SPARC

System and Information Integrity

Catalog: NIST Special Publication 800-53 Revision 4: Security and Privacy Controls for Federal Information Systems and Organizations | Controls: 148

← Back to Catalog

Control ID

Title / Statement

Priority

Baseline Impact

SI-1

System and Information Integrity Policy and Procedures 3 params

The organization: a. Develops, documents, and disseminates to {{ insert: param, si-1_prm_1 }}: 1. A system and information integrity policy that addresses purpose, scope, roles, responsibilit...

► View parameters

Param ID	Label	Constraint / Choices
si-1_prm_1	organization-defined personnel or roles	Organization-defined
si-1_prm_2	organization-defined frequency	Organization-defined
si-1_prm_3	organization-defined frequency	Organization-defined

—

SI-2

Flaw Remediation 1 param

The organization: a. Identifies, reports, and corrects information system flaws; b. Tests software and firmware updates related to flaw remediation for effectiveness and potential side effects ...

► View parameters

Param ID	Label	Constraint / Choices
si-2_prm_1	organization-defined time period	Organization-defined

—

SI-2(1)

Central Management

The organization centrally manages the flaw remediation process.

—

SI-2(2)

Automated Flaw Remediation Status 1 param

The organization employs automated mechanisms {{ insert: param, si-2.2_prm_1 }} to determine the state of information system components with regard to flaw remediation.

► View parameters

Param ID	Label	Constraint / Choices
si-2.2_prm_1	organization-defined frequency	Organization-defined

—

SI-2(3)

Time to Remediate Flaws / Benchmarks for Corrective Actions 1 param

The organization: (a) Measures the time between flaw identification and flaw remediation; and (b) Establishes {{ insert: param, si-2.3_prm_1 }} for taking corrective actions.

► View parameters

Param ID	Label	Constraint / Choices
si-2.3_prm_1	organization-defined benchmarks	Organization-defined

—

SI-2(4)

Automated Patch Management Tools

—

SI-2(5)

Automatic Software / Firmware Updates 2 params

The organization installs {{ insert: param, si-2.5_prm_1 }} automatically to {{ insert: param, si-2.5_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-2.5_prm_1	organization-defined security-relevant software and firmware updates	Organization-defined
si-2.5_prm_2	organization-defined information system components	Organization-defined

—

SI-2(6)

Removal of Previous Versions of Software / Firmware 1 param

The organization removes {{ insert: param, si-2.6_prm_1 }} after updated versions have been installed.

► View parameters

Param ID	Label	Constraint / Choices
si-2.6_prm_1	organization-defined software and firmware components	Organization-defined

—

SI-3

Malicious Code Protection 4 params

The organization: a. Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; b. Updates malicious code protection mechan...

► View parameters

Param ID	Label	Constraint / Choices
si-3_prm_1	organization-defined frequency	Organization-defined
si-3_prm_2		Select one-or-more: endpoint; network entry/exit points
si-3_prm_3		Select one-or-more: block malicious code; quarantine malicious code; send alert to administrator; {{ insert: param, si-3_prm_4 }}
si-3_prm_4	organization-defined action	Organization-defined

—

SI-3(1)

Central Management

The organization centrally manages malicious code protection mechanisms.

—

SI-3(2)

Automatic Updates

The information system automatically updates malicious code protection mechanisms.

—

SI-3(3)

Non-privileged Users

—

SI-3(4)

Updates Only by Privileged Users

The information system updates malicious code protection mechanisms only when directed by a privileged user.

—

SI-3(5)

Portable Storage Devices

—

SI-3(6)

Testing / Verification 1 param

The organization: (a) Tests malicious code protection mechanisms {{ insert: param, si-3.6_prm_1 }} by introducing a known benign, non-spreading test case into the information system; and (b) Ve...

► View parameters

Param ID	Label	Constraint / Choices
si-3.6_prm_1	organization-defined frequency	Organization-defined

—

SI-3(7)

Nonsignature-based Detection

The information system implements nonsignature-based malicious code detection mechanisms.

—

SI-3(8)

Detect Unauthorized Commands 3 params

The information system detects {{ insert: param, si-3.8_prm_1 }} through the kernel application programming interface at {{ insert: param, si-3.8_prm_2 }} and {{ insert: param, si-3.8_prm_3 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-3.8_prm_1	organization-defined unauthorized operating system commands	Organization-defined
si-3.8_prm_2	organization-defined information system hardware components	Organization-defined
si-3.8_prm_3		Select one-or-more: issues a warning; audits the command execution; prevents the execution of the command

—

SI-3(9)

Authenticate Remote Commands 2 params

The information system implements {{ insert: param, si-3.9_prm_1 }} to authenticate {{ insert: param, si-3.9_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-3.9_prm_1	organization-defined security safeguards	Organization-defined
si-3.9_prm_2	organization-defined remote commands	Organization-defined

—

SI-3(10)

Malicious Code Analysis 1 param

The organization: (a) Employs {{ insert: param, si-3.10_prm_1 }} to analyze the characteristics and behavior of malicious code; and (b) Incorporates the results from malicious code analysis int...

► View parameters

Param ID	Label	Constraint / Choices
si-3.10_prm_1	organization-defined tools and techniques	Organization-defined

—

SI-4

Information System Monitoring 6 params

The organization: a. Monitors the information system to detect: 1. Attacks and indicators of potential attacks in accordance with {{ insert: param, si-4_prm_1 }}; and 2. Unauthorized loca...

► View parameters

Param ID	Label	Constraint / Choices
si-4_prm_1	organization-defined monitoring objectives	Organization-defined
si-4_prm_2	organization-defined techniques and methods	Organization-defined
si-4_prm_3	organization-defined information system monitoring information	Organization-defined
si-4_prm_4	organization-defined personnel or roles	Organization-defined
si-4_prm_5		Select one-or-more: as needed; {{ insert: param, si-4_prm_6 }}
si-4_prm_6	organization-defined frequency	Organization-defined

—

SI-4(1)

System-wide Intrusion Detection System

The organization connects and configures individual intrusion detection tools into an information system-wide intrusion detection system.

—

SI-4(2)

Automated Tools for Real-time Analysis

The organization employs automated tools to support near real-time analysis of events.

—

SI-4(3)

Automated Tool Integration

The organization employs automated tools to integrate intrusion detection tools into access control and flow control mechanisms for rapid response to attacks by enabling reconfiguration of these me...

—

SI-4(4)

Inbound and Outbound Communications Traffic 1 param

The information system monitors inbound and outbound communications traffic {{ insert: param, si-4.4_prm_1 }} for unusual or unauthorized activities or conditions.

► View parameters

Param ID	Label	Constraint / Choices
si-4.4_prm_1	organization-defined frequency	Organization-defined

—

SI-4(5)

System-generated Alerts 2 params

The information system alerts {{ insert: param, si-4.5_prm_1 }} when the following indications of compromise or potential compromise occur: {{ insert: param, si-4.5_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-4.5_prm_1	organization-defined personnel or roles	Organization-defined
si-4.5_prm_2	organization-defined compromise indicators	Organization-defined

—

SI-4(6)

Restrict Non-privileged Users

—

SI-4(7)

Automated Response to Suspicious Events 2 params

The information system notifies {{ insert: param, si-4.7_prm_1 }} of detected suspicious events and takes {{ insert: param, si-4.7_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-4.7_prm_1	organization-defined incident response personnel (identified by name and/or by role)	Organization-defined
si-4.7_prm_2	organization-defined least-disruptive actions to terminate suspicious events	Organization-defined

—

SI-4(8)

Protection of Monitoring Information

—

SI-4(9)

Testing of Monitoring Tools 1 param

The organization tests intrusion-monitoring tools {{ insert: param, si-4.9_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-4.9_prm_1	organization-defined frequency	Organization-defined

—

SI-4(10)

Visibility of Encrypted Communications 2 params

The organization makes provisions so that {{ insert: param, si-4.10_prm_1 }} is visible to {{ insert: param, si-4.10_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-4.10_prm_1	organization-defined encrypted communications traffic	Organization-defined
si-4.10_prm_2	organization-defined information system monitoring tools	Organization-defined

—

SI-4(11)

Analyze Communications Traffic Anomalies 1 param

The organization analyzes outbound communications traffic at the external boundary of the information system and selected {{ insert: param, si-4.11_prm_1 }} to discover anomalies.

► View parameters

Param ID	Label	Constraint / Choices
si-4.11_prm_1	organization-defined interior points within the system (e.g., subnetworks, subsystems)	Organization-defined

—

SI-4(12)

Automated Alerts 1 param

The organization employs automated mechanisms to alert security personnel of the following inappropriate or unusual activities with security implications: {{ insert: param, si-4.12_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-4.12_prm_1	organization-defined activities that trigger alerts	Organization-defined

—

SI-4(13)

Analyze Traffic / Event Patterns

The organization: (a) Analyzes communications traffic/event patterns for the information system; (b) Develops profiles representing common traffic patterns and/or events; and (c) Uses the tra...

—

SI-4(14)

Wireless Intrusion Detection

The organization employs a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises/breaches to the information system.

—

SI-4(15)

Wireless to Wireline Communications

The organization employs an intrusion detection system to monitor wireless communications traffic as the traffic passes from wireless to wireline networks.

—

SI-4(16)

Correlate Monitoring Information

The organization correlates information from monitoring tools employed throughout the information system.

—

SI-4(17)

Integrated Situational Awareness

The organization correlates information from monitoring physical, cyber, and supply chain activities to achieve integrated, organization-wide situational awareness.

—

SI-4(18)

Analyze Traffic / Covert Exfiltration 1 param

The organization analyzes outbound communications traffic at the external boundary of the information system (i.e., system perimeter) and at {{ insert: param, si-4.18_prm_1 }} to detect covert exfi...

► View parameters

Param ID	Label	Constraint / Choices
si-4.18_prm_1	organization-defined interior points within the system (e.g., subsystems, subnetworks)	Organization-defined

—

SI-4(19)

Individuals Posing Greater Risk 2 params

The organization implements {{ insert: param, si-4.19_prm_1 }} of individuals who have been identified by {{ insert: param, si-4.19_prm_2 }} as posing an increased level of risk.

► View parameters

Param ID	Label	Constraint / Choices
si-4.19_prm_1	organization-defined additional monitoring	Organization-defined
si-4.19_prm_2	organization-defined sources	Organization-defined

—

SI-4(20)

Privileged Users 1 param

The organization implements {{ insert: param, si-4.20_prm_1 }} of privileged users.

► View parameters

Param ID	Label	Constraint / Choices
si-4.20_prm_1	organization-defined additional monitoring	Organization-defined

—

SI-4(21)

Probationary Periods 2 params

The organization implements {{ insert: param, si-4.21_prm_1 }} of individuals during {{ insert: param, si-4.21_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-4.21_prm_1	organization-defined additional monitoring	Organization-defined
si-4.21_prm_2	organization-defined probationary period	Organization-defined

—

SI-4(22)

Unauthorized Network Services 3 params

The information system detects network services that have not been authorized or approved by {{ insert: param, si-4.22_prm_1 }} and {{ insert: param, si-4.22_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-4.22_prm_1	organization-defined authorization or approval processes	Organization-defined
si-4.22_prm_2		Select one-or-more: audits; alerts {{ insert: param, si-4.22_prm_3 }}
si-4.22_prm_3	organization-defined personnel or roles	Organization-defined

—

SI-4(23)

Host-based Devices 2 params

The organization implements {{ insert: param, si-4.23_prm_1 }} at {{ insert: param, si-4.23_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-4.23_prm_1	organization-defined host-based monitoring mechanisms	Organization-defined
si-4.23_prm_2	organization-defined information system components	Organization-defined

—

SI-4(24)

Indicators of Compromise

The information system discovers, collects, distributes, and uses indicators of compromise.

—

SI-5

Security Alerts, Advisories, and Directives 5 params

The organization: a. Receives information system security alerts, advisories, and directives from {{ insert: param, si-5_prm_1 }} on an ongoing basis; b. Generates internal security alerts, adv...

► View parameters

Param ID	Label	Constraint / Choices
si-5_prm_1	organization-defined external organizations	Organization-defined
si-5_prm_2		Select one-or-more: {{ insert: param, si-5_prm_3 }} ; {{ insert: param, si-5_prm_4 }} ; {{ insert: param, si-5_prm_5 }}
si-5_prm_3	organization-defined personnel or roles	Organization-defined
si-5_prm_4	organization-defined elements within the organization	Organization-defined
si-5_prm_5	organization-defined external organizations	Organization-defined

—

SI-5(1)

Automated Alerts and Advisories

The organization employs automated mechanisms to make security alert and advisory information available throughout the organization.

—

SI-6

Security Function Verification 7 params

The information system: a. Verifies the correct operation of {{ insert: param, si-6_prm_1 }}; b. Performs this verification {{ insert: param, si-6_prm_2 }}; c. Notifies {{ insert: param, si-6...

► View parameters

Param ID	Label	Constraint / Choices
si-6_prm_1	organization-defined security functions	Organization-defined
si-6_prm_2		Select one-or-more: {{ insert: param, si-6_prm_3 }} ; upon command by user with appropriate privilege; {{ insert: param, si-6_prm_4 }}
si-6_prm_3	organization-defined system transitional states	Organization-defined
si-6_prm_4	organization-defined frequency	Organization-defined
si-6_prm_5	organization-defined personnel or roles	Organization-defined
si-6_prm_6		Select one-or-more: shuts the information system down; restarts the information system; {{ insert: param, si-6_prm_7 }}
si-6_prm_7	organization-defined alternative action(s)	Organization-defined

—

SI-6(1)

Notification of Failed Security Tests

—

SI-6(2)

Automation Support for Distributed Testing

The information system implements automated mechanisms to support the management of distributed security testing.

—

SI-6(3)

Report Verification Results 1 param

The organization reports the results of security function verification to {{ insert: param, si-6.3_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-6.3_prm_1	organization-defined personnel or roles	Organization-defined

—

SI-7

Software, Firmware, and Information Integrity 1 param

The organization employs integrity verification tools to detect unauthorized changes to {{ insert: param, si-7_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-7_prm_1	organization-defined software, firmware, and information	Organization-defined

—

SI-7(1)

Integrity Checks 4 params

The information system performs an integrity check of {{ insert: param, si-7.1_prm_1 }} {{ insert: param, si-7.1_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-7.1_prm_1	organization-defined software, firmware, and information	Organization-defined
si-7.1_prm_2		Select one-or-more: at startup; at {{ insert: param, si-7.1_prm_3 }} ; {{ insert: param, si-7.1_prm_4 }}
si-7.1_prm_3	organization-defined transitional states or security-relevant events	Organization-defined
si-7.1_prm_4	organization-defined frequency	Organization-defined

—

SI-7(2)

Automated Notifications of Integrity Violations 1 param

The organization employs automated tools that provide notification to {{ insert: param, si-7.2_prm_1 }} upon discovering discrepancies during integrity verification.

► View parameters

Param ID	Label	Constraint / Choices
si-7.2_prm_1	organization-defined personnel or roles	Organization-defined

—

SI-7(3)

Centrally-managed Integrity Tools

The organization employs centrally managed integrity verification tools.

—

SI-7(4)

Tamper-evident Packaging

—

SI-7(5)

Automated Response to Integrity Violations 2 params

The information system automatically {{ insert: param, si-7.5_prm_1 }} when integrity violations are discovered.

► View parameters

Param ID	Label	Constraint / Choices
si-7.5_prm_1		Select one-or-more: shuts the information system down; restarts the information system; implements {{ insert: param, si-7.5_prm_2 }}
si-7.5_prm_2	organization-defined security safeguards	Organization-defined

—

SI-7(6)

Cryptographic Protection

The information system implements cryptographic mechanisms to detect unauthorized changes to software, firmware, and information.

—

SI-7(7)

Integration of Detection and Response 1 param

The organization incorporates the detection of unauthorized {{ insert: param, si-7.7_prm_1 }} into the organizational incident response capability.

► View parameters

Param ID	Label	Constraint / Choices
si-7.7_prm_1	organization-defined security-relevant changes to the information system	Organization-defined

—

SI-7(8)

Auditing Capability for Significant Events 3 params

The information system, upon detection of a potential integrity violation, provides the capability to audit the event and initiates the following actions: {{ insert: param, si-7.8_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-7.8_prm_1		Select one-or-more: generates an audit record; alerts current user; alerts {{ insert: param, si-7.8_prm_2 }} ; {{ insert: param, si-7.8_prm_3 }}
si-7.8_prm_2	organization-defined personnel or roles	Organization-defined
si-7.8_prm_3	organization-defined other actions	Organization-defined

—

SI-7(9)

Verify Boot Process 1 param

The information system verifies the integrity of the boot process of {{ insert: param, si-7.9_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-7.9_prm_1	organization-defined devices	Organization-defined

—

SI-7(10)

Protection of Boot Firmware 2 params

The information system implements {{ insert: param, si-7.10_prm_1 }} to protect the integrity of boot firmware in {{ insert: param, si-7.10_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-7.10_prm_1	organization-defined security safeguards	Organization-defined
si-7.10_prm_2	organization-defined devices	Organization-defined

—

SI-7(11)

Confined Environments with Limited Privileges 1 param

The organization requires that {{ insert: param, si-7.11_prm_1 }} execute in a confined physical or virtual machine environment with limited privileges.

► View parameters

Param ID	Label	Constraint / Choices
si-7.11_prm_1	organization-defined user-installed software	Organization-defined

—

SI-7(12)

Integrity Verification 1 param

The organization requires that the integrity of {{ insert: param, si-7.12_prm_1 }} be verified prior to execution.

► View parameters

Param ID	Label	Constraint / Choices
si-7.12_prm_1	organization-defined user-installed software	Organization-defined

—

SI-7(13)

Code Execution in Protected Environments 1 param

The organization allows execution of binary or machine-executable code obtained from sources with limited or no warranty and without the provision of source code only in confined physical or virtua...

► View parameters

Param ID	Label	Constraint / Choices
si-7.13_prm_1	organization-defined personnel or roles	Organization-defined

—

SI-7(14)

Binary or Machine Executable Code

The organization: (a) Prohibits the use of binary or machine-executable code from sources with limited or no warranty and without the provision of source code; and (b) Provides exceptions to th...

—

SI-7(15)

Code Authentication 1 param

The information system implements cryptographic mechanisms to authenticate {{ insert: param, si-7.15_prm_1 }} prior to installation.

► View parameters

Param ID	Label	Constraint / Choices
si-7.15_prm_1	organization-defined software or firmware components	Organization-defined

—

SI-7(16)

Time Limit On Process Execution w/o Supervision 1 param

The organization does not allow processes to execute without supervision for more than {{ insert: param, si-7.16_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-7.16_prm_1	organization-defined time period	Organization-defined

—

SI-8

Spam Protection

The organization: a. Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and b. Updates spam protection mechanisms ...

—

SI-8(1)

Central Management

The organization centrally manages spam protection mechanisms.

—

SI-8(2)

Automatic Updates

The information system automatically updates spam protection mechanisms.

—

SI-8(3)

Continuous Learning Capability

The information system implements spam protection mechanisms with a learning capability to more effectively identify legitimate communications traffic.

—

SI-9

Information Input Restrictions

—

SI-10

Information Input Validation 1 param

The information system checks the validity of {{ insert: param, si-10_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-10_prm_1	organization-defined information inputs	Organization-defined

—

SI-10(1)

Manual Override Capability 2 params

The information system: (a) Provides a manual override capability for input validation of {{ insert: param, si-10.1_prm_1 }}; (b) Restricts the use of the manual override capability to only {{ ...

► View parameters

Param ID	Label	Constraint / Choices
si-10.1_prm_1	organization-defined inputs	Organization-defined
si-10.1_prm_2	organization-defined authorized individuals	Organization-defined

—

SI-10(2)

Review / Resolution of Errors 1 param

The organization ensures that input validation errors are reviewed and resolved within {{ insert: param, si-10.2_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-10.2_prm_1	organization-defined time period	Organization-defined

—

SI-10(3)

Predictable Behavior

The information system behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

—

SI-10(4)

Review / Timing Interactions

The organization accounts for timing interactions among information system components in determining appropriate responses for invalid inputs.

—

SI-10(5)

Restrict Inputs to Trusted Sources and Approved Formats 2 params

The organization restricts the use of information inputs to {{ insert: param, si-10.5_prm_1 }} and/or {{ insert: param, si-10.5_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-10.5_prm_1	organization-defined trusted sources	Organization-defined
si-10.5_prm_2	organization-defined formats	Organization-defined

—

└ si-10.1.(a)

Provides a manual override capability for input validation of {{ insert: param, si-10.1_prm_1 }};

—

└ si-10.1.(b)

Restricts the use of the manual override capability to only {{ insert: param, si-10.1_prm_2 }}; and

—

└ si-10.1.(c)

Audits the use of the manual override capability.

—

SI-11

Error Handling 1 param

The information system: a. Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries; and b. Reveal...

► View parameters

Param ID	Label	Constraint / Choices
si-11_prm_1	organization-defined personnel or roles	Organization-defined

—

└ si-11a

Generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversa...

—

└ si-11b

Reveals error messages only to {{ insert: param, si-11_prm_1 }}.

—

SI-12

Information Handling and Retention

The organization handles and retains information within the information system and information output from the system in accordance with applicable federal laws, Executive Orders, directives, polic...

—

SI-13

Predictable Failure Prevention 2 params

The organization: a. Determines mean time to failure (MTTF) for {{ insert: param, si-13_prm_1 }} in specific environments of operation; and b. Provides substitute information system components ...

► View parameters

Param ID	Label	Constraint / Choices
si-13_prm_1	organization-defined information system components	Organization-defined
si-13_prm_2	organization-defined MTTF substitution criteria	Organization-defined

—

SI-13(1)

Transferring Component Responsibilities 1 param

The organization takes information system components out of service by transferring component responsibilities to substitute components no later than {{ insert: param, si-13.1_prm_1 }} of mean time...

► View parameters

Param ID	Label	Constraint / Choices
si-13.1_prm_1	organization-defined fraction or percentage	Organization-defined

—

SI-13(2)

Time Limit On Process Execution Without Supervision

—

SI-13(3)

Manual Transfer Between Components 2 params

The organization manually initiates transfers between active and standby information system components {{ insert: param, si-13.3_prm_1 }} if the mean time to failure exceeds {{ insert: param, si-13...

► View parameters

Param ID	Label	Constraint / Choices
si-13.3_prm_1	organization-defined frequency	Organization-defined
si-13.3_prm_2	organization-defined time period	Organization-defined

—

SI-13(4)

Standby Component Installation / Notification 3 params

The organization, if information system component failures are detected: (a) Ensures that the standby components are successfully and transparently installed within {{ insert: param, si-13.4_prm_...

► View parameters

Param ID	Label	Constraint / Choices
si-13.4_prm_1	organization-defined time period	Organization-defined
si-13.4_prm_2		Select one-or-more: activates {{ insert: param, si-13.4_prm_3 }} ; automatically shuts down the information system
si-13.4_prm_3	organization-defined alarm	Organization-defined

—

SI-13(5)

Failover Capability 2 params

The organization provides {{ insert: param, si-13.5_prm_1 }} {{ insert: param, si-13.5_prm_2 }} for the information system.

► View parameters

Param ID	Label	Constraint / Choices
si-13.5_prm_1		Select one: real-time; near real-time
si-13.5_prm_2	organization-defined failover capability	Organization-defined

—

└ si-13.4.(a)

Ensures that the standby components are successfully and transparently installed within {{ insert: param, si-13.4_prm_1 }}; and

—

└ si-13.4.(b)

{{ insert: param, si-13.4_prm_2 }}.

—

└ si-13a

Determines mean time to failure (MTTF) for {{ insert: param, si-13_prm_1 }} in specific environments of operation; and

—

└ si-13b

Provides substitute information system components and a means to exchange active and standby components at {{ insert: param, si-13_prm_2 }}.

—

SI-14

Non-persistence 3 params

The organization implements non-persistent {{ insert: param, si-14_prm_1 }} that are initiated in a known state and terminated {{ insert: param, si-14_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-14_prm_1	organization-defined information system components and services	Organization-defined
si-14_prm_2		Select one-or-more: upon end of session of use; periodically at {{ insert: param, si-14_prm_3 }}
si-14_prm_3	organization-defined frequency	Organization-defined

—

SI-14(1)

Refresh from Trusted Sources 1 param

The organization ensures that software and data employed during information system component and service refreshes are obtained from {{ insert: param, si-14.1_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-14.1_prm_1	organization-defined trusted sources	Organization-defined

—

SI-15

Information Output Filtering 1 param

The information system validates information output from {{ insert: param, si-15_prm_1 }} to ensure that the information is consistent with the expected content.

► View parameters

Param ID	Label	Constraint / Choices
si-15_prm_1	organization-defined software programs and/or applications	Organization-defined

—

SI-16

Memory Protection 1 param

The information system implements {{ insert: param, si-16_prm_1 }} to protect its memory from unauthorized code execution.

► View parameters

Param ID	Label	Constraint / Choices
si-16_prm_1	organization-defined security safeguards	Organization-defined

—

SI-17

Fail-safe Procedures 2 params

The information system implements {{ insert: param, si-17_prm_1 }} when {{ insert: param, si-17_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-17_prm_1	organization-defined fail-safe procedures	Organization-defined
si-17_prm_2	organization-defined failure conditions occur	Organization-defined

—

└ si-1a

Develops, documents, and disseminates to {{ insert: param, si-1_prm_1 }}:

—

└ si-1a.1

A system and information integrity policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organiz...

—

└ si-1a.2

Procedures to facilitate the implementation of the system and information integrity policy and associated system and information integrity controls...

—

└ si-1b

Reviews and updates the current:

—

└ si-1b.1

System and information integrity policy {{ insert: param, si-1_prm_2 }}; and

—

└ si-1b.2

System and information integrity procedures {{ insert: param, si-1_prm_3 }}.

—

└ si-2.3.(a)

Measures the time between flaw identification and flaw remediation; and

—

└ si-2.3.(b)

Establishes {{ insert: param, si-2.3_prm_1 }} for taking corrective actions.

—

└ si-2a

Identifies, reports, and corrects information system flaws;

—

└ si-2b

Tests software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation;

—

└ si-2c

Installs security-relevant software and firmware updates within {{ insert: param, si-2_prm_1 }} of the release of the updates; and

—

└ si-2d

Incorporates flaw remediation into the organizational configuration management process.

—

└ si-3.10.(a)

Employs {{ insert: param, si-3.10_prm_1 }} to analyze the characteristics and behavior of malicious code; and

—

└ si-3.10.(b)

Incorporates the results from malicious code analysis into organizational incident response and flaw remediation processes.

—

└ si-3.6.(a)

Tests malicious code protection mechanisms {{ insert: param, si-3.6_prm_1 }} by introducing a known benign, non-spreading test case into the inform...

—

└ si-3.6.(b)

Verifies that both detection of the test case and associated incident reporting occur.

—

└ si-3a

Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code;

—

└ si-3b

Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy ...

—

└ si-3c

Configures malicious code protection mechanisms to:

—

└ si-3c.1

Perform periodic scans of the information system {{ insert: param, si-3_prm_1 }} and real-time scans of files from external sources at {{ insert: p...

—

└ si-3c.2

{{ insert: param, si-3_prm_3 }} in response to malicious code detection; and

—

└ si-3d

Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of ...

—

└ si-4.13.(a)

Analyzes communications traffic/event patterns for the information system;

—

└ si-4.13.(b)

Develops profiles representing common traffic patterns and/or events; and

—

└ si-4.13.(c)

Uses the traffic/event profiles in tuning system-monitoring devices to reduce the number of false positives and the number of false negatives.

—

└ si-4a

Monitors the information system to detect:

—

└ si-4a.1

Attacks and indicators of potential attacks in accordance with {{ insert: param, si-4_prm_1 }}; and

—

└ si-4a.2

Unauthorized local, network, and remote connections;

—

└ si-4b

Identifies unauthorized use of the information system through {{ insert: param, si-4_prm_2 }};

—

└ si-4c

Deploys monitoring devices:

—

└ si-4c.1

Strategically within the information system to collect organization-determined essential information; and

—

└ si-4c.2

At ad hoc locations within the system to track specific types of transactions of interest to the organization;

—

└ si-4d

Protects information obtained from intrusion-monitoring tools from unauthorized access, modification, and deletion;

—

└ si-4e

Heightens the level of information system monitoring activity whenever there is an indication of increased risk to organizational operations and as...

—

└ si-4f

Obtains legal opinion with regard to information system monitoring activities in accordance with applicable federal laws, Executive Orders, directi...

—

└ si-4g

Provides {{ insert: param, si-4_prm_3 }} to {{ insert: param, si-4_prm_4 }} {{ insert: param, si-4_prm_5 }}.

—

└ si-5a

Receives information system security alerts, advisories, and directives from {{ insert: param, si-5_prm_1 }} on an ongoing basis;

—

└ si-5b

Generates internal security alerts, advisories, and directives as deemed necessary;

—

└ si-5c

Disseminates security alerts, advisories, and directives to: {{ insert: param, si-5_prm_2 }}; and

—

└ si-5d

Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.

—

└ si-6a

Verifies the correct operation of {{ insert: param, si-6_prm_1 }};

—

└ si-6b

Performs this verification {{ insert: param, si-6_prm_2 }};

—

└ si-6c

Notifies {{ insert: param, si-6_prm_5 }} of failed security verification tests; and

—

└ si-6d

{{ insert: param, si-6_prm_6 }} when anomalies are discovered.

—

└ si-7.14.(a)

Prohibits the use of binary or machine-executable code from sources with limited or no warranty and without the provision of source code; and

—

└ si-7.14.(b)

Provides exceptions to the source code requirement only for compelling mission/operational requirements and with the approval of the authorizing of...

—

└ si-8a

Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and

—

└ si-8b

Updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.

—