Definition
Fail-Safe Defaults
Fail-safe defaults is the security principle that a system should start in a secure state and return to a secure state in the event of a failure.
Rationale
The system is designed to prevent unsafe or insecure consequences from its own failure. This requires that the system begins in a secure state and defaults to denial when verification is impossible.
Application
Access Control
In access control, identify the conditions under which access is granted. If conditions are verifiable and fulfilled, grant access (allowlisting). Otherwise, access is denied by default.