SI — SYSTEM AND INFORMATION INTEGRITY
SI-17: FAIL-SAFE PROCEDURES
ICS Control Baselines:
- Low (ADDED)
- Moderate (ADDED)
- High (ADDED)
The information system implements [Assignment: organization-defined fail-safe procedures] when [Assignment: organization-defined failure conditions occur].
Failure conditions include, for example, loss of communications among critical system components or between system components and operational facilities. Fail-safe procedures include, for example, alerting operator personnel and providing specific instructions on subsequent steps to take (e.g., do nothing, reestablish system settings, shut down processes, restart the system, or contact designated organizational personnel).
RELATED CONTROLS: SC-17
ICS SUPPLEMENTAL GUIDANCE
The selected failure conditions and corresponding procedures may vary among baselines. The same failure event may trigger different response depending on the impact level. Mechanical and analog system can be used to provide mechanisms to ensure fail-safe procedures. Fail-safe states should incorporate potential impacts to human safety, physical systems, and the environment.
Related controls: CP-6 — CONTINGENCY PLANNING | CONFIGURATION SETTINGS.
Rationale for adding SI-17 to all baselines: This control provides a structure for the organization to identify their policy and procedures for dealing with failures and other incidents. Creating a written record of the decision process for selecting incidents and appropriate response is part of risk management in light of changing environment of operations.
NO CONTROL ENHANCEMENTS
- NIST Special Publication 800-82 | GUIDE TO INDUSTRIAL CONTROL SYSTEMS (ICS) SECURITY