / Verification

CSF v1.1 References:


(Not part of any baseline)

Next Version:

Control Statement

The organization:

  1. Tests malicious code protection mechanisms [Assignment: organization-defined frequency] by introducing a known benign, non-spreading test case into the information system; and
  2. Verifies that both detection of the test case and associated incident reporting occur.