With 205 Controls, 423 enhancements and 1,394 definitions, it's overwhelming! Lucky for you, ISL's Cyber Security Professionals are here to help.

Contact us so we can discuss what Cyber Security controls mean to your organization.

SI-5 : SECURITY ALERTS, ADVISORIES, AND DIRECTIVES

FAMILY: System and Information IntegrityCLASS: Operational

SI-5 : SECURITY ALERTS, ADVISORIES, AND DIRECTIVES

The organization:

a. Receives information system security alerts, advisories, and directives from designated external organizations on an ongoing basis;

b. Generates internal security alerts, advisories, and directives as deemed necessary;

c. Disseminates security alerts, advisories, and directives to [Assignment: organization-defined list of personnel (identified by name and/or by role)]; and

d. Implements security directives in accordance with established time frames, or notifies the issuing organization of the degree of noncompliance.

Security alerts and advisories are generated by the United States Computer Emergency Readiness Team (US-CERT) to maintain situational awareness across the federal government. Security directives are issued by OMB or other designated organizations with the responsibility and authority to issue such directives. Compliance to security directives is essential due to the critical nature of many of these directives and the potential immediate adverse affects on organizational operations and assets, individuals, other organizations, and the Nation should the directives not be implemented in a timely manner.
Control Enhancements:
(1) The information system restricts the ability of users to launch denial of service attacks against other information systems or networks.
(2) The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.
References: NIST Special Publication 800-40.
Priority and Baseline Allocation:
P1 LOW SI-5 MOD SI-5 HIGH SI-5 (1)