Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The information system fails to a [Assignment: organization-defined known-state] for [Assignment: organization-defined types of failures] preserving [Assignment: organization-defined system state information] in failure.
NIST 800-53 (r4) Supplemental Guidance:
Failure in a known state addresses security concerns in accordance with the mission/business needs of organizations. Failure in a known secure state helps to prevent the loss of confidentiality, integrity, or availability of information in the event of failures of organizational information systems or system components. Failure in a known safe state helps to prevent systems from failing to a state that may cause injury to individuals or destruction to property. Preserving information system state information facilitates system restart and return to the operational mode of organizations with less disruption of mission/business processes. Related controls: CP-2, CP10, CP-12, SC-7, SC-22.
NIST 800-53 (r5) Discussion:
Failure in a known state addresses security concerns in accordance with the mission and business needs of organizations. Failure in a known state prevents the loss of confidentiality, integrity, or availability of information in the event of failures of organizational systems or system components. Failure in a known safe state helps to prevent systems from failing to a state that may cause injury to individuals or destruction to property. Preserving system state information facilitates system restart and return to the operational mode with less disruption of mission and business processes.
38North Guidance:
Meets Minimum Requirement:
Define types of failures for system components.
Configure system components to fail-closed (if non-critical) or fail-secure. The component should remain closed or in a secure state until an administrator can diagnose the problem and restore the component to normal operation.
The fail-closed or fail-secure states should deny access by default and allow only once an administrator has verified the conditions to allow. Unless a subject is given explicit access to an object, it should be denied access to that object. A system component should not disclose any data that would not be disclosed ordinarily.
Best Practice:
Develop recovery procedures for various failure conditions.
Unofficial FedRAMP Guidance:
None
Assessment Evidence:
List of defined failure types.
Procedures for addressing defined failure types.
Audit records of past failures.
Configuration settings showing that system state information is preserved in the event of a defined failure type.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse