NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-5(1)Automated Alerts and Advisories

Broadcast security alert and advisory information throughout the organization using {{ insert: param, si-05.01_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

The significant number of changes to organizational systems and environments of operation requires the dissemination of security-related information to a variety of organizational entities that have a direct interest in the success of organizational mission and business functions. Based on information provided by security alerts and advisories, changes may be required at one or more of the three levels related to the management of risk, including the governance level, mission and business process level, and the information system level.

Practitioner Notes

Automate the receipt and distribution of security alerts so your team does not miss critical advisories because someone was on vacation.

Example 1: Set up automated feeds from CISA, Microsoft MSRC, and NVD into your ticketing system. When a critical advisory is published, a ticket is automatically created and assigned to the appropriate team for assessment and response.

Example 2: Use Microsoft Defender Vulnerability Management's security recommendations feature, which automatically identifies applicable advisories for your enrolled devices and prioritizes them based on your specific exposure. No manual advisory review needed.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status