| 💼 SI-1 SYSTEM AND INFORMATION INTEGRITY POLICY AND PROCEDURES | | | | |
| 💼 SI-2 FLAW REMEDIATION | 6 | 1 | 1 | |
| 💼 SI-2 (1) CENTRAL MANAGEMENT | | | | |
| 💼 SI-2 (2) AUTOMATED FLAW REMEDIATION STATUS | | | | |
| 💼 SI-2 (3) TIME TO REMEDIATE FLAWS _ BENCHMARKS FOR CORRECTIVE ACTIONS | | | | |
| 💼 SI-2 (4) AUTOMATED PATCH MANAGEMENT TOOLS | | | | |
| 💼 SI-2 (5) AUTOMATIC SOFTWARE _ FIRMWARE UPDATES | | | | |
| 💼 SI-2 (6) REMOVAL OF PREVIOUS VERSIONS OF SOFTWARE _ FIRMWARE | | | | |
| 💼 SI-3 MALICIOUS CODE PROTECTION | 10 | | | |
| 💼 SI-3 (1) CENTRAL MANAGEMENT | | | | |
| 💼 SI-3 (2) AUTOMATIC UPDATES | | | | |
| 💼 SI-3 (3) NON-PRIVILEGED USERS | | | | |
| 💼 SI-3 (4) UPDATES ONLY BY PRIVILEGED USERS | | | | |
| 💼 SI-3 (5) PORTABLE STORAGE DEVICES | | | | |
| � 💼 SI-3 (6) TESTING _ VERIFICATION | | | | |
| 💼 SI-3 (7) NONSIGNATURE-BASED DETECTION | | | | |
| 💼 SI-3 (8) DETECT UNAUTHORIZED COMMANDS | | | | |
| 💼 SI-3 (9) AUTHENTICATE REMOTE COMMANDS | | | | |
| 💼 SI-3 (10) MALICIOUS CODE ANALYSIS | | | | |
| 💼 SI-4 INFORMATION SYSTEM MONITORING | 24 | | | |
| 💼 SI-4 (1) SYSTEM-WIDE INTRUSION DETECTION SYSTEM | | | | |
| 💼 SI-4 (2) AUTOMATED TOOLS FOR REAL-TIME ANALYSIS | | | | |
| 💼 SI-4 (3) AUTOMATED TOOL INTEGRATION | | | | |
| 💼 SI-4 (4) INBOUND AND OUTBOUND COMMUNICATIONS TRAFFIC | | | | |
| 💼 SI-4 (5) SYSTEM-GENERATED ALERTS | | | | |
| 💼 SI-4 (6) RESTRICT NON-PRIVILEGED USERS | | | | |
| 💼 SI-4 (7) AUTOMATED RESPONSE TO SUSPICIOUS EVENTS | | | | |
| 💼 SI-4 (8) PROTECTION OF MONITORING INFORMATION | | | | |
| 💼 SI-4 (9) TESTING OF MONITORING TOOLS | | | | |
| 💼 SI-4 (10) VISIBILITY OF ENCRYPTED COMMUNICATIONS | | | | |
| 💼 SI-4 (11) ANALYZE COMMUNICATIONS TRAFFIC ANOMALIES | | | | |
| 💼 SI-4 (12) AUTOMATED ALERTS | | | | |
| 💼 SI-4 (13) ANALYZE TRAFFIC _ EVENT PATTERNS | | | | |
| 💼 SI-4 (14) WIRELESS INTRUSION DETECTION | | | | |
| 💼 SI-4 (15) WIRELESS TO WIRELINE COMMUNICATIONS | | | | |
| 💼 SI-4 (16) CORRELATE MONITORING INFORMATION | | | | |
| 💼 SI-4 (17) INTEGRATED SITUATIONAL AWARENESS | | | | |
| 💼 SI-4 (18) ANALYZE TRAFFIC _ COVERT EXFILTRATION | | | | |
| 💼 SI-4 (19) INDIVIDUALS POSING GREATER RISK | | | | |
| 💼 SI-4 (20) PRIVILEGED USERS | | | | |
| 💼 SI-4 (21) PROBATIONARY PERIODS | | | | |
| 💼 SI-4 (22) UNAUTHORIZED NETWORK SERVICES | | | | |
| 💼 SI-4 (23) HOST-BASED DEVICES | | | | |
| 💼 SI-4 (24) INDICATORS OF COMPROMISE | | | | |
| 💼 SI-5 SECURITY ALERTS, ADVISORIES, AND DIRECTIVES | 1 | | | |
| 💼 SI-5 (1) AUTOMATED ALERTS AND ADVISORIES | | | | |
| 💼 SI-6 SECURITY FUNCTION VERIFICATION | 3 | | | |
| 💼 SI-6 (1) NOTIFICATION OF FAILED SECURITY TESTS | | | | |
| 💼 SI-6 (2) AUTOMATION SUPPORT FOR DISTRIBUTED TESTING | | | | |
| 💼 SI-6 (3) REPORT VERIFICATION RESULTS | | | | |
| 💼 SI-7 SOFTWARE, FIRMWARE, AND INFORMATION INTEGRITY | 16 | | | |
| 💼 SI-7 (1) INTEGRITY CHECKS | | | | |
| 💼 SI-7 (2) AUTOMATED NOTIFICATIONS OF INTEGRITY VIOLATIONS | | | | |
| 💼 SI-7 (3) CENTRALLY-MANAGED INTEGRITY TOOLS | | | | |
| 💼 SI-7 (4) TAMPER-EVIDENT PACKAGING | | | | |
| 💼 SI-7 (5) AUTOMATED RESPONSE TO INTEGRITY VIOLATIONS | | | | |
| 💼 SI-7 (6) CRYPTOGRAPHIC PROTECTION | | | | |
| 💼 SI-7 (7) INTEGRATION OF DETECTION AND RESPONSE | | | | |
| 💼 SI-7 (8) AUDITING CAPABILITY FOR SIGNIFICANT EVENTS | | | | |
| 💼 SI-7 (9) VERIFY BOOT PROCESS | | | | |
| 💼 SI-7 (10) PROTECTION OF BOOT FIRMWARE | | | | |
| 💼 SI-7 (11) CONFINED ENVIRONMENTS WITH LIMITED PRIVILEGES | | | | |
| 💼 SI-7 (12) INTEGRITY VERIFICATION | | | | |
| 💼 SI-7 (13) CODE EXECUTION IN PROTECTED ENVIRONMENTS | | | | |
| 💼 SI-7 (14) BINARY OR MACHINE EXECUTABLE CODE | | | | |
| 💼 SI-7 (15) CODE AUTHENTICATION | | | | |
| 💼 SI-7 (16) TIME LIMIT ON PROCESS EXECUTION W_O SUPERVISION | | | | |
| 💼 SI-8 SPAM PROTECTION | 3 | | | |
| 💼 SI-8 (1) CENTRAL MANAGEMENT | | | | |
| 💼 SI-8 (2) AUTOMATIC UPDATES | | | | |
| 💼 SI-8 (3) CONTINUOUS LEARNING CAPABILITY | | | | |
| 💼 SI-9 INFORMATION INPUT RESTRICTIONS | | | | |
| 💼 SI-10 INFORMATION INPUT VALIDATION | 5 | | | |
| 💼 SI-10 (1) MANUAL OVERRIDE CAPABILITY | | | | |
| 💼 SI-10 (2) REVIEW _ RESOLUTION OF ERRORS | | | | |
| 💼 SI-10 (3) PREDICTABLE BEHAVIOR | | | | |
| 💼 SI-10 (4) REVIEW _ TIMING INTERACTIONS | | | | |
| 💼 SI-10 (5) RESTRICT INPUTS TO TRUSTED SOURCES AND APPROVED FORMATS | | | | |
| 💼 SI-11 ERROR HANDLING | | | | |
| 💼 SI-12 INFORMATION HANDLING AND RETENTION | | | | |
| 💼 SI-13 PREDICTABLE FAILURE PREVENTION | 5 | | | |
| 💼 SI-13 (1) TRANSFERRING COMPONENT RESPONSIBILITIES | | | | |
| 💼 SI-13 (2) TIME LIMIT ON PROCESS EXECUTION WITHOUT SUPERVISION | | | | |
| 💼 SI-13 (3) MANUAL TRANSFER BETWEEN COMPONENTS | | | | |
| 💼 SI-13 (4) STANDBY COMPONENT INSTALLATION _ NOTIFICATION | | | | |
| 💼 SI-13 (5) FAILOVER CAPABILITY | | | | |
| 💼 SI-14 NON-PERSISTENCE | 1 | | | |
| 💼 SI-14 (1) REFRESH FROM TRUSTED SOURCES | | | | |
| 💼 SI-15 INFORMATION OUTPUT FILTERING | | | | |
| 💼 SI-16 MEMORY PROTECTION | | | | |
| 💼 SI-17 FAIL-SAFE PROCEDURES | | | | |