SI-06 Security Functionality Verification
Control: The information system verifies the correct operation of security functions [Selection (one or more): upon system startup and restart, upon command by user with appropriate privilege, periodically every [Assignment: organization-defined time-period]] and [Selection (one or more): notifies system administrator, shuts the system down, restarts the system] when anomalies are discovered.
Supplemental Guidance: The need to verify security functionality applies to all security functions. For those security functions that are not able to execute automated self-tests, the organization either implements compensating security controls or explicitly accepts the risk of not performing the verification as required.
(1) The organization employs automated mechanisms to provide notification of failed automated security tests.
(2) The organization employs automated mechanisms to support management of distributed security testing.
Baseline: LOW Not Selected MOD Not Selected HIGH SI-6
Family: System And Information Integrity
ISO 17799 mapping: None.
COBIT 4.1 mapping: None.
PCI-DSS v2 mapping: None.