Navigate

CCI-001286

CCI-001286 Definition

The organization generates internal security alerts, advisories, and directives as deemed necessary.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to generate internal security alerts, advisories, and directives as deemed necessary.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines documented process as well as the generated internal security alerts, advisories, and directives to ensure the organization being inspected/assessed generates internal security alerts, advisories, and directives as deemed necessary.

Compelling Evidence

1.) Signed and dated System security plan defines how it generates internal security notifications (what sources are used as the basis) and who it is distributed to. 2.) Sample of notification. 3.) List of personnel to be notified.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001286.

Control	Description
SI-5	The organization: SI-5a.: Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis; SI-5b.: Generates internal security alerts, advisories, and directives as deemed necessary; SI-5c.: Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and SI-5d.: Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.

Control

Description

SI-5

The organization:

SI-5a.: Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis;

SI-5b.: Generates internal security alerts, advisories, and directives as deemed necessary;

SI-5c.: Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and

SI-5d.: Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.