SI-5—Security Alerts, Advisories, and Directives

Receive system security alerts, advisories, and directives from ⚙organization-defined external organizations on an ongoing basis;

Generate internal security alerts, advisories, and directives as deemed necessary;

Disseminate security alerts, advisories, and directives to: [Selection (one or more): ⚙organization-defined personnel or roles; ⚙organization-defined elements within the organization; ⚙organization-defined external organizations]; and

Implement security directives in accordance with established time frames, or notify the issuing organization of the degree of noncompliance.