HOME

SI-6

SI-6 H M
Description

The information system:
a. Verifies the correct operation of [Assignment: organization-defined security functions];
b. Performs this verification [Selection (one or more): [Assignment: organization-defined system transitional states]; upon command by user with appropriate privilege; [Assignment: organization-defined frequency]];
c. Notifies [Assignment: organization-defined personnel or roles] of failed security verification tests; and
d. [Selection (one or more): shuts the information system down; restarts the information system; [Assignment: organization-defined alternative action(s)]] when anomalies are discovered.

FedRAMP
  • H SI-6 (b) [to include upon system startup and/or restart and at least monthly] SI-6 (c) [to include system administrators and security personnel] SI-6 (d) [to include notification of system administrators and security personnel]
  • M SI-6 (b) [to include upon system startup and/or restart and at least monthly] SI-6 (c) [to include system administrators and security personnel] SI-6 (d) [to include notification of system administrators and security personnel]
DISA Cloud Computing SRG

a. Not appropriate for DoD to define for all CSP's infrastructure or service offerings

b. upon system startup, and/or restart, upon command by user with appropriate privileges

b. 30 days

c. the ISSO and ISSM

d. notifies system administrator

Source:
DoD RMF TAG

Supplemental Guidance

Transitional states for information systems include, for example, system startup, restart, shutdown, and abort. Notifications provided by information systems include, for example, electronic alerts to system administrators, messages to local computer consoles, and/or hardware indications such as lights.

Related Controls