CCI-001190

The information system fails to an organization-defined known-state for organization-defined types of failures.

Implementation Guidance

The organization being inspected/assessed configures the information system to fail to a secure state for failures during system initialization, shutdown, and aborts. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 1190. DoD has defined the known state as secure state. DoD has defined the types of failures as failures during system initialization, shutdown, and aborts.

Validation Procedures

The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed configures the information system to fail to a secure state for failures during system initialization, shutdown, and aborts. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 1190. DoD has defined the known state as secure state. DoD has defined the types of failures as failures during system initialization, shutdown, and aborts.

Compelling Evidence

1.) Test plans and procedures which describe when and how the site test the information system for failure to a secure state during system initialization, shutdown, and aborts. 2.) Disaster recovery plan (reference 'test procedures' section).3. Applicable STIGS/SRG guidance that pertains to CCI 1190.

The controls below (if any) were marked by NIST as being related to CCI-001190.