Information Technology Reference
In-Depth Information
Category/
Subcategory/
Element
Control
Reference
Control Summary
Interpretation
System and
information
integrity
Si
SI-1
System and
information
integrity policy and
procedures
The organization develops,
disseminates, and periodically
reviews/updates: (i) a formal,
documented system and
information integrity policy that
addresses purpose, scope, roles,
responsibilities, management
commitment, coordination
among organizational entities,
and compliance; and (ii) formal,
documented procedures to
facilitate the implementation of
the system and information
integrity policy and associated
system and information integrity
controls.
SI-2
Flaw remediation
The organization identifies,
reports, and corrects information
system flaws.
SI-3
Malicious code
protection
The information system
implements malicious code
protection.
SI-4
Information system
monitoring tools
and techniques
The organization employs tools
and techniques to monitor events
on the information system, detect
attacks, and provide identification
of unauthorized use of the
system.
SI-5
Security alerts and
advisories
The organization receives
information system security
alerts/advisories on a regular
basis, issues alerts/advisories to
appropriate personnel, and takes
appropriate actions in response.
