UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

SI-6 SECURITY FUNCTION VERIFICATION


Overview

Number Title Impact Priority Subject Area
SI-6 Security Function Verification HIGH P1 System And Information Integrity

Instructions
The information system:
SI-6a.
Verifies the correct operation of Assignment: organization-defined security functions;
SI-6b.
Performs this verification Selection (one or more): Assignment: organization-defined system transitional states; upon command by user with appropriate privilege; Assignment: organization-defined frequency;
SI-6c.
Notifies Assignment: organization-defined personnel or roles of failed security verification tests; and
SI-6d.
Selection (one or more): shuts the information system down; restarts the information system; Assignment: organization-defined alternative action(s) when anomalies are discovered.
Guidance
Transitional states for information systems include, for example, system startup, restart, shutdown, and abort. Notifications provided by information systems include, for example, electronic alerts to system administrators, messages to local computer consoles, and/or hardware indications such as lights.

Enhancements
SI-6 (1) Notification Of Failed Security Tests

Withdrawn: Incorporated into SI-6.

SI-6 (2) Automation Support For Distributed Testing

The information system implements automated mechanisms to support for the management of distributed security testing.

SI-6 (3) Report Verification Results
Organizational personnel with potential interest in security function verification results include, for example, senior information security officers, information system security managers, and information systems security officers.

The organization reports the results of security function verification to Assignment: organization-defined personnel or roles.