SI-13

SI-13 PREDICTABLE FAILURE PREVENTION

Overview

Number	Title	Impact	Priority	Subject Area
SI-13	Predictable Failure Prevention		P0	System And Information Integrity

Instructions
The organization: SI-13a. Determines mean time to failure (MTTF) for Assignment: organization-defined information system components in specific environments of operation; and SI-13b. Provides substitute information system components and a means to exchange active and standby components at Assignment: organization-defined MTTF substitution criteria.

Guidance
While MTTF is primarily a reliability issue, this control addresses potential failures of specific information system components that provide security capability. Failure rates reflect installation-specific consideration, not industry-average. Organizations define criteria for substitution of information system components based on MTTF value with consideration for resulting potential harm from component failures. Transfer of responsibilities between active and standby components does not compromise safety, operational readiness, or security capability (e.g., preservation of state variables). Standby components remain available at all times except for maintenance issues or recovery failures in progress.

Guidance

While MTTF is primarily a reliability issue, this control addresses potential failures of specific information system components that provide security capability. Failure rates reflect installation-specific consideration, not industry-average. Organizations define criteria for substitution of information system components based on MTTF value with consideration for resulting potential harm from component failures. Transfer of responsibilities between active and standby components does not compromise safety, operational readiness, or security capability (e.g., preservation of state variables). Standby components remain available at all times except for maintenance issues or recovery failures in progress.

Enhancements

SI-13 (1) Transferring Component Responsibilities

The organization takes information system components out of service by transferring component responsibilities to substitute components no later than Assignment: organization-defined fraction or percentage of mean time to failure.

SI-13 (2) Time Limit On Process Execution Without Supervision

Withdrawn: Incorporated into SI-7 (16).

SI-13 (3) Manual Transfer Between Components

The organization manually initiates transfers between active and standby information system components Assignment: organization-defined frequency if the mean time to failure exceeds Assignment: organization-defined time period.

SI-13 (4) Standby Component Installation / Notification

Automatic or manual transfer of components from standby to active mode can occur, for example, upon detection of component failures.

The organization, if information system component failures are detected:

SI-13 (4)(a)

Ensures that the standby components are successfully and transparently installed within Assignment: organization-defined time period; and

SI-13 (4)(b)

Selection (one or more): activates Assignment: organization-defined alarm; automatically shuts down the information system.

SI-13 (5) Failover Capability

Failover refers to the automatic switchover to an alternate information system upon the failure of the primary information system. Failover capability includes, for example, incorporating mirrored information system operations at alternate processing sites or periodic data mirroring at regular intervals defined by recovery time periods of organizations.

The organization provides Selection: real-time; near real-time Assignment: organization-defined failover capability for the information system.