Detections
Analytics

800-53|SC-24

Title

FAIL IN KNOWN STATE

Description

The information system fails to a [Assignment: organization-defined known-state] for [Assignment: organization-defined types of failures] preserving [Assignment: organization-defined system state information] in failure.

Supplemental

Failure in a known state addresses security concerns in accordance with the mission/business needs of organizations. Failure in a known secure state helps to prevent the loss of confidentiality, integrity, or availability of information in the event of failures of organizational information systems or system components. Failure in a known safe state helps to prevent systems from failing to a state that may cause injury to individuals or destruction to property. Preserving information system state information facilitates system restart and return to the operational mode of organizations with less disruption of mission/business processes.

Reference Item Details

Related: CP-10,CP-12,CP-2,SC-22,SC-7

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1 Ensure 'Do Not Show Data Extraction Options When Opening Corrupt Workbooks' is set to EnabledWindowsCIS Microsoft Office Excel 2013 v1.0.1
1.2.1 Ensure 'Do Not Show Data Extraction Options When Opening Corrupt Workbooks' is set to EnabledWindowsCIS Microsoft Office Excel 2016 v1.0.1
1.13.10 Ensure 'Prompt User To Choose Security Settings If Default settings Fail' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.10 Ensure 'Prompt User To Choose Security Settings If Default settings Fail' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
2.1.3 Ensure Core Dump is enabledCheckPointCIS Check Point Firewall L1 v1.1.0
2.2.2.1 Ensure 'Do not show data extraction options when opening corrupt workbooks' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.1.0 L1
2.5.14.9 Ensure 'Prompt user to choose security settings if default settings fail' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.1.0 L1
6.12 Set 'Prompt user to choose security settings if default settings fail' to 'Disabled'WindowsCIS MS Office Outlook 2010 v1.0.0
AIX7-00-003109 - In the event of a system failure, AIX must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.UnixDISA STIG AIX 7.x v2r9
AS24-U1-000550 - The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.UnixDISA STIG Apache Server 2.4 Unix Server v2r6 Middleware
AS24-U1-000550 - The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.UnixDISA STIG Apache Server 2.4 Unix Server v2r6
AS24-U2-000540 - The Apache web server must augment re-creation to a stable and known baseline.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000540 - The Apache web server must augment re-creation to a stable and known baseline.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-W1-000550 - The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000540 - The Apache web server must augment re-creation to a stable and known baseline.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000560 - The Apache web server must be configured to provide clustering - mod_proxyWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000560 - The Apache web server must be configured to provide clustering - ProxyPassWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Catalina - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Catalina v1.5.0 - All Profiles
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processesWindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processesUnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - Recovery PlanWindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - Recovery PlanUnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - TestedWindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - TestedUnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
Do not show data extraction options when opening corrupt workbooksWindowsMSCT Office 365 ProPlus 1908 v1.0.0
Do not show data extraction options when opening corrupt workbooksWindowsMSCT Office 2016 v1.0.0
Do not show data extraction options when opening corrupt workbooksWindowsMSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0
Do not show data extraction options when opening corrupt workbooksWindowsMSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0
Do not show data extraction options when opening corrupt workbooksWindowsMicrosoft 365 Apps for Enterprise 2306 v1.0.0
DO0238-ORACLE11 - The directories assigned to the LOG_ARCHIVE_DEST* parameters should be protected from unauthorized access - 'LOG_MODE = NOARCHIVELOG'OracleDBDISA STIG Oracle 11 Instance v9r1 Database
EP11-00-005600 - In the event of a system failure, the DBMS must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r3
ESXI-06-000044 - The system must enable kernel core dumps.UnixDISA STIG VMware vSphere 6.x ESXi OS v1r5
ESXI-65-000044 - The ESXi host must enable kernel core dumps.UnixDISA STIG VMware vSphere ESXi OS 6.5 v2r4
ESXI-67-000044 - The ESXi host must enable kernel core dumps.UnixDISA STIG VMware vSphere 6.7 ESXi OS v1r3
FNFG-FW-000090 - The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly - av-failopenFortiGateDISA Fortigate Firewall STIG v1r3
FNFG-FW-000090 - The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly - av-failopen-sessionFortiGateDISA Fortigate Firewall STIG v1r3
FNFG-FW-000090 - The FortiGate firewall must fail to a secure state if the firewall filtering functions fail unexpectedly - fail-openFortiGateDISA Fortigate Firewall STIG v1r3
IIST-SV-000136 - The IIS 10.0 web server must augment re-creation to a stable and known baseline.WindowsDISA IIS 10.0 Server v2r10
IISW-SV-000136 - The IIS 8.5 web server must augment re-creation to a stable and known baseline.WindowsDISA IIS 8.5 Server v2r7
MADB-10-005000 - MariaDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.MySQLDBDISA MariaDB Enterprise 10.x v1r3 DB
MADB-10-005100 - In the event of a system failure, MariaDB must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.MySQLDBDISA MariaDB Enterprise 10.x v1r3 DB
MD3X-00-000420 - MongoDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS
MD4X-00-000800 - MongoDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r2 OS
Monterey - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Monterey v1.0.0 - 800-53r4 High