SPARC

System and Information Integrity

Catalog: Electronic (OSCAL) Version of NIST SP 800-53 Rev 5.2.0 Controls and SP 800-53A Rev 5.2.0 Assessment Procedures | Controls: 200

← Back to Catalog

Control ID

Title / Statement

Priority

Baseline Impact

SI-01

Policy and Procedures 9 params

a. Develop, document, and disseminate to {{ insert: param, si-1_prm_1 }}: 1. {{ insert: param, si-01_odp.03 }} system and information integrity policy that: (a) Addresses purpose, scope...

► View parameters

Param ID	Label	Constraint / Choices
si-1_prm_1	organization-defined personnel or roles	Organization-defined
si-01_odp.01	personnel or roles	personnel or roles to whom the system and information integrity policy is to be disseminated is/are defined;
si-01_odp.02	personnel or roles	personnel or roles to whom the system and information integrity procedures are to be disseminated is/are defined;
si-01_odp.03		Select one-or-more: organization-level; mission/business process-level; system-level
si-01_odp.04	official	an official to manage the system and information integrity policy and procedures is defined;
si-01_odp.05	frequency	the frequency at which the current system and information integrity policy is reviewed and updated is defined;
si-01_odp.06	events	events that would require the current system and information integrity policy to be reviewed and updated are defined;
si-01_odp.07	frequency	the frequency at which the current system and information integrity procedures are reviewed and updated is defined;
si-01_odp.08	events	events that would require the system and information integrity procedures to be reviewed and updated are defined;

—

SI-02

Flaw Remediation 1 param

a. Identify, report, and correct system flaws; b. Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; c. Install s...

► View parameters

Param ID	Label	Constraint / Choices
si-02_odp	time period	time period within which to install security-relevant software updates after the release of the updates is defined;

—

SI-02(01)

Central Management

—

SI-02(02)

Automated Flaw Remediation Status 2 params

Determine if system components have applicable security-relevant software and firmware updates installed using {{ insert: param, si-02.02_odp.01 }} {{ insert: param, si-02.02_odp.02 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-02.02_odp.01	automated mechanisms	automated mechanisms to determine if applicable security-relevant software and firmware updates are installed on syst...
si-02.02_odp.02	frequency	the frequency at which to determine if applicable security-relevant software and firmware updates are installed on sy...

—

SI-02(03)

Time to Remediate Flaws and Benchmarks for Corrective Actions 1 param

(a) Measure the time between flaw identification and flaw remediation; and (b) Establish the following benchmarks for taking corrective actions: {{ insert: param, si-02.03_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-02.03_odp	benchmarks	the benchmarks for taking corrective actions are defined;

—

SI-02(04)

Automated Patch Management Tools 1 param

Employ automated patch management tools to facilitate flaw remediation to the following system components: {{ insert: param, si-02.04_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-02.04_odp	components	the system components requiring automated patch management tools to facilitate flaw remediation are defined;

—

SI-02(05)

Automatic Software and Firmware Updates 2 params

Install {{ insert: param, si-02.05_odp.01 }} automatically to {{ insert: param, si-02.05_odp.02 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-02.05_odp.01	security-relevant software and firmware updates	security-relevant software and firmware updates to be automatically installed to system components are defined;
si-02.05_odp.02	system components	system components requiring security-relevant software updates to be automatically installed are defined;

—

SI-02(06)

Removal of Previous Versions of Software and Firmware 1 param

Remove previous versions of {{ insert: param, si-02.06_odp }} after updated versions have been installed.

► View parameters

Param ID	Label	Constraint / Choices
si-02.06_odp	software and firmware components	software and firmware components to be removed after updated versions have been installed are defined;

—

SI-02(07)

Root Cause Analysis

a. Conduct root cause analysis to identify underlying causes of issues or failures. b. Develop actions to address the root cause of the issue or failure. c. Implement the actions and monitor ...

—

SI-03

Malicious Code Protection 6 params

a. Implement {{ insert: param, si-03_odp.01 }} malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; b. Automatically update malicious cod...

► View parameters

Param ID	Label	Constraint / Choices
si-03_odp.01		Select one-or-more: signature-based; non-signature-based
si-03_odp.02	frequency	the frequency at which malicious code protection mechanisms perform scans is defined;
si-03_odp.03		Select one-or-more: endpoint; network entry and exit points
si-03_odp.04		Select one-or-more: block malicious code; quarantine malicious code; take {{ insert: param, si-03_odp.05 }}
si-03_odp.05	action	action to be taken in response to malicious code detection are defined (if selected);
si-03_odp.06	personnel or roles	personnel or roles to be alerted when malicious code is detected is/are defined;

—

SI-03(01)

Central Management

—

SI-03(02)

Automatic Updates

—

SI-03(03)

Non-privileged Users

—

SI-03(04)

Updates Only by Privileged Users

Update malicious code protection mechanisms only when directed by a privileged user.

—

SI-03(05)

Portable Storage Devices

—

SI-03(06)

Testing and Verification 1 param

(a) Test malicious code protection mechanisms {{ insert: param, si-03.06_odp }} by introducing known benign code into the system; and (b) Verify that the detection of the code and the associate...

► View parameters

Param ID	Label	Constraint / Choices
si-03.06_odp	frequency	the frequency at which to test malicious code protection mechanisms is defined;

—

SI-03(07)

Nonsignature-based Detection

—

SI-03(08)

Detect Unauthorized Commands 3 params

(a) Detect the following unauthorized operating system commands through the kernel application programming interface on {{ insert: param, si-03.08_odp.02 }}: {{ insert: param, si-03.08_odp.01 }} ...

► View parameters

Param ID	Label	Constraint / Choices
si-03.08_odp.01	unauthorized operating system commands	system hardware components for which unauthorized operating system commands are to be detected through the kernel app...
si-03.08_odp.02	system hardware components	unauthorized operating system commands to be detected are defined;
si-03.08_odp.03		Select one-or-more: issue a warning; audit the command execution; prevent the execution of the command

—

SI-03(09)

Authenticate Remote Commands

—

SI-03(10)

Malicious Code Analysis 1 param

(a) Employ the following tools and techniques to analyze the characteristics and behavior of malicious code: {{ insert: param, si-03.10_odp }} ; and (b) Incorporate the results from malicious c...

► View parameters

Param ID	Label	Constraint / Choices
si-03.10_odp	tools and techniques	tools and techniques to be employed to analyze the characteristics and behavior of malicious code are defined;

—

SI-04

System Monitoring 6 params

a. Monitor the system to detect: 1. Attacks and indicators of potential attacks in accordance with the following monitoring objectives: {{ insert: param, si-04_odp.01 }} ; and 2. Unauthor...

► View parameters

Param ID	Label	Constraint / Choices
si-04_odp.01	monitoring objectives	monitoring objectives to detect attacks and indicators of potential attacks on the system are defined;
si-04_odp.02	techniques and methods	techniques and methods used to identify unauthorized use of the system are defined;
si-04_odp.03	system monitoring information	system monitoring information to be provided to personnel or roles is defined;
si-04_odp.04	personnel or roles	personnel or roles to whom system monitoring information is to be provided is/are defined;
si-04_odp.05		Select one-or-more: as needed; {{ insert: param, si-04_odp.06 }}
si-04_odp.06	frequency	a frequency for providing system monitoring to personnel or roles is defined (if selected);

—

SI-04(01)

System-wide Intrusion Detection System

Connect and configure individual intrusion detection tools into a system-wide intrusion detection system.

—

SI-04(02)

Automated Tools and Mechanisms for Real-time Analysis

Employ automated tools and mechanisms to support near real-time analysis of events.

—

SI-04(03)

Automated Tool and Mechanism Integration

Employ automated tools and mechanisms to integrate intrusion detection tools and mechanisms into access control and flow control mechanisms.

—

SI-04(04)

Inbound and Outbound Communications Traffic 6 params

(a) Determine criteria for unusual or unauthorized activities or conditions for inbound and outbound communications traffic; (b) Monitor inbound and outbound communications traffic {{ insert: p...

► View parameters

Param ID	Label	Constraint / Choices
si-4.4_prm_1	organization-defined frequency	Organization-defined
si-4.4_prm_2	organization-defined unusual or unauthorized activities or conditions	Organization-defined
si-04.04_odp.01	frequency	the frequency at which to monitor inbound communications traffic for unusual or unauthorized activities or conditions...
si-04.04_odp.02	unusual or unauthorized activities or conditions	unusual or unauthorized activities or conditions that are to be monitored in inbound communications traffic are defined;
si-04.04_odp.03	frequency	the frequency at which to monitor outbound communications traffic for unusual or unauthorized activities or condition...
si-04.04_odp.04	unusual or unauthorized activities or conditions	unusual or unauthorized activities or conditions that are to be monitored in outbound communications traffic are defi...

—

SI-04(05)

System-generated Alerts 2 params

Alert {{ insert: param, si-04.05_odp.01 }} when the following system-generated indications of compromise or potential compromise occur: {{ insert: param, si-04.05_odp.02 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-04.05_odp.01	personnel or roles	personnel or roles to be alerted when indications of compromise or potential compromise occur is/are defined;
si-04.05_odp.02	compromise indicators	compromise indicators are defined;

—

SI-04(06)

Restrict Non-privileged Users

—

SI-04(07)

Automated Response to Suspicious Events 2 params

(a) Notify {{ insert: param, si-04.07_odp.01 }} of detected suspicious events; and (b) Take the following actions upon detection: {{ insert: param, si-04.07_odp.02 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-04.07_odp.01	incident response personnel	incident response personnel (identified by name and/or by role) to be notified of detected suspicious events is/are d...
si-04.07_odp.02	least-disruptive actions	least-disruptive actions to terminate suspicious events are defined;

—

SI-04(08)

Protection of Monitoring Information

—

SI-04(09)

Testing of Monitoring Tools and Mechanisms 1 param

Test intrusion-monitoring tools and mechanisms {{ insert: param, si-04.09_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-04.09_odp	frequency	a frequency at which to test intrusion-monitoring tools and mechanisms is defined;

—

SI-04(10)

Visibility of Encrypted Communications 2 params

Make provisions so that {{ insert: param, si-04.10_odp.01 }} is visible to {{ insert: param, si-04.10_odp.02 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-04.10_odp.01	encrypted communications traffic	encrypted communications traffic to be made visible to system monitoring tools and mechanisms is defined;
si-04.10_odp.02	system monitoring tools and mechanisms	system monitoring tools and mechanisms to be provided access to encrypted communications traffic are defined;

—

SI-04(11)

Analyze Communications Traffic Anomalies 1 param

Analyze outbound communications traffic at the external interfaces to the system and selected {{ insert: param, si-04.11_odp }} to discover anomalies.

► View parameters

Param ID	Label	Constraint / Choices
si-04.11_odp	interior points	interior points within the system where communications traffic is to be analyzed are defined;

—

SI-04(12)

Automated Organization-generated Alerts 3 params

Alert {{ insert: param, si-04.12_odp.01 }} using {{ insert: param, si-04.12_odp.02 }} when the following indications of inappropriate or unusual activities with security or privacy implications occ...

► View parameters

Param ID	Label	Constraint / Choices
si-04.12_odp.01	personnel or roles	personnel or roles to be alerted when indications of inappropriate or unusual activity with security or privacy impli...
si-04.12_odp.02	automated mechanisms	automated mechanisms used to alert personnel or roles are defined;
si-04.12_odp.03	activities that trigger alerts	activities that trigger alerts to personnel or are defined;

—

SI-04(13)

Analyze Traffic and Event Patterns

(a) Analyze communications traffic and event patterns for the system; (b) Develop profiles representing common traffic and event patterns; and (c) Use the traffic and event profiles in tuning...

—

SI-04(14)

Wireless Intrusion Detection

Employ a wireless intrusion detection system to identify rogue wireless devices and to detect attack attempts and potential compromises or breaches to the system.

—

SI-04(15)

Wireless to Wireline Communications

Employ an intrusion detection system to monitor wireless communications traffic as the traffic passes from wireless to wireline networks.

—

SI-04(16)

Correlate Monitoring Information

Correlate information from monitoring tools and mechanisms employed throughout the system.

—

SI-04(17)

Integrated Situational Awareness

Correlate information from monitoring physical, cyber, and supply chain activities to achieve integrated, organization-wide situational awareness.

—

SI-04(18)

Analyze Traffic and Covert Exfiltration 1 param

Analyze outbound communications traffic at external interfaces to the system and at the following interior points to detect covert exfiltration of information: {{ insert: param, si-04.18_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-04.18_odp	interior points	interior points within the system where communications traffic is to be analyzed are defined;

—

SI-04(19)

Risk for Individuals 2 params

Implement {{ insert: param, si-04.19_odp.01 }} of individuals who have been identified by {{ insert: param, si-04.19_odp.02 }} as posing an increased level of risk.

► View parameters

Param ID	Label	Constraint / Choices
si-04.19_odp.01	additional monitoring	additional monitoring of individuals who have been identified as posing an increased level of risk is defined;
si-04.19_odp.02	sources	sources that identify individuals who pose an increased level of risk are defined;

—

SI-04(20)

Privileged Users 1 param

Implement the following additional monitoring of privileged users: {{ insert: param, si-04.20_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-04.20_odp	additional monitoring	additional monitoring of privileged users is defined;

—

SI-04(21)

Probationary Periods 2 params

Implement the following additional monitoring of individuals during {{ insert: param, si-04.21_odp.02 }}: {{ insert: param, si-04.21_odp.01 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-04.21_odp.01	additional monitoring	additional monitoring to be implemented on individuals during probationary periods is defined;
si-04.21_odp.02	probationary period	the probationary period of individuals is defined;

—

SI-04(22)

Unauthorized Network Services 3 params

(a) Detect network services that have not been authorized or approved by {{ insert: param, si-04.22_odp.01 }} ; and (b) {{ insert: param, si-04.22_odp.02 }} when detected.

► View parameters

Param ID	Label	Constraint / Choices
si-04.22_odp.01	authorization or approval processes	authorization or approval processes for network services are defined;
si-04.22_odp.02		Select one-or-more: audit; alert {{ insert: param, si-04.22_odp.03 }}
si-04.22_odp.03	personnel or roles	personnel or roles to be alerted upon the detection of network services that have not been authorized or approved by ...

—

SI-04(23)

Host-based Devices 2 params

Implement the following host-based monitoring mechanisms at {{ insert: param, si-04.23_odp.02 }}: {{ insert: param, si-04.23_odp.01 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-04.23_odp.01	host-based monitoring mechanisms	host-based monitoring mechanisms to be implemented on system components are defined;
si-04.23_odp.02	system components	system components where host-based monitoring is to be implemented are defined;

—

SI-04(24)

Indicators of Compromise 2 params

Discover, collect, and distribute to {{ insert: param, si-04.24_odp.02 }} , indicators of compromise provided by {{ insert: param, si-04.24_odp.01 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-04.24_odp.01	sources	sources that provide indicators of compromise are defined;
si-04.24_odp.02	personnel or roles	personnel or roles to whom indicators of compromise are to be distributed is/are defined;

—

SI-04(25)

Optimize Network Traffic Analysis

Provide visibility into network traffic at external and key internal system interfaces to optimize the effectiveness of monitoring devices.

—

SI-05

Security Alerts, Advisories, and Directives 5 params

a. Receive system security alerts, advisories, and directives from {{ insert: param, si-05_odp.01 }} on an ongoing basis; b. Generate internal security alerts, advisories, and directives as dee...

► View parameters

Param ID	Label	Constraint / Choices
si-05_odp.01	external organizations	external organizations from whom system security alerts, advisories, and directives are to be received on an ongoing ...
si-05_odp.02		Select one-or-more: {{ insert: param, si-05_odp.03 }} ; {{ insert: param, si-05_odp.04 }} ; {{ insert: param, si-05_odp.05 }}
si-05_odp.03	personnel or roles	personnel or roles to whom security alerts, advisories, and directives are to be disseminated is/are defined (if sele...
si-05_odp.04	elements	elements within the organization to whom security alerts, advisories, and directives are to be disseminated are defin...
si-05_odp.05	external organizations	external organizations to whom security alerts, advisories, and directives are to be disseminated are defined (if sel...

—

SI-05(01)

Automated Alerts and Advisories 1 param

Broadcast security alert and advisory information throughout the organization using {{ insert: param, si-05.01_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-05.01_odp	automated mechanisms	automated mechanisms used to broadcast security alert and advisory information throughout the organization are defined;

—

SI-06

Security and Privacy Function Verification 9 params

a. Verify the correct operation of {{ insert: param, si-6_prm_1 }}; b. Perform the verification of the functions specified in SI-6a {{ insert: param, si-06_odp.03 }}; c. Alert {{ insert: para...

► View parameters

Param ID	Label	Constraint / Choices
si-6_prm_1	organization-defined security and privacy functions	Organization-defined
si-06_odp.01	security functions	security functions to be verified for correct operation are defined;
si-06_odp.02	privacy functions	privacy functions to be verified for correct operation are defined;
si-06_odp.03		Select one-or-more: {{ insert: param, si-06_odp.04 }} ; upon command by user with appropriate privilege; {{ insert: param, si-06_odp.05 }}
si-06_odp.04	system transitional states	system transitional states requiring the verification of security and privacy functions are defined; (if selected)
si-06_odp.05	frequency	frequency at which to verify the correct operation of security and privacy functions is defined; (if selected)
si-06_odp.06	personnel or roles	personnel or roles to be alerted of failed security and privacy verification tests is/are defined;
si-06_odp.07		Select one-or-more: shut the system down; restart the system; {{ insert: param, si-06_odp.08 }}
si-06_odp.08	alternative action(s)	alternative action(s) to be performed when anomalies are discovered are defined (if selected);

—

SI-06(01)

Notification of Failed Security Tests

—

SI-06(02)

Automation Support for Distributed Testing

Implement automated mechanisms to support the management of distributed security and privacy function testing.

—

SI-06(03)

Report Verification Results 1 param

Report the results of security and privacy function verification to {{ insert: param, si-06.03_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-06.03_odp	personnel or roles	personnel or roles designated to receive the results of security and privacy function verification is/are defined;

—

SI-07

Software, Firmware, and Information Integrity 8 params

a. Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information: {{ insert: param, si-7_prm_1 }} ; and b. Take the following actions w...

► View parameters

Param ID	Label	Constraint / Choices
si-7_prm_1	organization-defined software, firmware, and information	Organization-defined
si-7_prm_2	organization-defined actions	Organization-defined
si-07_odp.01	software	software requiring integrity verification tools to be employed to detect unauthorized changes is defined;
si-07_odp.02	firmware	firmware requiring integrity verification tools to be employed to detect unauthorized changes is defined;
si-07_odp.03	information	information requiring integrity verification tools to be employed to detect unauthorized changes is defined;
si-07_odp.04	actions	actions to be taken when unauthorized changes to software are detected are defined;
si-07_odp.05	actions	actions to be taken when unauthorized changes to firmware are detected are defined;
si-07_odp.06	actions	actions to be taken when unauthorized changes to information are detected are defined;

—

SI-07(01)

Integrity Checks 16 params

Perform an integrity check of {{ insert: param, si-7.1_prm_1 }} {{ insert: param, si-7.1_prm_2 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-7.1_prm_1	organization-defined software, firmware, and information	Organization-defined
si-7.1_prm_2		Select one-or-more: at startup; at {{ insert: param, si-7.1_prm_3 }} ; {{ insert: param, si-7.1_prm_4 }}
si-7.1_prm_3	organization-defined transitional states or security-relevant events	Organization-defined
si-7.1_prm_4	organization-defined frequency	Organization-defined
si-07.01_odp.01	software	software on which an integrity check is to be performed is defined;
si-07.01_odp.02		Select one-or-more: at startup; at {{ insert: param, si-07.01_odp.03 }} ; {{ insert: param, si-07.01_odp.04 }}
si-07.01_odp.03	transitional states or security-relevant events	transitional states or security-relevant events requiring integrity checks (on software) are defined (if selected);
si-07.01_odp.04	frequency	frequency with which to perform an integrity check (on software) is defined (if selected);
si-07.01_odp.05	firmware	firmware on which an integrity check is to be performed is defined;
si-07.01_odp.06		Select one-or-more: at startup; at {{ insert: param, si-07.01_odp.07 }} ; {{ insert: param, si-07.01_odp.08 }}
si-07.01_odp.07	transitional states or security-relevant events	transitional states or security-relevant events requiring integrity checks (on firmware) are defined (if selected);
si-07.01_odp.08	frequency	frequency with which to perform an integrity check (on firmware) is defined (if selected);
si-07.01_odp.09	information	information on which an integrity check is to be performed is defined;
si-07.01_odp.10		Select one-or-more: at startup; at {{ insert: param, si-07.01_odp.11 }} ; {{ insert: param, si-07.01_odp.12 }}
si-07.01_odp.11	transitional states or security-relevant events	transitional states or security-relevant events requiring integrity checks (of information) are defined (if selected);
si-07.01_odp.12	frequency	frequency with which to perform an integrity check (of information) is defined (if selected);

—

SI-07(02)

Automated Notifications of Integrity Violations 1 param

Employ automated tools that provide notification to {{ insert: param, si-07.02_odp }} upon discovering discrepancies during integrity verification.

► View parameters

Param ID	Label	Constraint / Choices
si-07.02_odp	personnel or roles	personnel or roles to whom notification is to be provided upon discovering discrepancies during integrity verificatio...

—

SI-07(03)

Centrally Managed Integrity Tools

Employ centrally managed integrity verification tools.

—

SI-07(04)

Tamper-evident Packaging

—

SI-07(05)

Automated Response to Integrity Violations 2 params

Automatically {{ insert: param, si-07.05_odp.01 }} when integrity violations are discovered.

► View parameters

Param ID	Label	Constraint / Choices
si-07.05_odp.01		Select one-or-more: shut down the system; restart the system; implement {{ insert: param, si-07.05_odp.02 }}
si-07.05_odp.02	controls	controls to be implemented automatically when integrity violations are discovered are defined (if selected);

—

SI-07(06)

Cryptographic Protection

Implement cryptographic mechanisms to detect unauthorized changes to software, firmware, and information.

—

SI-07(07)

Integration of Detection and Response 1 param

Incorporate the detection of the following unauthorized changes into the organizational incident response capability: {{ insert: param, si-07.07_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-07.07_odp	changes	security-relevant changes to the system are defined;

—

SI-07(08)

Auditing Capability for Significant Events 3 params

Upon detection of a potential integrity violation, provide the capability to audit the event and initiate the following actions: {{ insert: param, si-07.08_odp.01 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-07.08_odp.01		Select one-or-more: generate an audit record; alert current user; alert {{ insert: param, si-07.08_odp.02 }} ; {{ insert: param, si-07.08_odp.03 }}
si-07.08_odp.02	personnel or roles	personnel or roles to be alerted upon the detection of a potential integrity violation is/are defined (if selected);
si-07.08_odp.03	other actions	other actions to be taken upon the detection of a potential integrity violation are defined (if selected);

—

SI-07(09)

Verify Boot Process 1 param

Verify the integrity of the boot process of the following system components: {{ insert: param, si-07.09_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-07.09_odp	system components	system components requiring integrity verification of the boot process are defined;

—

SI-07(10)

Protection of Boot Firmware 2 params

Implement the following mechanisms to protect the integrity of boot firmware in {{ insert: param, si-07.10_odp.02 }}: {{ insert: param, si-07.10_odp.01 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-07.10_odp.01	mechanisms	mechanisms to be implemented to protect the integrity of boot firmware in system components are defined;
si-07.10_odp.02	system components	system components requiring mechanisms to protect the integrity of boot firmware are defined;

—

SI-07(11)

Confined Environments with Limited Privileges

—

SI-07(12)

Integrity Verification 1 param

Require that the integrity of the following user-installed software be verified prior to execution: {{ insert: param, si-07.12_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-07.12_odp	user-installed software	user-installed software requiring integrity verification prior to execution is defined;

—

SI-07(13)

Code Execution in Protected Environments

—

SI-07(14)

Binary or Machine Executable Code

—

SI-07(15)

Code Authentication 1 param

Implement cryptographic mechanisms to authenticate the following software or firmware components prior to installation: {{ insert: param, si-07.15_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-07.15_odp	software or firmware components	software or firmware components to be authenticated by cryptographic mechanisms prior to installation are defined;

—

SI-07(16)

Time Limit on Process Execution Without Supervision 1 param

Prohibit processes from executing without supervision for more than {{ insert: param, si-07.16_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-07.16_odp	time period	the maximum time period permitted for processes to execute without supervision is defined;

—

SI-07(17)

Runtime Application Self-protection 1 param

Implement {{ insert: param, si-07.17_odp }} for application self-protection at runtime.

► View parameters

Param ID	Label	Constraint / Choices
si-07.17_odp	controls	controls to be implemented for application self-protection at runtime are defined;

—

SI-08

Spam Protection

a. Employ spam protection mechanisms at system entry and exit points to detect and act on unsolicited messages; and b. Update spam protection mechanisms when new releases are available in accor...

—

SI-08(01)

Central Management

—

SI-08(02)

Automatic Updates 1 param

Automatically update spam protection mechanisms {{ insert: param, si-08.02_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-08.02_odp	frequency	the frequency at which to automatically update spam protection mechanisms is defined;

—

SI-08(03)

Continuous Learning Capability

Implement spam protection mechanisms with a learning capability to more effectively identify legitimate communications traffic.

—

SI-09

Information Input Restrictions

—

SI-10

Information Input Validation 1 param

Check the validity of the following information inputs: {{ insert: param, si-10_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-10_odp	information inputs	information inputs to the system requiring validity checks are defined;

—

SI-10(01)

Manual Override Capability 1 param

(a) Provide a manual override capability for input validation of the following information inputs: {{ insert: param, si-10_odp }}; (b) Restrict the use of the manual override capability to only...

► View parameters

Param ID	Label	Constraint / Choices
si-10.01_odp	authorized individuals	authorized individuals who can use the manual override capability are defined;

—

SI-10(02)

Review and Resolve Errors 3 params

Review and resolve input validation errors within {{ insert: param, si-10.2_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-10.2_prm_1	organization-defined time period	Organization-defined
si-10.02_odp.01	time period	the time period within which input validation errors are to be reviewed is defined;
si-10.02_odp.02	time period	the time period within which input validation errors are to be resolved is defined;

—

SI-10(03)

Predictable Behavior

Verify that the system behaves in a predictable and documented manner when invalid inputs are received.

—

SI-10(04)

Timing Interactions

Account for timing interactions among system components in determining appropriate responses for invalid inputs.

—

SI-10(05)

Restrict Inputs to Trusted Sources and Approved Formats 2 params

Restrict the use of information inputs to {{ insert: param, si-10.05_odp.01 }} and/or {{ insert: param, si-10.05_odp.02 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-10.05_odp.01	trusted sources	trusted sources to which the use of information inputs is to be restricted are defined;
si-10.05_odp.02	formats	formats to which the use of information inputs is to be restricted are defined;

—

SI-10(06)

Injection Prevention

Prevent untrusted data injections.

—

└ si-10.1.(a)

Provide a manual override capability for input validation of the following information inputs: {{ insert: param, si-10_odp }};

—

└ si-10.1.(b)

Restrict the use of the manual override capability to only {{ insert: param, si-10.01_odp }} ; and

—

└ si-10.1.(c)

Audit the use of the manual override capability.

—

SI-11

Error Handling 1 param

a. Generate error messages that provide information necessary for corrective actions without revealing information that could be exploited; and b. Reveal error messages only to {{ insert: param...

► View parameters

Param ID	Label	Constraint / Choices
si-11_odp	personnel or roles	personnel or roles to whom error messages are to be revealed is/are defined;

—

└ si-11a

Generate error messages that provide information necessary for corrective actions without revealing information that could be exploited; and

—

└ si-11b

Reveal error messages only to {{ insert: param, si-11_odp }}.

—

SI-12

Information Management and Retention

Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines...

—

SI-12(01)

Limit Personally Identifiable Information Elements 1 param

Limit personally identifiable information being processed in the information life cycle to the following elements of personally identifiable information: {{ insert: param, si-12.01_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-12.01_odp	elements of personally identifiable information	elements of personally identifiable information being processed in the information life cycle are defined;

—

SI-12(02)

Minimize Personally Identifiable Information in Testing, Training, and Research 4 params

Use the following techniques to minimize the use of personally identifiable information for research, testing, or training: {{ insert: param, si-12.2_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-12.2_prm_1	organization-defined techniques	Organization-defined
si-12.02_odp.01	techniques	techniques used to minimize the use of personally identifiable information for research are defined;
si-12.02_odp.02	techniques	techniques used to minimize the use of personally identifiable information for testing are defined;
si-12.02_odp.03	techniques	techniques used to minimize the use of personally identifiable information for training are defined;

—

SI-12(03)

Information Disposal 4 params

Use the following techniques to dispose of, destroy, or erase information following the retention period: {{ insert: param, si-12.3_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-12.3_prm_1	organization-defined techniques	Organization-defined
si-12.03_odp.01	techniques	techniques used to dispose of information following the retention period are defined;
si-12.03_odp.02	techniques	techniques used to destroy information following the retention period are defined;
si-12.03_odp.03	techniques	techniques used to erase information following the retention period are defined;

—

SI-13

Predictable Failure Prevention 2 params

a. Determine mean time to failure (MTTF) for the following system components in specific environments of operation: {{ insert: param, si-13_odp.01 }} ; and b. Provide substitute system componen...

► View parameters

Param ID	Label	Constraint / Choices
si-13_odp.01	system components	system components for which mean time to failure (MTTF) should be determined are defined;
si-13_odp.02	mean time to failure (MTTF) substitution criteria	mean time to failure (MTTF) substitution criteria to be used as a means to exchange active and standby components are...

—

SI-13(01)

Transferring Component Responsibilities 1 param

Take system components out of service by transferring component responsibilities to substitute components no later than {{ insert: param, si-13.01_odp }} of mean time to failure.

► View parameters

Param ID	Label	Constraint / Choices
si-13.01_odp	fraction or percentage	the fraction or percentage of mean time to failure within which to transfer the responsibilities of a system componen...

—

SI-13(02)

Time Limit on Process Execution Without Supervision

—

SI-13(03)

Manual Transfer Between Components 1 param

Manually initiate transfers between active and standby system components when the use of the active component reaches {{ insert: param, si-13.03_odp }} of the mean time to failure.

► View parameters

Param ID	Label	Constraint / Choices
si-13.03_odp	percentage	the percentage of the mean time to failure for transfers to be manually initiated is defined;

—

SI-13(04)

Standby Component Installation and Notification 4 params

If system component failures are detected: (a) Ensure that the standby components are successfully and transparently installed within {{ insert: param, si-13.04_odp.01 }} ; and (b) {{ insert: p...

► View parameters

Param ID	Label	Constraint / Choices
si-13.04_odp.01	time period	time period for standby components to be installed is defined;
si-13.04_odp.02		Select one-or-more: activate {{ insert: param, si-13.04_odp.03 }} ; automatically shut down the system; {{ insert: param, si-13.04_odp.04 }}
si-13.04_odp.03	alarm	alarm to be activated when system component failures are detected is defined (if selected);
si-13.04_odp.04	action	action to be taken when system component failures are detected is defined (if selected);

—

SI-13(05)

Failover Capability 2 params

Provide {{ insert: param, si-13.05_odp.01 }} {{ insert: param, si-13.05_odp.02 }} for the system.

► View parameters

Param ID	Label	Constraint / Choices
si-13.05_odp.01		Select one: real-time; near real-time
si-13.05_odp.02	failover capability	a failover capability for the system has been defined;

—

└ si-13.4.(a)

Ensure that the standby components are successfully and transparently installed within {{ insert: param, si-13.04_odp.01 }} ; and

—

└ si-13.4.(b)

{{ insert: param, si-13.04_odp.02 }}.

—

└ si-13a

Determine mean time to failure (MTTF) for the following system components in specific environments of operation: {{ insert: param, si-13_odp.01 }} ...

—

└ si-13b

Provide substitute system components and a means to exchange active and standby components in accordance with the following criteria: {{ insert: pa...

—

SI-14

Non-persistence 3 params

Implement non-persistent {{ insert: param, si-14_odp.01 }} that are initiated in a known state and terminated {{ insert: param, si-14_odp.02 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-14_odp.01	system components and services	non-persistent system components and services to be implemented are defined;
si-14_odp.02		Select one-or-more: upon end of session of use; {{ insert: param, si-14_odp.03 }}
si-14_odp.03	frequency	the frequency at which to terminate non-persistent components and services that are initiated in a known state is def...

—

SI-14(01)

Refresh from Trusted Sources 1 param

Obtain software and data employed during system component and service refreshes from the following trusted sources: {{ insert: param, si-14.01_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-14.01_odp	trusted sources	trusted sources to obtain software and data for system component and service refreshes are defined;

—

SI-14(02)

Non-persistent Information 4 params

(a) {{ insert: param, si-14.02_odp.01 }} ; and (b) Delete information when no longer needed.

► View parameters

Param ID	Label	Constraint / Choices
si-14.02_odp.01		Select one: refresh {{ insert: param, si-14.02_odp.02 }} {{ insert: param, si-14.02_odp.03 }} ; generate {{ insert: param, si-14.02_odp.04 }} on demand
si-14.02_odp.02	information	the information to be refreshed is defined (if selected);
si-14.02_odp.03	frequency	the frequency at which to refresh information is defined (if selected);
si-14.02_odp.04	information	the information to be generated is defined (if selected);

—

SI-14(03)

Non-persistent Connectivity 1 param

Establish connections to the system on demand and terminate connections after {{ insert: param, si-14.03_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-14.03_odp		Select one: completion of a request; a period of non-use

—

└ si-14.2.(a)

{{ insert: param, si-14.02_odp.01 }} ; and

—

└ si-14.2.(b)

Delete information when no longer needed.

—

SI-15

Information Output Filtering 1 param

Validate information output from the following software programs and/or applications to ensure that the information is consistent with the expected content: {{ insert: param, si-15_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-15_odp	software programs and/or applications	software programs and/or applications whose information output requires validation are defined;

—

SI-16

Memory Protection 1 param

Implement the following controls to protect the system memory from unauthorized code execution: {{ insert: param, si-16_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-16_odp	controls	controls to be implemented to protect the system memory from unauthorized code execution are defined;

—

SI-17

Fail-safe Procedures 3 params

Implement the indicated fail-safe procedures when the indicated failures occur: {{ insert: param, si-17_prm_1 }}.

► View parameters

Param ID	Label	Constraint / Choices
si-17_prm_1	organization-defined list of failure conditions and associated fail-safe procedures	Organization-defined
si-17_odp.01	fail-safe procedures	fail-safe procedures associated with failure conditions are defined;
si-17_odp.02	list of failure conditions	a list of failure conditions requiring fail-safe procedures is defined;

—

SI-18

Personally Identifiable Information Quality Operations 5 params

a. Check the accuracy, relevance, timeliness, and completeness of personally identifiable information across the information life cycle {{ insert: param, si-18_prm_1 }} ; and b. Correct or dele...

► View parameters

Param ID	Label	Constraint / Choices
si-18_prm_1	organization-defined frequency	Organization-defined
si-18_odp.01	frequency	the frequency at which to check the accuracy of personally identifiable information across the information life cycle...
si-18_odp.02	frequency	the frequency at which to check the relevance of personally identifiable information across the information life cycl...
si-18_odp.03	frequency	the frequency at which to check the timeliness of personally identifiable information across the information life cyc...
si-18_odp.04	frequency	the frequency at which to check the completeness of personally identifiable information across the information life c...

—

SI-18(01)

Automation Support 1 param

Correct or delete personally identifiable information that is inaccurate or outdated, incorrectly determined regarding impact, or incorrectly de-identified using {{ insert: param, si-18.01_odp }}.

► View parameters

Param ID	Label	Constraint / Choices
si-18.01_odp	automated mechanisms	automated mechanisms used to correct or delete personally identifiable information that is inaccurate, outdated, inco...

—

SI-18(02)

Data Tags

Employ data tags to automate the correction or deletion of personally identifiable information across the information life cycle within organizational systems.

—

SI-18(03)

Collection

Collect personally identifiable information directly from the individual.

—

SI-18(04)

Individual Requests

Correct or delete personally identifiable information upon request by individuals or their designated representatives.

—

SI-18(05)

Notice of Correction or Deletion 1 param

Notify {{ insert: param, si-18.05_odp }} and individuals that the personally identifiable information has been corrected or deleted.

► View parameters

Param ID	Label	Constraint / Choices
si-18.05_odp	recipients	recipients of personally identifiable information to be notified when the personally identifiable information has bee...

—

└ si-18a

Check the accuracy, relevance, timeliness, and completeness of personally identifiable information across the information life cycle {{ insert: par...

—

└ si-18b

Correct or delete inaccurate or outdated personally identifiable information.

—

SI-19

De-identification 2 params

a. Remove the following elements of personally identifiable information from datasets: {{ insert: param, si-19_odp.01 }} ; and b. Evaluate {{ insert: param, si-19_odp.02 }} for effectiveness of...

► View parameters

Param ID	Label	Constraint / Choices
si-19_odp.01	elements	elements of personally identifiable information to be removed from datasets are defined;
si-19_odp.02	frequency	the frequency at which to evaluate the effectiveness of de-identification is defined;

—

SI-19(01)

Collection

De-identify the dataset upon collection by not collecting personally identifiable information.

—

SI-19(02)

Archiving

Prohibit archiving of personally identifiable information elements if those elements in a dataset will not be needed after the dataset is archived.

—

SI-19(03)

Release

Remove personally identifiable information elements from a dataset prior to its release if those elements in the dataset do not need to be part of the data release.

—

SI-19(04)

Removal, Masking, Encryption, Hashing, or Replacement of Direct Identifiers

Remove, mask, encrypt, hash, or replace direct identifiers in a dataset.

—

SI-19(05)

Statistical Disclosure Control

Manipulate numerical data, contingency tables, and statistical findings so that no individual or organization is identifiable in the results of the analysis.

—

SI-19(06)

Differential Privacy

Prevent disclosure of personally identifiable information by adding non-deterministic noise to the results of mathematical operations before the results are reported.

—

SI-19(07)

Validated Algorithms and Software

Perform de-identification using validated algorithms and software that is validated to implement the algorithms.

—

SI-19(08)

Motivated Intruder

Perform a motivated intruder test on the de-identified dataset to determine if the identified data remains or if the de-identified data can be re-identified.

—

└ si-19a

Remove the following elements of personally identifiable information from datasets: {{ insert: param, si-19_odp.01 }} ; and

—

└ si-19b

Evaluate {{ insert: param, si-19_odp.02 }} for effectiveness of de-identification.

—

└ si-1a

Develop, document, and disseminate to {{ insert: param, si-1_prm_1 }}:

—

└ si-1a.1

{{ insert: param, si-01_odp.03 }} system and information integrity policy that:

—

└ si-1a.1.(a)

Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and

—

└ si-1a.1.(b)

Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and

—

└ si-1a.2

Procedures to facilitate the implementation of the system and information integrity policy and the associated system and information integrity cont...

—

└ si-1b

Designate an {{ insert: param, si-01_odp.04 }} to manage the development, documentation, and dissemination of the system and information integrity ...

—

└ si-1c

Review and update the current system and information integrity:

—

└ si-1c.1

Policy {{ insert: param, si-01_odp.05 }} and following {{ insert: param, si-01_odp.06 }} ; and

—

└ si-1c.2

Procedures {{ insert: param, si-01_odp.07 }} and following {{ insert: param, si-01_odp.08 }}.

—

SI-20

Tainting 1 param

Embed data or capabilities in the following systems or system components to determine if organizational data has been exfiltrated or improperly removed from the organization: {{ insert: param, si-2...

► View parameters

Param ID	Label	Constraint / Choices
si-20_odp	systems or system components	the systems or system components with data or capabilities to be embedded are defined;

—

SI-21

Information Refresh 2 params

Refresh {{ insert: param, si-21_odp.01 }} at {{ insert: param, si-21_odp.02 }} or generate the information on demand and delete the information when no longer needed.

► View parameters

Param ID	Label	Constraint / Choices
si-21_odp.01	information	the information to be refreshed is defined;
si-21_odp.02	frequencies	the frequencies at which to refresh information are defined;

—

SI-22

Information Diversity 3 params

a. Identify the following alternative sources of information for {{ insert: param, si-22_odp.02 }}: {{ insert: param, si-22_odp.01 }} ; and b. Use an alternative information source for the exec...

► View parameters

Param ID	Label	Constraint / Choices
si-22_odp.01	alternative information sources	alternative information sources for essential functions and services are defined;
si-22_odp.02	essential functions and services	essential functions and services that require alternative sources of information are defined;
si-22_odp.03	systems or system components	systems or system components that require an alternative information source for the execution of essential functions ...

—

└ si-22a

Identify the following alternative sources of information for {{ insert: param, si-22_odp.02 }}: {{ insert: param, si-22_odp.01 }} ; and

—

└ si-22b

Use an alternative information source for the execution of essential functions or services on {{ insert: param, si-22_odp.03 }} when the primary so...

—

SI-23

Information Fragmentation 3 params

Based on {{ insert: param, si-23_odp.01 }}: a. Fragment the following information: {{ insert: param, si-23_odp.02 }} ; and b. Distribute the fragmented information across the following systems ...

► View parameters

Param ID	Label	Constraint / Choices
si-23_odp.01	circumstances	circumstances that require information fragmentation are defined;
si-23_odp.02	information	the information to be fragmented is defined;
si-23_odp.03	systems or system components	systems or system components across which the fragmented information is to be distributed are defined;

—

└ si-23a

Fragment the following information: {{ insert: param, si-23_odp.02 }} ; and

—

└ si-2.3.(a)

Measure the time between flaw identification and flaw remediation; and

—

└ si-23b

Distribute the fragmented information across the following systems or system components: {{ insert: param, si-23_odp.03 }}.

—

└ si-2.3.(b)

Establish the following benchmarks for taking corrective actions: {{ insert: param, si-02.03_odp }}.

—

└ si-2.7a

Conduct root cause analysis to identify underlying causes of issues or failures.

—

└ si-2.7b

Develop actions to address the root cause of the issue or failure.

—

└ si-2.7c

Implement the actions and monitor the implementation for effectiveness.

—

└ si-2a

Identify, report, and correct system flaws;

—

└ si-2b

Test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation;

—

└ si-2c

Install security-relevant software and firmware updates within {{ insert: param, si-02_odp }} of the release of the updates; and

—

└ si-2d

Incorporate flaw remediation into the organizational configuration management process.

—

└ si-3.10.(a)

Employ the following tools and techniques to analyze the characteristics and behavior of malicious code: {{ insert: param, si-03.10_odp }} ; and

—

└ si-3.10.(b)

Incorporate the results from malicious code analysis into organizational incident response and flaw remediation processes.

—

└ si-3.6.(a)

Test malicious code protection mechanisms {{ insert: param, si-03.06_odp }} by introducing known benign code into the system; and

—

└ si-3.6.(b)

Verify that the detection of the code and the associated incident reporting occur.

—

└ si-3.8.(a)

Detect the following unauthorized operating system commands through the kernel application programming interface on {{ insert: param, si-03.08_odp....

—

└ si-3.8.(b)

{{ insert: param, si-03.08_odp.03 }}.

—

└ si-3a

Implement {{ insert: param, si-03_odp.01 }} malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious ...

—

└ si-3b

Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management ...

—

└ si-3c

Configure malicious code protection mechanisms to:

—

└ si-3c.1

Perform periodic scans of the system {{ insert: param, si-03_odp.02 }} and real-time scans of files from external sources at {{ insert: param, si-0...

—

└ si-3c.2

{{ insert: param, si-03_odp.04 }} ; and send alert to {{ insert: param, si-03_odp.06 }} in response to malicious code detection; and

—

└ si-3d

Address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of th...

—

└ si-4.13.(a)

Analyze communications traffic and event patterns for the system;

—

└ si-4.13.(b)

Develop profiles representing common traffic and event patterns; and

—

└ si-4.13.(c)

Use the traffic and event profiles in tuning system-monitoring devices.

—

└ si-4.22.(a)

Detect network services that have not been authorized or approved by {{ insert: param, si-04.22_odp.01 }} ; and

—

└ si-4.22.(b)

{{ insert: param, si-04.22_odp.02 }} when detected.

—

└ si-4.4.(a)

Determine criteria for unusual or unauthorized activities or conditions for inbound and outbound communications traffic;

—

└ si-4.4.(b)

Monitor inbound and outbound communications traffic {{ insert: param, si-4.4_prm_1 }} for {{ insert: param, si-4.4_prm_2 }}.

—

└ si-4.7.(a)

Notify {{ insert: param, si-04.07_odp.01 }} of detected suspicious events; and

—

└ si-4.7.(b)

Take the following actions upon detection: {{ insert: param, si-04.07_odp.02 }}.

—

└ si-4a

Monitor the system to detect:

—

└ si-4a.1

Attacks and indicators of potential attacks in accordance with the following monitoring objectives: {{ insert: param, si-04_odp.01 }} ; and

—

└ si-4a.2

Unauthorized local, network, and remote connections;

—

└ si-4b

Identify unauthorized use of the system through the following techniques and methods: {{ insert: param, si-04_odp.02 }};

—

└ si-4c

Invoke internal monitoring capabilities or deploy monitoring devices:

—

└ si-4c.1

Strategically within the system to collect organization-determined essential information; and

—

└ si-4c.2

At ad hoc locations within the system to track specific types of transactions of interest to the organization;

—

└ si-4d

Analyze detected events and anomalies;

—

└ si-4e

Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizat...

—

└ si-4f

Obtain legal opinion regarding system monitoring activities; and

—

└ si-4g

Provide {{ insert: param, si-04_odp.03 }} to {{ insert: param, si-04_odp.04 }} {{ insert: param, si-04_odp.05 }}.

—

└ si-5a

Receive system security alerts, advisories, and directives from {{ insert: param, si-05_odp.01 }} on an ongoing basis;

—

└ si-5b

Generate internal security alerts, advisories, and directives as deemed necessary;

—

└ si-5c

Disseminate security alerts, advisories, and directives to: {{ insert: param, si-05_odp.02 }} ; and

—

└ si-5d

Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance.

—

└ si-6a

Verify the correct operation of {{ insert: param, si-6_prm_1 }};

—

└ si-6b

Perform the verification of the functions specified in SI-6a {{ insert: param, si-06_odp.03 }};

—

└ si-6c

Alert {{ insert: param, si-06_odp.06 }} to failed security and privacy verification tests; and

—

└ si-6d

{{ insert: param, si-06_odp.07 }} when anomalies are discovered.

—

└ si-7a

Employ integrity verification tools to detect unauthorized changes to the following software, firmware, and information: {{ insert: param, si-7_prm...

—

└ si-7b

Take the following actions when unauthorized changes to the software, firmware, and information are detected: {{ insert: param, si-7_prm_2 }}.

—

└ si-8a

Employ spam protection mechanisms at system entry and exit points to detect and act on unsolicited messages; and

—

└ si-8b

Update spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.

—