Navigate

CCI-002692

CCI-002692 Definition

Defines the external organizations from which it receives information system security alerts, advisories, and directives.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if system security alerts, advisories, and directives are received from [SI-05_ODP[01]; external organizations from whom system security alerts, advisories, and directives are to be received on an ongoing basis are defined] on an ongoing basis.

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing security alerts, advisories, and directives; records of security alerts and advisories; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with security alert and advisory responsibilities; organizational personnel implementing, operating, maintaining, and using the system; organizational personnel, organizational elements, and/or external organizations to whom alerts, advisories, and directives are to be disseminated; system/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for defining, receiving, generating, disseminating, and complying with security alerts, advisories, and directives; mechanisms supporting and/or implementing the definition, receipt, generation, and dissemination of security alerts, advisories, and directives; mechanisms supporting and/or implementing security directives].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002692.

Control	Description
SI-5	a: Receive system security alerts, advisories, and directives from [external organizations from whom system security alerts, advisories, and directives are to be received on an ongoing basis are defined;] on an ongoing basis; b: Generate internal security alerts, advisories, and directives as deemed necessary; c: Disseminate security alerts, advisories, and directives to: [one or more of "{{ insert: param, si-05_odp.03 }} "/"{{ insert: param, si-05_odp.04 }} "/"{{ insert: param, si-05_odp.05 }} "] ; and d: Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance.

Control

Description

SI-5

a: Receive system security alerts, advisories, and directives from [external organizations from whom system security alerts, advisories, and directives are to be received on an ongoing basis are defined;] on an ongoing basis;

b: Generate internal security alerts, advisories, and directives as deemed necessary;

c: Disseminate security alerts, advisories, and directives to: [one or more of "{{ insert: param, si-05_odp.03 }} "/"{{ insert: param, si-05_odp.04 }} "/"{{ insert: param, si-05_odp.05 }} "] ; and

d: Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance.