SC-7(18): Fail Secure

CSF v1.1 References:

Threats Addressed:


  • High

Previous Version:

Control Statement

Prevent systems from entering unsecure states in the event of an operational failure of a boundary protection device.

Supplemental Guidance

Fail secure is a condition achieved by employing mechanisms to ensure that in the event of operational failures of boundary protection devices at managed interfaces, systems do not enter into unsecure states where intended security properties no longer hold. Managed interfaces include routers, firewalls, and application gateways that reside on protected subnetworks (commonly referred to as demilitarized zones). Failures of boundary protection devices cannot lead to or cause information external to the devices to enter the devices nor can failures permit unauthorized information releases.