zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-03 16:32:15 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/si-5.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

2.8 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

si-5 - [catalog] Security Alerts, Advisories, and Directives

Control Statement

  • [a] Receive system security alerts, advisories, and directives from external organizations on an ongoing basis;

  • [b] Generate internal security alerts, advisories, and directives as deemed necessary;

  • [c] Disseminate security alerts, advisories, and directives to: No value found ; and

  • [d] Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance.

Control guidance

The Cybersecurity and Infrastructure Security Agency (CISA) generates security alerts and advisories to maintain situational awareness throughout the Federal Government. Security directives are issued by OMB or other designated organizations with the responsibility and authority to issue such directives. Compliance with security directives is essential due to the critical nature of many of these directives and the potential (immediate) adverse effects on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be implemented in a timely manner. External organizations include supply chain partners, external mission or business partners, external service providers, and other peer or supporting organizations.

Control assessment-objective

system security alerts, advisories, and directives are received from external organizations on an ongoing basis; internal security alerts, advisories, and directives are generated as deemed necessary; security alerts, advisories, and directives are disseminated to No value found; security directives are implemented in accordance with established time frames or if the issuing organization is notified of the degree of noncompliance.

What is the solution and how is it implemented?

Implementation a.

Add control implementation description here for item si-5_smt.a

Implementation b.

Add control implementation description here for item si-5_smt.b

Implementation c.

Add control implementation description here for item si-5_smt.c

Implementation d.

Add control implementation description here for item si-5_smt.d