Failure to a known safe state helps prevent systems from failing to a state that may cause loss of data or unauthorized access to system resources. Network elements that fail suddenly and with no incorporated failure state planning may leave the hosting system available but with a reduced security protection capability. Preserving the information system state information also facilitates system restart and return to the operational mode of the organization with less disruption to mission-essential processes.
Verify the firewall stops forwarding traffic or maintains the configured security policies upon the failure of the following: system initialization, shutdown, or system abort. If the firewall does not stop forwarding traffic or maintain the configured security policies upon the failure of system initialization, shutdown, or system abort, this is a finding.
Configure the firewall to stop forwarding traffic or maintain the configured security policies upon the failure of the following actions: system initialization, shutdown, or system abort.