From Firewall Security Requirements Guide
Part of SRG-NET-000236-FW-000027
Associated with: CCI-001665
Failure to a secure state can address safety or security in accordance with the mission needs of the organization. Failure to a secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving state information helps to facilitate the restart of the firewall application and a return to the operational mode with less disruption.
View the firewall failover configuration or system documentation. Verify that in the event of a system failure of the firewall function, the firewall saves diagnostic information, logs system messages, and loads the most current security policies, rules, and signatures. Testing of this functionality in a production environment is not recommended. If in the event of a system failure of the firewall function the firewall does not save diagnostic information, log system messages, and load the most current security policies, rules, and signatures when restarted, this is a finding.
Configure the firewall to fail securely in the event of a transiently corrupt state or failure condition. When the system restarts, the system boot process must not succeed without passing all self-tests for cryptographic algorithms, RNG tests, and software integrity tests.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer