Joint task force transformation initiative


SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES



Download 5.8 Mb.
Page157/186
Date31.01.2017
Size5.8 Mb.
#13082
1   ...   153   154   155   156   157   158   159   160   ...   186



SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES


Control: The organization:

  1. Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis;

  2. Generates internal security alerts, advisories, and directives as deemed necessary;

  3. Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and

  4. Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.

Supplemental Guidance: The United States Computer Emergency Readiness Team (US-CERT) generates security alerts and advisories to maintain situational awareness across the federal government. Security directives are issued by OMB or other designated organizations with the responsibility and authority to issue such directives. Compliance to security directives is essential due to the critical nature of many of these directives and the potential immediate adverse effects on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be implemented in a timely manner. External organizations include, for example, external mission/business partners, supply chain partners, external service providers, and other peer/supporting organizations. Related control: SI-2.

Control Enhancements:

  1. security alerts, advisories, and directives | automated alerts and advisories

The organization employs automated mechanisms to make security alert and advisory information available throughout the organization.

Supplemental Guidance: The significant number of changes to organizational information systems and the environments in which those systems operate requires the dissemination of security-related information to a variety of organizational entities that have a direct interest in the success of organizational missions and business functions. Based on the information provided by the security alerts and advisories, changes may be required at one or more of the three tiers related to the management of information security risk including the governance level, mission/business process/enterprise architecture level, and the information system level.

References: NIST Special Publication 800-40.

Priority and Baseline Allocation:

P1

LOW SI-5

MOD SI-5

HIGH SI-5 (1)



SI-6 SECURITY FUNCTION VERIFICATION


Control: The information system:

  1. Verifies the correct operation of [Assignment: organization-defined security functions];

  2. Performs this verification [Selection (one or more): [Assignment: organization-defined system transitional states]; upon command by user with appropriate privilege; [Assignment: organization-defined frequency]];

  3. Notifies [Assignment: organization-defined personnel or roles] of failed security verification tests; and

  4. [Selection (one or more): shuts the information system down; restarts the information system; [Assignment: organization-defined alternative action(s)]] when anomalies are discovered.

Supplemental Guidance: Transitional states for information systems include, for example, system startup, restart, shutdown, and abort. Notifications provided by information systems include, for example, electronic alerts to system administrators, messages to local computer consoles, and/or hardware indications such as lights. Related controls: CA-7, CM-6.

Control Enhancements:

  1. security function verification | notification of failed security tests

[Withdrawn: Incorporated into SI-6].

  1. security function verification | automation support for distributed testing

The information system implements automated mechanisms to support the management of distributed security testing.

Supplemental Guidance: Related control: SI-2.

  1. security function verification | report verification results

The organization reports the results of security function verification to [Assignment: organization-defined personnel or roles].

Supplemental Guidance: Organizational personnel with potential interest in security function verification results include, for example, senior information security officers, information system security managers, and information systems security officers. Related controls: SA-12, SI-4, SI-5.

References: None.

Priority and Baseline Allocation:

P1

LOW Not Selected

MOD Not Selected

Directory: publications
publications -> Acm word Template for sig site
publications ->  Preparation of Papers for ieee transactions on medical imaging
publications -> Adjih, C., Georgiadis, L., Jacquet, P., & Szpankowski, W. (2006). Multicast tree structure and the power law
publications -> Swiss Federal Institute of Technology (eth) Zurich Computer Engineering and Networks Laboratory
publications -> Quantitative skills
publications -> Multi-core cpu and gpu implementation of Discrete Periodic Radon Transform and Its Inverse
publications -> List of Publications Department of Mechanical Engineering ucek, jntu kakinada
publications -> 1. 2 Authority 1 3 Planning Area 1
publications -> Sa michelson, 2011: Impact of Sea-Spray on the Atmospheric Surface Layer. Bound. Layer Meteor., 140 ( 3 ), 361-381, doi: 10. 1007/s10546-011-9617-1, issn: Jun-14, ids: 807TW, sep 2011 Bao, jw, cw fairall, sa michelson

Download 5.8 Mb.

Share with your friends:
1   ...   153   154   155   156   157   158   159   160   ...   186



The database is protected by copyright ©ininet.org 2024
send message
    Main page
federal government
private sector
national institute
guidance provided