myctrl.tools
Compare

CP-12Safe Mode

>Control Description

When organization-defined conditions are detected, enter a safe mode of operation with organization-defined restrictions of safe mode of operation.

>Cross-Framework Mappings

SCF

SEA-07.2
Compare

>Supplemental Guidance

For systems that support critical mission and business functions--including military operations, civilian space operations, nuclear power plant operations, and air traffic control operations (especially real-time operational environments)--organizations can identify certain conditions under which those systems revert to a predefined safe mode of operation. The safe mode of operation, which can be activated either automatically or manually, restricts the operations that systems can execute when those conditions are encountered. Restriction includes allowing only selected functions to execute that can be carried out under limited power or with reduced communications bandwidth.

>Related Controls

CM-2
SA-8
SC-24
SI-13
SI-17

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What formal policies and procedures govern the implementation of CP-12 (Safe Mode)?
  • Who are the designated roles responsible for implementing, maintaining, and monitoring CP-12?
  • How frequently is the CP-12 policy reviewed and updated, and what triggers policy changes?
  • What governance structure ensures CP-12 requirements are consistently applied across all systems?

Technical Implementation:

  • Describe the specific technical mechanisms or controls used to enforce CP-12 requirements.
  • What automated tools, systems, or technologies are deployed to implement CP-12?
  • How is CP-12 integrated into your system architecture and overall security posture?
  • What configuration settings, parameters, or technical specifications enforce CP-12 requirements?

Evidence & Documentation:

  • What documentation demonstrates the complete implementation of CP-12?
  • What audit logs, records, reports, or monitoring data validate CP-12 compliance?
  • Can you provide evidence of periodic reviews, assessments, or testing of CP-12 effectiveness?
  • What artifacts would you present during a FedRAMP assessment to demonstrate CP-12 compliance?

Ask AI

Configure your API key to use AI features.