SI-3(6): Testing and Verification

Control Family:

System and Information Integrity

Parent Control:

SI-3: Malicious Code Protection

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SI-3(6): Testing / Verification

Control Statement

Test malicious code protection mechanisms [Assignment: organization-defined frequency] by introducing known benign code into the system; and
Verify that the detection of the code and the associated incident reporting occur.

Supplemental Guidance

None.