home || catalog: SP800-53rev3 / class: Operational / family: (SI) System and Information Integrity ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA
SC
SI

SI-01
SI-02
SI-03
SI-04
SI-05
SI-06 *
SI-07
SI-08
SI-09
SI-10
SI-11
SI-12
SI-13
MMMMM

  SI-06: Security Functionality Verification  

base control objective:
The information system verifies the correct operation of security functions [Selection (one or more): [Assignment: organization-defined system transitional states]; upon command by user with appropriate privilege; periodically every [Assignment: organization-defined time-period]] and [Selection (one or more): notifies system administrator; shuts the system down; restarts the system] when anomalies are discovered.

supplemental objective information:
The need to verify security functionality applies to all security functions. For those security functions that are not able to execute automated self-tests, the organization either implements compensating security controls or explicitly accepts the risk of not performing the verification as required. Information system transitional states include, for example, startup, restart, shutdown, and abort.

enhancements to the base objective:

(1) The information system provides notification of failed automated security tests.

(2) The information system provides automated support for the management of distributed security testing.

(3) The organization reports the result of security function verification to designated organizational officials with information security responsibilities.
Enhancement Supplemental Guidance: Organizational officials with information security responsibilities include, for example, senior information security officers, information system security managers, and information systems security officers.

mapping to FIPS199 baseline:

  LOW: null     MOD: null     HIGH: base  

related (regimented) controls:

None.

documents referenced in SP800-53rev3 for SI-06:

Document Date Status Title
NIST SP800-85A March, 2009 current   PIV Card Application and Middleware Interface Test Guidelines (SP800-73 compliance)
NIST SP800-85B July, 2006 current   PIV Data Model Test Guidelines

Search SP800-53rev3 catalog: