SI-6 - Security and Privacy Function Verification
Control requirements
SI-6 (a)
Verify the correct operation of [Assignment: organization-defined security and privacy functions].
SI-6 (b)
Perform the verification of the functions specified in SI-6a [IBM Assignment: to include upon system startup and/or restart and at least monthly].
SI-6 (c)
Alert [IBM Assignment: to include system administrators and security personnel] to failed security and privacy verification tests.
SI-6 (d)
[IBM Assignment: to include notification of system administrators and security personnel] when anomalies are discovered.
Implementation guidance
See the resources that follow to learn more about how to implement this control.
NIST supplemental guidance
Transitional states for systems include system startup, restart, shutdown, and abort. System notifications include hardware indicator lights, electronic alerts to system administrators, and messages to local computer consoles. In contrast to security function verification, privacy function verification ensures that privacy functions operate as expected and are approved by the senior agency official for privacy or that privacy attributes are applied or used as expected.