Joint task force transformation initiative
Yüklə 5,64 Mb.
|
- Bu səhifədəki naviqasiya:
- P2 LOW Not Selected
- P2 LOW SI-12
|
P2 | LOW Not Selected | MOD SI-11 | HIGH SI-11 |
SI-12 INFORMATION HANDLING AND RETENTION
Control: The organization handles and retains information within the information system and information output from the system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements.
Supplemental Guidance: Information handling and retention requirements cover the full life cycle of information, in some cases extending beyond the disposal of information systems. The National Archives and Records Administration provides guidance on records retention. Related controls: AC-16, AU-5, AU-11, MP-2, MP-4.
Control Enhancements: None.
References: None.
Priority and Baseline Allocation:
-
P2
LOW SI-12
MOD SI-12
HIGH SI-12
SI-13 PREDICTABLE FAILURE PREVENTION
Control: The organization:
-
Determines mean time to failure (MTTF) for [Assignment: organization-defined information system components] in specific environments of operation; and -
Provides substitute information system components and a means to exchange active and standby components at [Assignment: organization-defined MTTF substitution criteria].
Supplemental Guidance: While MTTF is primarily a reliability issue, this control addresses potential failures of specific information system components that provide security capability. Failure rates reflect installation-specific consideration, not industry-average. Organizations define criteria for substitution of information system components based on MTTF value with consideration for resulting potential harm from component failures. Transfer of responsibilities between active and standby components does not compromise safety, operational readiness, or security capability (e.g., preservation of state variables). Standby components remain available at all times except for maintenance issues or recovery failures in progress. Related controls: CP-2, CP-10, MA-6.
Control Enhancements:
-
predictable failure prevention | transferring component responsibilities
The organization takes information system components out of service by transferring component responsibilities to substitute components no later than [Assignment: organization-defined fraction or percentage] of mean time to failure.
-
predictable failure prevention | time limit on process execution without supervision
[Withdrawn: Incorporated into SI-7 (16)].
-
predictable failure prevention | manual transfer between components
The organization manually initiates transfers between active and standby information system components [Assignment: organization-defined frequency] if the mean time to failure exceeds [Assignment: organization-defined time period].
-
predictable failure prevention | standby component installation / notification
The organization, if information system component failures are detected:
-
Ensures that the standby components are successfully and transparently installed within [Assignment: organization-defined time period]; and -
[Selection (one or more): activates [Assignment: organization-defined alarm]; automatically shuts down the information system].
Supplemental Guidance: Automatic or manual transfer of components from standby to active mode can occur, for example, upon detection of component failures.
-
predictable failure prevention | failover capability
The organization provides [Selection: real-time; near real-time] [Assignment: organization-defined failover capability] for the information system.
Supplemental Guidance: Failover refers to the automatic switchover to an alternate information system upon the failure of the primary information system. Failover capability includes, for example, incorporating mirrored information system operations at alternate processing sites or periodic data mirroring at regular intervals defined by recovery time periods of organizations.
References: None.
Priority and Baseline Allocation:
- Yüklə 5,64 Mb.
Dostları ilə paylaş: