SI.L2-3.14.3 Security Alerts & Advisories
Monitor system security alerts and advisories and take action in response.
Source: NIST SP 800-171 Rev 2 3.14.3
Discussion: There are many publicly available sources of system security alerts and advisories. For example, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) generates security alerts and advisories to maintain situational awareness across the federal government and in nonfederal organizations. Software vendors, subscription services, and industry information sharing and analysis centers (ISACs) may also provide security alerts and advisories. Examples of response actions include notifying relevant external organizations, for example, external mission/business partners, supply chain partners, external service providers, and peer or supporting organizations. [SP 800-161] provides guidance on supply chain risk management.
Assessment Objectives:
Determine if:
- [a] response actions to system security alerts and advisories are identified;
- [b] system security alerts and advisories are monitored; and
- [c] actions in response to system security alerts and advisories are taken.
Examine: [SELECT FROM: System and information integrity policy; procedures addressing security alerts, advisories, and directives; security plan; records of security alerts and advisories; other relevant documents or records].
Interview: [SELECT FROM: Personnel with security alert and advisory responsibilities; personnel implementing, operating, maintaining, and using the system; personnel, organizational elements, and external organizations to whom alerts, advisories, and directives are to be disseminated; system or network administrators; personnel with information security responsibilities].
Test: [SELECT FROM: Organizational processes for defining, receiving, generating, disseminating, and complying with security alerts, advisories, and directives; mechanisms supporting or implementing definition, receipt, generation, and dissemination of security alerts, advisories, and directives; mechanisms supporting or implementing security directives].
SPRS Score: 5
POA&M Allowed: No