SI-5: Security Alerts, Advisories, and Directives

An OSCAL Control

Statement

a.
Receive system security alerts, advisories, and directives from on an ongoing basis;
b.
Generate internal security alerts, advisories, and directives as deemed necessary;
c.
Disseminate security alerts, advisories, and directives to: ; and
d.
Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance.
Requirement:
Service Providers must address the CISA Emergency and Binding Operational Directives applicable to their cloud service offering per FedRAMP guidance. This includes listing the applicable directives and stating compliance status.