SI-5(1)—Security Alerts, Advisories, and Directives | Automated Alerts and Advisories

IL4 High

IL5

IL6

>Control Description

Broadcast security alert and advisory information throughout the organization using ⚙organization-defined automated mechanisms.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

The significant number of changes to organizational systems and environments of operation requires the dissemination of security-related information to a variety of organizational entities that have a direct interest in the success of organizational mission and business functions. Based on information provided by security alerts and advisories, changes may be required at one or more of the three levels related to the management of risk, including the governance level, mission and business process level, and the information system level.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

•What policies and procedures govern automated alerts and advisories?
•Who is responsible for monitoring system and information integrity?
•How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

•What technical controls detect and respond to automated alerts and advisories issues?
•How are integrity violations identified and reported?
•What automated tools support system and information integrity monitoring?

Evidence & Documentation:

•Can you provide recent integrity monitoring reports or alerts?
•What logs demonstrate that SI-5(1) is actively implemented?
•Where is evidence of integrity monitoring maintained and for how long?

Ask AI

Configure your API key to use AI features.