SC-7(18): Fail Secure

CSF v1.1 References:

Threats Addressed:


  • High

Next Version:

Control Statement

The information system fails securely in the event of an operational failure of a boundary protection device.

Supplemental Guidance

Fail secure is a condition achieved by employing information system mechanisms to ensure that in the event of operational failures of boundary protection devices at managed interfaces (e.g., routers, firewalls, guards, and application gateways residing on protected subnetworks commonly referred to as demilitarized zones), information systems do not enter into unsecure states where intended security properties no longer hold. Failures of boundary protection devices cannot lead to, or cause information external to the devices to enter the devices, nor can failures permit unauthorized information releases.