SC-24 Fail in Known State

System and Communications Protection

High

Description

Fail to a [Assignment: organization-defined parameters] for the following failures on the indicated components while preserving [Assignment: organization-defined parameters] in failure: [Assignment: organization-defined parameters].

Supplemental Guidance

Failure in a known state addresses security concerns in accordance with the mission and business needs of organizations. Failure in a known state prevents the loss of confidentiality, integrity, or availability of information in the event of failures of organizational systems or system components. Failure in a known safe state helps to prevent systems from failing to a state that may cause injury to individuals or destruction to property. Preserving system state information facilitates system restart and return to the operational mode with less disruption of mission and business processes.

Changes from Rev 4

No significant title changes from Rev 4.

Compliance Mappings

COBIT 2019

DSS05

SOC 2 TSC

A1.2CC7.4-POF5

PCI DSS v4.0.1

10.7

ISO 42001:2023

A.4.5

IEC 62443

3-3 SR 7.13-3 SR 7.4

NIS2 Directive

Art. 21(2)(c)

MAS TRM

FINMA Circular 2023/1

IV.B.d(59)IV.C(61)IV.C(70)IV.D(71)IV.E(87)IV.E(89)IV.E(90)

OSFI B-13

B-13.2.6

EU GDPR

Art.32(1)(b)

EU DORA

Art.11(4)Art.12(2)Art.9(2)

RBI CSF

Annex1.4

FISC Security Guidelines

FISC.O5

LGPD + BCB 4893

BCB.Art.7

HKMA TM-E-1

TME1.6.2

EU CRA

CRA.I.2k

NCA ECC

3-13-25-1

CBB TM

TM-14

CBUAE

CR-13

CBE CSF

OVM-2

SA JS2

JS2-7.5

CBN CSF

Part3.7

BoG CISD

CISD-BCM

BoM CTRM

5.2

IOSCO Cyber Resilience

PFMI-17RR-2RR-3

BCBS 239

Principle 5

CPMI-IOSCO PFMI

CG.RR

ECB CROE

CROE.2.5.2

EBA ICT Guidelines

3.7.3

SEBI CSCRF

RC.RP

BOT Cyber Resilience

Ch4.2

IAEA NSS 17-T

Sec 8

Common Criteria

CC Part 2 — FPT

Solvency II

EIOPA-ICT-4.10

Lloyd's Minimum Standards

MS8.6

FCA SYSC 13

SYSC 13.8.2

FDA Cybersecurity Guidance

SA-6

NHS DSPT

NDG-7.4