https://community.cisco.com/t5/network-security/boundary-protection/m-p/3674945#M14730 <P>Hi,</P> <P>AFAIK there is no definitive answer for your client. This this depends on multiple factors like how the device is configured, what traffic permitted, what encryption used, how it is administered (software updates etc) and so on. A failure can be different ways.&nbsp;As you are well aware- if there its power failure - the fail close and all traffic will be blocked. Any network device can protect upto certain extent and it is recommended to implement multi layer protection at perimeter.</P> <P>hth</P> <P>MS</P> Thu, 26 Jul 2018 01:46:15 GMT mvsheik123 2018-07-26T01:46:15Z https://community.cisco.com/t5/network-security/boundary-protection/m-p/3674822#M14728 <P>I need to know for a client if the Cisco ASA 5506-X Network Security Firewall with Security Plus License is compliant with this security question:</P> <P>&nbsp;</P> <P>Does the agency ensure that boundary protection devices do not release unauthorized information if a failure occurs (the device should "fails closed" versus "fails open")?</P> <P>&nbsp;</P> <P>Thank you.</P> Fri, 21 Feb 2020 16:01:16 GMT https://community.cisco.com/t5/network-security/boundary-protection/m-p/3674822#M14728 warwolf002 2020-02-21T16:01:16Z https://community.cisco.com/t5/network-security/boundary-protection/m-p/3674945#M14730 <P>Hi,</P> <P>AFAIK there is no definitive answer for your client. This this depends on multiple factors like how the device is configured, what traffic permitted, what encryption used, how it is administered (software updates etc) and so on. A failure can be different ways.&nbsp;As you are well aware- if there its power failure - the fail close and all traffic will be blocked. Any network device can protect upto certain extent and it is recommended to implement multi layer protection at perimeter.</P> <P>hth</P> <P>MS</P> Thu, 26 Jul 2018 01:46:15 GMT https://community.cisco.com/t5/network-security/boundary-protection/m-p/3674945#M14730 mvsheik123 2018-07-26T01:46:15Z https://community.cisco.com/t5/network-security/boundary-protection/m-p/3675032#M14733 <P>What is their definition of "failure" was this elaborated? if not, its impossible to answer the question.</P> Thu, 26 Jul 2018 05:17:45 GMT https://community.cisco.com/t5/network-security/boundary-protection/m-p/3675032#M14733 Dennis Mink 2018-07-26T05:17:45Z https://community.cisco.com/t5/network-security/boundary-protection/m-p/3675604#M14735 Thank you for your response.<BR /><BR /> <BR /><BR />Here is the only additional information I could find on this question from<BR />the questionnaire:<BR /><BR /> <BR /><BR />5. Ensure the operational failure of the boundary protection mechanisms do<BR />not result in any unauthorized release of information outside of the<BR />information system boundary (i.e. the device shall "fails closed" vs. "fails<BR />open").<BR /><BR /> <BR /> Thu, 26 Jul 2018 17:26:24 GMT https://community.cisco.com/t5/network-security/boundary-protection/m-p/3675604#M14735 warwolf002 2018-07-26T17:26:24Z https://community.cisco.com/t5/network-security/boundary-protection/m-p/3675778#M14737 <P>Hi,</P> <P>You can tell client incase of power failure - its fail close. You may hear back from them with more color to the question.</P> <P>hth</P> <P>MS</P> Thu, 26 Jul 2018 20:23:54 GMT https://community.cisco.com/t5/network-security/boundary-protection/m-p/3675778#M14737 mvsheik123 2018-07-26T20:23:54Z