Detections
Analytics

800-53|SC-24

Title

FAIL IN KNOWN STATE

Description

The information system fails to a [Assignment: organization-defined known-state] for [Assignment: organization-defined types of failures] preserving [Assignment: organization-defined system state information] in failure.

Supplemental

Failure in a known state addresses security concerns in accordance with the mission/business needs of organizations. Failure in a known secure state helps to prevent the loss of confidentiality, integrity, or availability of information in the event of failures of organizational information systems or system components. Failure in a known safe state helps to prevent systems from failing to a state that may cause injury to individuals or destruction to property. Preserving information system state information facilitates system restart and return to the operational mode of organizations with less disruption of mission/business processes.

Reference Item Details

Related: CP-10,CP-12,CP-2,SC-22,SC-7

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1.2.1.65 Set 'MSS: (AutoReboot) Allow Windows to automatically restart after a system crash'WindowsCIS Windows 2003 MS v3.1.0
1.1.1.2.1.65 Set 'MSS: (AutoReboot) Allow Windows to automatically restart after a system crash'WindowsCIS Windows 2003 DC v3.1.0
1.2.1 Ensure 'Do Not Show Data Extraction Options When Opening Corrupt Workbooks' is set to EnabledWindowsCIS Microsoft Office Excel 2013 v1.0.1
1.2.1 Ensure 'Do Not Show Data Extraction Options When Opening Corrupt Workbooks' is set to EnabledWindowsCIS Microsoft Office Excel 2016 v1.0.1
1.3.2.3. Do Not Show Data Extraction Options: Level II EnabledWindowsCIS MS Office 2007 v1.1.0 L2
1.13.10 Ensure 'Prompt User To Choose Security Settings If Default settings Fail' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.10 Ensure 'Prompt User To Choose Security Settings If Default settings Fail' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
2.1.3 Ensure Core Dump is enabledCheckPointCIS Check Point Firewall L1 v1.1.0
2.2.2.1 Ensure 'Do not show data extraction options when opening corrupt workbooks' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.1.0 L1
2.5.14.9 Ensure 'Prompt user to choose security settings if default settings fail' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.1.0 L1
3.1 Ensure a centralized location is configured to collect ESXi host core dumpsUnixCIS VMware ESXi 6.7 v1.1.0 Level 1 Bare Metal
6.12 Set 'Prompt user to choose security settings if default settings fail' to 'Disabled'WindowsCIS MS Office Outlook 2010 v1.0.0
AIX7-00-003109 - In the event of a system failure, AIX must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.UnixDISA STIG AIX 7.x v2r9
AS24-U1-000550 - The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.UnixDISA STIG Apache Server 2.4 Unix Server v2r7
AS24-U1-000550 - The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.UnixDISA STIG Apache Server 2.4 Unix Server v2r7 Middleware
AS24-U2-000540 - The Apache web server must augment re-creation to a stable and known baseline.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
AS24-U2-000540 - The Apache web server must augment re-creation to a stable and known baseline.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-W1-000550 - The Apache web server must be built to fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W2-000540 - The Apache web server must augment re-creation to a stable and known baseline.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000560 - The Apache web server must be configured to provide clustering - mod_proxyWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000560 - The Apache web server must be configured to provide clustering - ProxyPassWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure System to Fail to a Known Safe State if System Initialization, Shutdown, or Abort FailsUnixNIST macOS Catalina v1.5.0 - All Profiles
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processesWindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processesUnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - Recovery PlanWindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - Recovery PlanUnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - TestedWindowsDISA STIG IBM DB2 v10.5 LUW v2r1 OS Windows
DB2X-00-005300 - In the event of a system failure, DB2 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes - TestedUnixDISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux
Do not show data extraction options when opening corrupt workbooksWindowsMSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0
Do not show data extraction options when opening corrupt workbooksWindowsMSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0
Do not show data extraction options when opening corrupt workbooksWindowsMSCT M365 Apps for enterprise 2312 v1.0.0
Do not show data extraction options when opening corrupt workbooksWindowsMSCT Office 365 ProPlus 1908 v1.0.0
Do not show data extraction options when opening corrupt workbooksWindowsMSCT Office 2016 v1.0.0
Do not show data extraction options when opening corrupt workbooksWindowsMicrosoft 365 Apps for Enterprise 2306 v1.0.0
DO0238-ORACLE11 - The directories assigned to the LOG_ARCHIVE_DEST* parameters should be protected from unauthorized access - 'LOG_MODE = NOARCHIVELOG'OracleDBDISA STIG Oracle 11 Instance v9r1 Database
DTOO118 - Corrupt workbook options must be disallowed.WindowsDISA STIG Office Excel 2010 v1r5
DTOO315 - Outlook must be configured not to prompt users to choose security settings if default settings fail.WindowsDISA STIG Microsoft Outlook 2013 v1r12
DTOO315 - Outlook must be configured not to prompt users to choose security settings if default settings fail.WindowsDISA STIG Microsoft Outlook 2016 v2r1
DTOO315 - Outlook must be configured not to prompt users to choose security settings if default settings fail.WindowsDISA STIG Office 2010 Outlook v1r5
DTOO315 - Outlook must be configured not to prompt users to choose security settings if default settings fail.WindowsDISA STIG Microsoft Outlook 2016 v1r2
DTOO419 - Corrupt workbook options must be disallowed.WindowsDISA STIG Microsoft Excel 2016 v1r2
EP11-00-005600 - In the event of a system failure, the DBMS must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r3
ESXI-06-000044 - The system must enable kernel core dumps.UnixDISA STIG VMware vSphere 6.x ESXi OS v1r5
ESXI-65-000044 - The ESXi host must enable kernel core dumps.UnixDISA STIG VMware vSphere ESXi OS 6.5 v1r4
ESXI-65-000044 - The ESXi host must enable kernel core dumps.UnixDISA STIG VMware vSphere ESXi OS 6.5 v2r2