SC-7(18)

Requirement

Prevent systems from entering unsecure states in the event of an operational failure of a boundary protection device.

Discussion

Fail secure is a condition achieved by employing mechanisms to ensure that in the event of operational failures of boundary protection devices at managed interfaces, systems do not enter into unsecure states where intended security properties no longer hold. Managed interfaces include routers, firewalls, and application gateways that reside on protected subnetworks (commonly referred to as demilitarized zones). Failures of boundary protection devices cannot lead to or cause information external to the devices to enter the devices nor can failures permit unauthorized information releases.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: System and communications protection policy; procedures addressing boundary protection; system design documentation; system architecture; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records].

Interview

[SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developer; organizational personnel with boundary protection responsibilities].

ID	Assessment Objectives
SC-07(18)	systems are prevented from entering unsecure states in the event of an operational failure of a boundary protection device.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!