HOME

SI-5

SI-5 H M L
Description

The organization:
a. Receives information system security alerts, advisories, and directives from [Assignment: organization-defined external organizations] on an ongoing basis;
b. Generates internal security alerts, advisories, and directives as deemed necessary;
c. Disseminates security alerts, advisories, and directives to: [Selection (one or more): [Assignment: organization-defined personnel or roles]; [Assignment: organization-defined elements within the organization]; [Assignment: organization-defined external organizations]]; and
d. Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.

FedRAMP
  • H SI-5 (a) [to include US-CERT] SI-5 (c) [to include system security personnel and administrators with configuration/patch-management responsibilities]
  • M SI-5 (a) [to include US-CERT] SI-5 (c) [to include system security personnel and administrators with configuration/patch-management responsibilities]
  • L SI-5 (a) [to include US-CERT] SI-5 (c) [to include system security personnel and administrators with configuration/patch-management responsibilities]
DISA Cloud Computing SRG

a. At a minimum, USCYBERCOM.

c. the ISSO and ISSM

c. not applicable as elements are not selected as recipients of security alerts, advisories and directives

c. CNDSP Tier 1 for vetting. The CNDSP Tier 1 will pass the information to the accredited Tier 2 CNDSPs. Tier 2 CNDSPs are responsible for ensuring all Tier 3 entities receive the information. Tier 3 organizations will ensure all local Op Centers/LAN shops receive information
(i.e. Component IT System and Security Personnel)
(e.g. ISSM, ISSOs, and system administrators)

Source:
DoD RMF TAG

Supplemental Guidance

The United States Computer Emergency Readiness Team (US-CERT) generates security alerts and advisories to maintain situational awareness across the federal government. Security directives are issued by OMB or other designated organizations with the responsibility and authority to issue such directives. Compliance to security directives is essential due to the critical nature of many of these directives and the potential immediate adverse effects
on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be implemented in a timely manner. External organizations include, for example, external mission/business partners, supply chain partners, external service providers, and other peer/supporting organizations.

Related Controls