CCI-004990

Implementation Guidance

Determine if: - [SI-06_ODP[06]; personnel or roles to be alerted of failed security and privacy verification tests is/are defined] is/are alerted to failed security verification tests. - [SI-06_ODP[06]; personnel or roles to be alerted of failed security and privacy verification tests is/are defined] is/are alerted to failed privacy verification tests.

Validation Procedures

Examine: [SELECT FROM: System and information integrity policy; system and information integrity procedures; procedures addressing security and privacy function verification; system design documentation; system configuration settings and associated documentation; alerts/notifications of failed security verification tests; list of system transition states requiring security functionality verification; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with security and privacy function verification responsibilities; organizational personnel implementing, operating, and maintaining the system; system/network administrators; organizational personnel with information security and privacy responsibilities; system developer]. Test: [SELECT FROM: Organizational processes for security and privacy function verification; mechanisms supporting and/or implementing the security and privacy function verification capability].