STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

SI-6

System and Information IntegrityRev 5system

Security and Privacy Function Verification

Baselines:High

Control Statement

a. Verify the correct operation of [Assignment: organization-defined security and privacy functions]; b. Perform the verification of the functions specified in SI-6a [Selection: organization-defined value]; c. Alert [Assignment: personnel or roles] to failed security and privacy verification tests; and d. [Selection: organization-defined value] when anomalies are discovered.

Supplemental Guidance

Transitional states for systems include system startup, restart, shutdown, and abort. System notifications include hardware indicator lights, electronic alerts to system administrators, and messages to local computer consoles. In contrast to security function verification, privacy function verification ensures that privacy functions operate as expected and are approved by the senior agency official for privacy or that privacy attributes are applied or used as expected.

Related Controls (4)

CA-7CM-4CM-6SI-7

CCI Identifiers (23)

CCI-001674The information system responds to security function anomalies in accordance with organization-defined responses and alternative action(s).CCI-001676The organization defines, for periodic security function verification, the frequency of the verifications.CCI-004991Defines alternative action(s) to be taken when anomalies in the operation of organization-defined privacy functions are discovered.CCI-004992Shut the system down, restart the system, and/or initiate organization-defined alternative action(s) when anomalies in the operation of the organization-defined privacy functions are discovered.CCI-004984Defines the privacy functions that require verification of correct operation.CCI-004985Verify correct operation of organization-defined privacy functions.CCI-004986Defines the frequency at which it will verify correct operation of organization-defined privacy functions.CCI-004987Defines the system transitional states when the system will verify correct operation of organization-defined privacy functions.

Linked STIG Checks (158)

Across 67 STIGs. Click to expand.

CCI-001291The information system verifies the correct operation of security functions in accordance with organization-defined conditions and in accordance with organization-defined frequency (if periodic verification).
CCI-001292The organization defines the appropriate conditions, including the system transitional states if applicable, for verifying the correct operation of security functions.
CCI-001293The organization defines the information system responses and alternative action(s) to anomalies discovered during security function verification.
CCI-001294Alert organization-defined personnel or roles of failed security verification tests.
CCI-002695Defines the security functions that require verification of correct operation.
CCI-002696Verify correct operation of organization-defined security functions.
CCI-002697Defines the frequency at which it will verify correct operation of organization-defined security functions.
CCI-002698Defines the system transitional states when the system will verify correct operation of organization-defined security functions.
CCI-002699Perform verification of the correct operation of organization-defined security functions: when the system is in an organization-defined transitional state; upon command by a user with appropriate privileges; and/or on an organization-defined frequency.
CCI-002700Defines the personnel or roles to be notified when security verification tests fail.
CCI-002701Defines alternative action(s) to be taken when anomalies in the operation of organization-defined security functions are discovered.
CCI-002702Shut the system down, restart the system, and/or initiate organization-defined alternative action(s) when anomalies in the operation of the organization-defined security functions are discovered.
CCI-004988Perform verification of the correct operation of organization-defined privacy functions: when the system is in an organization-defined transitional state; upon command by a user with appropriate privileges; and/or on an organization-defined frequency.
CCI-004989Alert organization-defined personnel or roles of failed privacy verification tests.
CCI-004990Defines the personnel or roles to be notified when privacy verification tests fail.