SI-13: Predictable Failure Prevention

CSF v1.1 References:

Baselines:

  • Low

    N/A

  • Moderate

    N/A

  • High

    N/A

Next Version:

Control Statement

The organization:

  1. Determines mean time to failure (MTTF) for [Assignment: organization-defined information system components] in specific environments of operation; and
  2. Provides substitute information system components and a means to exchange active and standby components at [Assignment: organization-defined MTTF substitution criteria].

Supplemental Guidance

While MTTF is primarily a reliability issue, this control addresses potential failures of specific information system components that provide security capability. Failure rates reflect installation-specific consideration, not industry-average. Organizations define criteria for substitution of information system components based on MTTF value with consideration for resulting potential harm from component failures. Transfer of responsibilities between active and standby components does not compromise safety, operational readiness, or security capability (e.g., preservation of state variables). Standby components remain available at all times except for maintenance issues or recovery failures in progress.

Control Enhancements

SI-13(1): Transferring Component Responsibilities

Baseline(s):

(Not part of any baseline)

The organization takes information system components out of service by transferring component responsibilities to substitute components no later than [Assignment: organization-defined fraction or percentage] of mean time to failure.

SI-13(3): Manual Transfer Between Components

Baseline(s):

(Not part of any baseline)

The organization manually initiates transfers between active and standby information system components [Assignment: organization-defined frequency] if the mean time to failure exceeds [Assignment: organization-defined time period].

SI-13(4): Standby Component Installation / Notification

Baseline(s):

(Not part of any baseline)

The organization, if information system component failures are detected: Ensures that the standby components are successfully and transparently installed within [Assignment: organization-defined time period]; and [Selection (one or more): activates [Assignment: organization-defined alarm]; automatically shuts down the information system].

SI-13(5): Failover Capability

Baseline(s):

(Not part of any baseline)

The organization provides [Selection: real-time; near real-time] [Assignment: organization-defined failover capability] for the information system.