The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Additional metadata
Name/Id: CMA_C1662 / CMA_C1662 Category: Operational Title: Ensure information system fails in known state Ownership: Customer Description: The customer is responsible for ensuring that customer-deployed resources fail in a known-state for customer-defined types of failures to preserve the system state information in failure. Requirements: The customer is responsible for implementing this recommendation.
The following 17 compliance controls are associated with this Policy definition 'Ensure information system fails in known state' (12af7c7a-92af-9e96-0d0c-5e732d1a3751)
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more
The information system fails to a [Assignment: organization-defined known-state] for [Assignment: organization-defined types of failures] preserving [Assignment: organization-defined system state information] in failure.
Supplemental Guidance: Failure in a known state addresses security concerns in accordance with the mission/business needs of organizations. Failure in a known secure state helps to prevent the loss of confidentiality, integrity, or availability of information in the event of failures of organizational information systems or system components. Failure in a known safe state helps to prevent systems from failing to a state that may cause injury to individuals or destruction to property. Preserving information system state information facilitates system restart and return to the operational mode of organizations with less disruption of mission/business processes. Related controls: CP-2, CP- 10, CP-12, SC-7, SC-22.
Control Enhancements: None.
References: None.
Information Security Aspects Of Business Continuity Management
Implementing information security continuity
Shared
n/a
The organization shall establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation.
Records shall be protected from loss, destruction, falsification, unauthorized access and unauthorized release, in accordance with legislative, regulatory, contractual and business requirements.
The information system fails to a [Assignment: organization-defined known-state] for [Assignment: organization-defined types of failures] preserving [Assignment: organization-defined system state information] in failure.
Supplemental Guidance: Failure in a known state addresses security concerns in accordance with the mission/business needs of organizations. Failure in a known secure state helps to prevent the loss of confidentiality, integrity, or availability of information in the event of failures of organizational information systems or system components. Failure in a known safe state helps to prevent systems from failing to a state that may cause injury to individuals or destruction to property. Preserving information system state information facilitates system restart and return to the operational mode of organizations with less disruption of mission/business processes. Related controls: CP-2, CP- 10, CP-12, SC-7, SC-22.
Control Enhancements: None.
References: None.
Fail to a [Assignment: organization-defined known system state] for the following failures on the indicated components while preserving [Assignment: organization-defined system state information] in failure: [Assignment: list of organization-defined types of system failures on organization-defined system components].
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators: <, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx: Learn more