SI 6 SECURITY AND PRIVACY FUNCTION VERIFICATION - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

SI-6 SECURITY AND PRIVACY FUNCTION VERIFICATION

Control:

  • a. Verify the correct operation of [ Assignment: organization-defined security and privacy functions ];
  • b. Perform the verification of the functions specified in SI-6a [ Selection (one or more): [ Assignment: organization-defined system transitional states ] ; upon command by user with appropriate privilege; [ Assignment: organization-defined frequency ]];
  • c. Alert [ Assignment: organization-defined personnel or roles ] to failed security and privacy verification tests; and
  • d. [ Selection (one or more): Shut the system down; Restart the system; [ Assignment: organization-defined alternative action(s) ]] when anomalies are discovered.

Discussion: Transitional states for systems include system startup, restart, shutdown, and abort. System notifications include hardware indicator lights, electronic alerts to system administrators, and messages to local computer consoles. In contrast to security function verification, privacy function verification ensures that privacy functions operate as expected and are approved by the senior agency official for privacy or that privacy attributes are applied or used as expected.

Related Controls: CA-7 , CM-4 , CM-6 , SI-7.

Control Enhancements:

  • (1) SECURITY AND PRIVACY FUNCTION VERIFICATION / NOTIFICATION OF FAILED SECURITY TESTS
    [Withdrawn: Incorporated into SI-6 .]

  • (2) SECURITY AND PRIVACY FUNCTION VERIFICATION / AUTOMATION SUPPORT FOR DISTRIBUTED TESTING
    Implement automated mechanisms to support the management of distributed security and privacy function testing.

    Discussion: The use of automated mechanisms to support the management of distributed function testing helps to ensure the integrity, timeliness, completeness, and efficacy of such testing.

    Related Controls: SI-2.

  • (3) SECURITY AND PRIVACY FUNCTION VERIFICATION / REPORT VERIFICATION RESULTS
    Report the results of security and privacy function verification to [ Assignment: organization-defined personnel or roles ].

    Discussion: Organizational personnel with potential interest in the results of the verification of security and privacy functions include systems security officers, senior agency information security officers, and senior agency officials for privacy.

    Related Controls: SI-4 , SR-4 , SR-5.

References: [OMB A-130 ].

⚠️ **GitHub.com Fallback** ⚠️