Device Class 1: Safe Mode

Control ID: CP-12 Safe Mode Family: Contingency Planning Source: NIST 800-53r4
Control: The information system, when [one of the failure conditions identified in supplemental guidance table] is detected, enters a safe mode of operation [as specified in table].
Supplemental Guidance:
For information systems supporting critical missions/business functions including, for example, military operations and weapons systems, civilian space operations, nuclear power plant operations, and air traffic control operations (especially real-time operational environments), organizations may choose to identify certain conditions under which those systems revert to a predefined safe mode of operation. The safe mode of operation, which can be activated automatically or manually, restricts the types of activities or operations information systems could execute when those conditions are encountered. Restriction includes, for example, allowing only certain functions that could be carried out under limited power or with reduced communications bandwidth.


Table: Failure Conditions and Associated Safe Mode Operation
Failure conditionSafe mode operation
All certificates for a particular application have expired Stop sending messages for that application; prioritize obtaining new certificates using whatever process is defined for that application
All certificates for a particular application have been revokedStop sending messages for that application; attempt to contact the SCMS to determine the reason for the revocation and get re-authorized
Unable to meet performance requirements (e.g. memory allocation, storage space, CPU) for all applicationsPrioritize safety-of-life applications or other applications that are designated as having high priority for performance requirements; degrade performance of other applications as necessary to meet performance requirements of prioritized applications


Related Controls: N/A
Control Enhancements: N/A
References: N/A
Mechanisms:

  • Device shall support the identification of conditions to trigger safe mode.
  • The list of conditions that trigger safe mode shall require privileged access to modify.
  • Device shall monitor its state to identify satisfactory conditions to trigger safe mode.
  • Device shall apply safe mode operations as identified inSupplemental Guidance Table.
  • Device shall stop sending messages for applications affected by related failure condition(s).

Protocol Implementation Conformance Statements:
ID Statement Status Reference Notes
CP-12/1 Support system monitoring
CP-12/2 Provide safe mode functionality