• Requirement

    1. Verify the correct operation of [Assignment: organization-defined security and privacy functions];
    2. Perform the verification of the functions specified in SI-6a [Selection (one or more): [Assignment: organization-defined system transitional states]; upon command by user with appropriate privilege; [Assignment: organization-defined frequency]];
    3. Alert [Assignment: organization-defined personnel or roles] to failed security and privacy verification tests; and
    4. [Selection (one or more): Shut the system down; Restart the system; [Assignment: organization-defined alternative action(s)]] when anomalies are discovered.
  • Discussion

    Transitional states for systems include system startup, restart, shutdown, and abort. System notifications include hardware indicator lights, electronic alerts to system administrators, and messages to local computer consoles. In contrast to security function verification, privacy function verification ensures that privacy functions operate as expected and are approved by the senior agency official for privacy or that privacy attributes are applied or used as expected.

More Info

  • Title

    Security and Privacy Function Verification
  • Family

    System and Information Integrity
  • NIST 800-53B Baseline(s)

    • High
  • Related NIST 800-53 ID


NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!