home || catalog: SP800-53rev3 / class: Operational / family: (SI) System and Information Integrity ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA
SC
SI

SI-01
SI-02
SI-03
SI-04
SI-05 *
SI-06
SI-07
SI-08
SI-09
SI-10
SI-11
SI-12
SI-13
MMMMM

  SI-05: Security Alerts, Advisories and Directives  

base control objective:
The organization:
a. Receives information system security alerts, advisories, and directives from designated external organizations on an ongoing basis;
b. Generates internal security alerts, advisories, and directives as deemed necessary;
c. Disseminates security alerts, advisories, and directives to [Assignment: organization-defined list of personnel]; and
d. Implements security directives in accordance with established timeframes, or notifies the issuing organization of the degree of non-compliance.

supplemental objective information:
Security alerts and advisories are generated by the United States Computer Emergency Readiness Team (US-CERT) to maintain situational awareness across the federal government. Security directives are issued by OMB or other designated organization with the responsibility and authority to issue such directives. Compliance to security directives is essential due to the critical nature of many of these directives and the potential immediate adverse affects on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be implemented in a timely manner.

enhancements to the base objective:

(1) The organization employs automated mechanisms to make security alert and advisory information available throughout the organization as needed.

mapping to FIPS199 baseline:

  LOW: base     MOD: base     HIGH: base (1)  

related (regimented) controls:

None.

documents referenced in SP800-53rev3 for SI-05:

Document Date Status Title
NIST SP800-40 November, 2005 current   Creating a Patch and Vulnerability Management Program
NIST SP800-51 September, 2002 current   Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme
NIST SP800-61 August, 2012 current   Computer Security Incident Handling Guide

Search SP800-53rev3 catalog: