myctrl.tools
Compare

SI-3(6)Testing And Verification

>Control Description

a

Test malicious code protection mechanisms organization-defined frequency by introducing known benign code into the system; and

b

Verify that the detection of the code and the associated incident reporting occur.

>Cross-Framework Mappings

SCF

END-04.5
Compare

>Supplemental Guidance

None.

>Related Controls

CA-2
CA-7
RA-5

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern testing and verification?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to testing and verification issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What anti-malware solutions are deployed and how are they configured?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-3(6) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you show recent malware detection reports and response actions?

Ask AI

Configure your API key to use AI features.