>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-15Information Output Filtering

IL5
IL6

>Control Description

Validate information output from the following software programs and/or applications to ensure that the information is consistent with the expected content: organization-defined software programs and/or applications.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Certain types of attacks, including SQL injections, produce output results that are unexpected or inconsistent with the output results that would be expected from software programs or applications. Information output filtering focuses on detecting extraneous content, preventing such extraneous content from being displayed, and then alerting monitoring tools that anomalous behavior has been discovered.

>Related Controls

SI-3
SI-4
SI-11

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern information output filtering?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to information output filtering issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What systems and events are monitored for integrity violations?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-15 is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you provide examples of integrity monitoring alerts and responses?

Ask AI

Configure your API key to use AI features.