Check: SRG-OS-000184-GPOS-00078
General Purpose Operating System SRG:
SRG-OS-000184-GPOS-00078
(in versions v3 r1 through v1 r6)
Title
The operating system must fail to a secure state if system initialization fails, shutdown fails, or aborts fail. (Cat II impact)
Discussion
Failure to a known safe state helps prevent systems from failing to a state that may cause loss of data or unauthorized access to system resources. Operating systems that fail suddenly and with no incorporated failure state planning may leave the system available but with a reduced security protection capability. Preserving operating system state information also facilitates system restart and return to the operational mode of the organization with less disruption to mission-essential processes. Abort refers to stopping a program or function before it has finished naturally. The term abort refers to both requested and unexpected terminations.
Check Content
Verify the operating system fails to a secure state if system initialization fails, shutdown fails, or aborts fail. If it does not, this is a finding.
Fix Text
Configure the operating system to fail to a secure state if system initialization fails, shutdown fails, or aborts fail.
Additional Identifiers
Rule ID: SV-203660r958550_rule
Vulnerability ID: V-203660
Group Title: SRG-OS-000184
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-001190 |
Fail to an organization-defined known-system state for the list of organization-defined types of system failures on organization-defined system components on the indicated components while preserving organization-defined system state information in failure. |
Controls
| Number | Title |
|---|---|
| SC-24 |
Fail in Known State |