NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-6Security and Privacy Function Verification

Verify the correct operation of {{ insert: param, si-6_prm_1 }}; Perform the verification of the functions specified in SI-6a {{ insert: param, si-06_odp.03 }}; Alert {{ insert: param, si-06_odp.06 }} to failed security and privacy verification tests; and {{ insert: param, si-06_odp.07 }} when anomalies are discovered.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Transitional states for systems include system startup, restart, shutdown, and abort. System notifications include hardware indicator lights, electronic alerts to system administrators, and messages to local computer consoles. In contrast to security function verification, privacy function verification ensures that privacy functions operate as expected and are approved by the senior agency official for privacy or that privacy attributes are applied or used as expected.

Practitioner Notes

Periodically verify that your security and privacy functions are working correctly — do not just deploy them and forget about them.

Example 1: Test your access control mechanisms quarterly. Try to access resources you should not have access to, verify that disabled accounts are actually disabled, and confirm that MFA is required where it should be. Document the test results.

Example 2: Verify your encryption is working by checking TLS configurations (use tools like SSL Labs Server Test), confirming BitLocker is active on all laptops (Get-BitLockerVolume in PowerShell), and testing that email encryption policies are enforcing as expected.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status