Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

si-13(4)

predictable failure prevention  |  standby component installation / notification

assessment objective:

Determine if the organization:

si-13(4)(a)

si-13(4)(a)[1]

defines a time period for standby information system components to be successfully and transparently installed when information system component failures are detected;

si-13(4)(a)[2]

ensures that the standby components are successfully and transparently installed within the organization-defined time period;

si-13(4)(b)

si-13(4)(b)[1]

defines an alarm to be activated when information system component failures are detected;

si-13(4)(b)[2]

if information system component failures are detected, does one or more of the following:

si-13(4)(b)[2][a]

activates the organization-defined alarm; and/or

si-13(4)(b)[2][b]

automatically shuts down the information system.

potential assessment methods and objects:

Examine: [select from: System and information integrity policy; procedures addressing predictable failure prevention; information system design documentation; information system configuration settings and associated documentation; list of actions to be taken once information system component failure is detected; information system audit records; other relevant documents or records].

Interview: [select from: Organizational personnel with responsibility for MTTF activities; organizational personnel with information security responsibilities; system/network administrators; organizational personnel with contingency planning responsibilities].

Test: [select from: Organizational processes for managing MTTF; automated mechanisms supporting and/or implementing transparent installation of standby components; automated mechanisms supporting and/or implementing alarms or system shutdown if component failures are detected].