Control: The information system:
Security Function Verification Supplemental Guidance:
Transitional states for information systems include, for example, system startup, restart, shutdown, and abort. Notifications provided by information systems include, for example, electronic alerts to system administrators, messages to local computer consoles, and/or hardware indications such as lights.
Security Function Verification Control Enhancements:
SI-6 (1) Security Function Verification - Notification of failed security tests
[Withdrawn: Incorporated into SI-6].
SI-6 (2) Security Function Verification - Automation support for distributed testing
The information system implements automated mechanisms to support the management of distributed security testing.
Supplemental Guidance: Related control:SI-2.
SI-6 (3) Security Function Verification - Report Verification Results
The organisation reports the results of security function verification to [Assignment: organisation- defined personnel or roles].
Supplemental Guidance: Organisational personnel with potential interest in security function verification results include, for example, senior information security officers, information system security managers, and information systems security officers.