Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

si-3(9)

malicious code protection  | authenticate remote commands

assessment objective:

Determine if:

si-3(9)[1]

the organization defines security safeguards to be implemented by the information system to authenticate organization-defined remote commands;

si-3(9)[2]

the organization defines remote commands to be authenticated by organization-defined security safeguards; and

si-3(9)[3]

the information system implements organization-defined security safeguards to authenticate organization-defined remote commands.

potential assessment methods and objects:

Examine: [select from: System and information integrity policy; procedures addressing malicious code protection; information system design documentation; malicious code protection mechanisms; warning messages sent upon detection of unauthorized operating system command execution; information system configuration settings and associated documentation; information system audit records; other relevant documents or records].

Interview: [select from: System/network administrators; organizational personnel with information security responsibilities; system developers; organizational personnel installing, configuring, and/or maintaining the information system; organizational personnel with responsibility for malicious code protection].

Test: [select from: Automated mechanisms supporting and/or implementing malicious code protection capability; automated mechanisms implementing authentication of remote commands; automated mechanisms supporting and/or implementing security safeguards to authenticate remote commands].