control_freak | Controls | SI-06 - Security and Privacy Function Verification

a. Verify the correct operation of si-6_prm_1;

b. Perform the verification of the functions specified in SI-6a si-06_odp.03;

c. Alert si-06_odp.06 to failed security and privacy verification tests; and

d. si-06_odp.07 when anomalies are discovered.

Parameter ID	Definition
si-6_prm_1	organization-defined security and privacy functions
si-06_odp.01	security functions
si-06_odp.02	privacy functions
si-06_odp.03	Selection (one-or-more): {{ insert: param si-06_odp.04 }} upon command by user with appropriate privilege {{ insert: param si-06_odp.05 }}
si-06_odp.04	system transitional states
si-06_odp.05	frequency
si-06_odp.06	personnel or roles
si-06_odp.07	Selection (one-or-more): shut the system down restart the system {{ insert: param si-06_odp.08 }}
si-06_odp.08	alternative action(s)

Baselines

Guidance

Transitional states for systems include system startup, restart, shutdown, and abort. System notifications include hardware indicator lights, electronic alerts to system administrators, and messages to local computer consoles. In contrast to security function verification, privacy function verification ensures that privacy functions operate as expected and are approved by the senior agency official for privacy or that privacy attributes are applied or used as expected.

References 1

OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.

Control Enhancements 3

SI-06(01) Notification of Failed Security Tests
SI-06(02) Automation Support for Distributed Testing L M H P
SI-06(03) Report Verification Results L M H P

Related controls 4

CA-07 Continuous Monitoring L M H P
CM-04 Impact Analyses L M H P
CM-06 Configuration Settings L M H P
SI-07 Software, Firmware, and Information Integrity L M H P

SI-06 Security and Privacy Function Verification

Baselines

Guidance

References 1

Control Enhancements 3

Related controls 4