STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

SI-5

System and Information IntegrityRev 5organization

Security Alerts, Advisories, and Directives

Baselines:LowModerateHigh

Control Statement

a. Receive system security alerts, advisories, and directives from [Assignment: external organizations] on an ongoing basis; b. Generate internal security alerts, advisories, and directives as deemed necessary; c. Disseminate security alerts, advisories, and directives to: [Selection: organization-defined value] ; and d. Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance.

Supplemental Guidance

The Cybersecurity and Infrastructure Security Agency (CISA) generates security alerts and advisories to maintain situational awareness throughout the Federal Government. Security directives are issued by OMB or other designated organizations with the responsibility and authority to issue such directives. Compliance with security directives is essential due to the critical nature of many of these directives and the potential (immediate) adverse effects on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be implemented in a timely manner. External organizations include supply chain partners, external mission or business partners, external service providers, and other peer or supporting organizations.

Related Controls (3)

PM-15RA-5SI-2

CCI Identifiers (8)

CCI-001285Receive system security alerts, advisories, and directives from organization-defined external organizations on an ongoing basis.CCI-001286Generate internal security alerts, advisories, and directives as deemed necessary.CCI-001287Disseminate security alerts, advisories, and directives to organization-defined personnel or roles, organization-defined elements within the organization, and/or organization-defined external organizations.CCI-002692Defines the external organizations from which it receives information system security alerts, advisories, and directives.CCI-002693Defines the elements within the organization to whom the organization will disseminate security alerts, advisories, and directives.CCI-001288Defines the personnel or roles to whom the organization will disseminate security alerts, advisories, and directives.CCI-001289Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance.CCI-002694

Linked STIG Checks (3)

Across 2 STIGs. Click to expand.

Defines the external organizations to which the organization will disseminate security alerts, advisories, and directives.