Information Technology Reference
In-Depth Information
Category/
Subcategory/
Element
Control
Reference
Control Summary
Interpretation
SI-6
Security functionality
verification
The information system verifies the
correct operation of security
functions [selection (one or
more): upon system startup and
restart, upon command by user
with appropriate privilege,
periodically every [assignment:
organization-defined time period]
and [selection (one or more):
notifies system administrator,
shuts the system down, restarts
the system] when anomalies are
discovered.
SI-7
Software and
information
integrity
The information system detects
and protects against unauthorized
changes to software and
information.
SI-8
Spam protection
The information system
implements spam protection.
SI-9
Information input
restrictions
The organization restricts the
capability to input information to
the information system to
authorized personnel.
SI-10
Information
accuracy,
completeness,
validity, and
authenticity
The information system checks
information for accuracy,
completeness, validity, and
authenticity.
SI-11
Error handling
The information system identifies
and handles error conditions in
an expeditious manner without
providing information that could
be exploited by adversaries.
SI-12
Information output
handling and
retention
The organization handles and
retains output from the
information system in accordance
with applicable laws, executive
orders, directives, policies,
regulations, standards, and
operational requirements.