Guidance for NIST 800-171 Assessment & Compliance

SI-10 INFORMATION INPUT VALIDATION

Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

(O)ther than satisfactory +##

###

si-10	information input validation
	assessment objective: Determine if:
	si-10[1]	the organization defines information inputs requiring validity checks; and
	si-10[2]	the information system checks the validity of organization-defined information inputs.
	potential assessment methods and objects: Examine: [select from: System and information integrity policy; access control policy and procedures; separation of duties policy and procedures; procedures addressing information input validation; documentation for automated tools and applications to verify validity of information; list of information inputs requiring validity checks; information system design documentation; information system configuration settings and associated documentation; information system audit records; other relevant documents or records]. Interview: [select from: Organizational personnel with responsibility for information input validation; organizational personnel with information security responsibilities; system/network administrators; system developer]. Test: [select from: Automated mechanisms supporting and/or implementing validity checks on information inputs].

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056