SI-6: Security Function Verification
Control Family:
PF v1.0 References:
Threats Addressed:
Baselines:
- Low
N/A
- Moderate
N/A
- High
- SI-6
Next Version:
- NIST Special Publication 800-53 Revision 5:
- SI-6: Security and Privacy Function Verification
Control Statement
The information system:
- Verifies the correct operation of [Assignment: organization-defined security functions];
- Performs this verification [Selection (one or more): [Assignment: organization-defined system transitional states]; upon command by user with appropriate privilege; [Assignment: organization-defined frequency]];
- Notifies [Assignment: organization-defined personnel or roles] of failed security verification tests; and
- [Selection (one or more): shuts the information system down; restarts the information system; [Assignment: organization-defined alternative action(s)]] when anomalies are discovered.
Supplemental Guidance
Transitional states for information systems include, for example, system startup, restart, shutdown, and abort. Notifications provided by information systems include, for example, electronic alerts to system administrators, messages to local computer consoles, and/or hardware indications such as lights.
Control Enhancements
SI-6(2): Automation Support For Distributed Testing
Baseline(s):
The information system implements automated mechanisms to support the management of distributed security testing.
SI-6(3): Report Verification Results
Baseline(s):
The organization reports the results of security function verification to [Assignment: organization-defined personnel or roles].