SI-3(6): Testing and Verification

CSF v1.1 References:


(Not part of any baseline)

Previous Version:

Control Statement

  1. Test malicious code protection mechanisms [Assignment: organization-defined frequency] by introducing known benign code into the system; and
  2. Verify that the detection of the code and the associated incident reporting occur.

Supplemental Guidance