SI-06 Security Functionality Verification
System and Information Integrity
Description
The information system verifies the correct operation of security functions [Selection (one or more): upon system startup and restart, upon command by user with appropriate privilege, periodically every [Assignment: organization-defined time-period]] and [Selection (one or more): notifies system administrator, shuts the system down, restarts the system] when anomalies are discovered.\n
Supplemental Guidance
The need to verify security functionality applies to all security functions. For those security functions that are not able to execute automated self-tests, the organization either implements compensating security controls or explicitly accepts the risk of not performing the verification as required.\n
Changes from Rev 4
Title changed from 'Security Function Verification' Control text changes 'Notifies' to 'Alert' Parameter adds 'and privacy' Discussion expanded to include privacy function verification
Enhancements
\n