SI-6(1) — Notification of Failed Security Tests

When security function verification fails — when you discover a security mechanism is not working — notify the appropriate personnel immediately.

Example 1: Configure automated monitoring for your security tools. If antivirus stops reporting to the management console, if the SIEM stops receiving logs, or if the firewall enters a degraded state, an alert goes immediately to the security team and IT management.

Example 2: Create a runbook that defines who gets notified for different types of security function failures — CISO for critical failures like total SIEM outage, security lead for component failures like one server missing AV, and IT ops for infrastructure issues like NTP sync failures.