SI-10(1)—Manual Override Capability
>Control Description
a
Provide a manual override capability for input validation of the following information inputs: ⚙organization-defined inputs defined in the base control (SI-10);
b
Restrict the use of the manual override capability to only ⚙organization-defined authorized individuals; and
c
Audit the use of the manual override capability.
>Supplemental Guidance
In certain situations, such as during events that are defined in contingency plans, a manual override capability for input validation may be needed. Manual overrides are used only in limited circumstances and with the inputs defined by the organization.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern manual override capability?
- •Who is responsible for monitoring system and information integrity?
- •How frequently are integrity monitoring processes reviewed and updated?
Technical Implementation:
- •What technical controls detect and respond to manual override capability issues?
- •How are integrity violations identified and reported?
- •What automated tools support system and information integrity monitoring?
Evidence & Documentation:
- •Can you provide recent integrity monitoring reports or alerts?
- •What logs demonstrate that SI-10(1) is actively implemented?
- •Where is evidence of integrity monitoring maintained and for how long?
Ask AI
Configure your API key to use AI features.