| Control ID: CP-12 Safe Mode |
Family: Contingency Planning |
Source: NIST 800-53r4 |
| Control: The information system, when [one of the failure conditions identified in supplemental guidance table] is detected, enters a safe mode of operation [as specified in table]. |
Supplemental Guidance:
For information systems supporting critical missions/business functions including, for example, military operations and weapons systems, civilian space operations, nuclear power plant operations, and air traffic control operations (especially real-time operational environments), organizations may choose to identify certain conditions under which those systems revert to a predefined safe mode of operation. The safe mode of operation, which can be activated automatically or manually, restricts the types of activities or operations information systems could execute when those conditions are encountered. Restriction includes, for example, allowing only certain functions that could be carried out under limited power or with reduced communications bandwidth.
Table: Failure Conditions and Associated Safe Mode Operation
| Failure condition | Safe mode operation |
|---|
| All certificates for a particular application have expired |
Stop sending messages for that application; prioritize obtaining new certificates using whatever process is defined for that application
| | All certificates for a particular application have been revoked | Stop sending messages for that application; attempt to contact the SCMS to determine the reason for the revocation and get re-authorized
| | Unable to meet performance requirements (e.g. memory allocation, storage space, CPU) for all applications | Prioritize safety-of-life applications or other applications that are designated as having high priority for performance requirements; degrade performance of other applications as necessary to meet performance requirements of prioritized applications |
Related Controls:
N/A
|
| Control Enhancements:
N/A
|
| References: N/A |
| Mechanisms:
- Device shall support the identification of conditions to trigger safe mode.
- The list of conditions that trigger safe mode shall require privileged access to modify.
- Device shall monitor its state to identify satisfactory conditions to trigger safe mode.
- Device shall apply safe mode operations as identified inSupplemental Guidance Table.
- Device shall stop sending messages for applications affected by related failure condition(s).
|
Protocol Implementation Conformance Statements:
| ID |
Statement |
Status |
Reference |
Notes |
| CP-12/1
|
Support system monitoring
|
|
|
|
| CP-12/2
|
Provide safe mode functionality
|
|
|
|
|
