Navigate

SI-6(3)

SI-6(3): Report Verification Results

Report the results of security and privacy function verification to [personnel or roles designated to receive the results of security and privacy function verification is/are defined;].

Supplemental

Organizational personnel with potential interest in the results of the verification of security and privacy functions include systems security officers, senior agency information security officers, and senior agency officials for privacy.

CIA Levels
Confidentiality	unknown
Integrity	high
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-6(3).

Control	Description
SI-4	a: Monitor the system to detect: 1: Attacks and indicators of potential attacks in accordance with the following monitoring objectives: [monitoring objectives to detect attacks and indicators of potential attacks on the system are defined;] ; and 2: Unauthorized local, network, and remote connections; b: Identify unauthorized use of the system through the following techniques and methods: [techniques and methods used to identify unauthorized use of the system are defined;]; c: Invoke internal monitoring capabilities or deploy monitoring devices: 1: Strategically within the system to collect organization-determined essential information; and 2: At ad hoc locations within the system to track specific types of transactions of interest to the organization; d: Analyze detected events and anomalies; e: Adjust the level of system monitoring activity when there is a change in risk to organizational operations and assets, individuals, other organizations, or the Nation; f: Obtain legal opinion regarding system monitoring activities; and g: Provide [system monitoring information to be provided to personnel or roles is defined;] to [personnel or roles to whom system monitoring information is to be provided is/are defined;] [one or more of "as needed"/"{{ insert: param, si-04_odp.06 }} "].
SR-4	Document, monitor, and maintain valid provenance of the following systems, system components, and associated data: [systems, system components, and associated data that require valid provenance are defined;].
SR-5	Employ the following acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks: [acquisition strategies, contract tools, and procurement methods to protect against, identify, and mitigate supply chain risks are defined;].

Enhancements

The controls below (if any) add on to the requirements of SI-6(3).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-6(3).

CCI	Definition
CCI-001296	Report the results of security function verification to organization-defined personnel or roles.
CCI-001675	Defines the personnel or roles that are to receive reports on the results of security function verification.
CCI-004994	Report the results of privacy function verification to organization-defined personnel or roles.
CCI-004995	Defines the personnel or roles that are to receive reports on the results of privacy function verification.