SI-06 Security Functionality Verification

    Control: The information system verifies the correct operation of security functions [Selection (one or more): upon system startup and restart, upon command by user with appropriate privilege, periodically every [Assignment: organization-defined time-period]] and [Selection (one or more): notifies system administrator, shuts the system down, restarts the system] when anomalies are discovered.

    Supplemental Guidance: The need to verify security functionality applies to all security functions. For those security functions that are not able to execute automated self-tests, the organization either implements compensating security controls or explicitly accepts the risk of not performing the verification as required.

    Control Enhancements:

    (1) The organization employs automated mechanisms to provide notification of failed automated security tests.

    (2) The organization employs automated mechanisms to support management of distributed security testing.

    Baseline: LOW Not Selected MOD Not Selected HIGH SI-6

    Family: System And Information Integrity

    Class: Operational

    ISO 17799 mapping: None.

    COBIT 4.1 mapping: None.

    PCI-DSS v2 mapping: None.