SI-3(6): Testing / Verification

Control Family:

System And Information Integrity

Parent Control:

SI-3: Malicious Code Protection

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SI-3(6): Testing and Verification

Control Statement

The organization:

Tests malicious code protection mechanisms [Assignment: organization-defined frequency] by introducing a known benign, non-spreading test case into the information system; and
Verifies that both detection of the test case and associated incident reporting occur.