SI-06 Security and Privacy Function Verification
a. Verify the correct operation of si-6_prm_1;
b. Perform the verification of the functions specified in SI-6a si-06_odp.03;
c. Alert si-06_odp.06 to failed security and privacy verification tests; and
d. si-06_odp.07 when anomalies are discovered.
| Parameter ID | Definition |
|---|---|
| si-6_prm_1 | organization-defined security and privacy functions |
| si-06_odp.01 | security functions |
| si-06_odp.02 | privacy functions |
| si-06_odp.03 |
Selection (one-or-more):
|
| si-06_odp.04 | system transitional states |
| si-06_odp.05 | frequency |
| si-06_odp.06 | personnel or roles |
| si-06_odp.07 |
Selection (one-or-more):
|
| si-06_odp.08 | alternative action(s) |
Baselines
- L
- M
- H
- P
Guidance
Transitional states for systems include system startup, restart, shutdown, and abort. System notifications include hardware indicator lights, electronic alerts to system administrators, and messages to local computer consoles. In contrast to security function verification, privacy function verification ensures that privacy functions operate as expected and are approved by the senior agency official for privacy or that privacy attributes are applied or used as expected.
References 1
- OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.
Control Enhancements 3
- SI-06(01) Notification of Failed Security Tests
- SI-06(02) Automation Support for Distributed Testing L M H P
- SI-06(03) Report Verification Results L M H P
Related controls 4
- CA-07 Continuous Monitoring L M H P
- CM-04 Impact Analyses L M H P
- CM-06 Configuration Settings L M H P
- SI-07 Software, Firmware, and Information Integrity L M H P