Fail Closed. When a control gate cannot reach the facts it needs to decide safely, the default for a consequential action is deny, not allow. A gate that fails open is not a gate.
Fail Closed
Content source: Canonical Unit · canon/concepts/fail-closed.md · Canonical source: canon/concepts/fail-closed.md
Incoming References
Law 2
- Security Is a Property, Not a Featurelaw-03-security-is-a-property
- Systems Degrade Better Than Organizationslaw-07-systems-degrade-better
Pattern 1
- Enforcement over Verificationpattern-enforcement-over-verification