SC-7 (18)—Boundary Protection | Fail Secure
Moderate
High
>Control Description
Prevent systems from entering unsecure states in the event of an operational failure of a boundary protection device.
>FedRAMP Baseline Requirements
No FedRAMP-specific parameter values or requirements for this baseline.
>Discussion
Fail secure is a condition achieved by employing mechanisms to ensure that in the event of operational failures of boundary protection devices at managed interfaces, systems do not enter into unsecure states where intended security properties no longer hold. Managed interfaces include routers, firewalls, and application gateways that reside on protected subnetworks (commonly referred to as demilitarized zones). Failures of boundary protection devices cannot lead to or cause information external to the devices to enter the devices nor can failures permit unauthorized information releases.
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of fail secure?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-7(18)?
Technical Implementation:
- •How is fail secure technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that fail secure remains effective as the system evolves?
- •What network boundary protections are in place (firewalls, gateways, etc.)?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-7(18)?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
- •Can you provide network architecture diagrams and firewall rulesets?
Ask AI
Configure your API key to use AI features.