800-53|SC-2

Title

APPLICATION PARTITIONING

Description

The information system separates user functionality (including user interface services) from information system management functionality.

Supplemental

Information system management functionality includes, for example, functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from information system management functionality is either physical or logical. Organizations implement separation of system management-related functionality from user functionality by using different computers, different central processing units, different instances of operating systems, different network addresses, virtualization techniques, or combinations of these or other methods, as appropriate. This type of separation includes, for example, web administrative interfaces that use separate authentication methods for users of any other information system resources. Separation of system and user functionality may include isolating administrative interfaces on different domains and with additional access controls.

Reference Item Details

Related: SA-4,SA-8,SC-3

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.10.2. Encryption for Password Protected Office 97-2003 FilesWindowsCIS MS Office 2007 v1.1.0 L2
1.3 Unix Run in Chroot - @SYSCONFDIR@/my.cnfUnixCIS MySQL 4.1/5.1 OS L1 v1.0.2
1.3 Unix Run in Chroot - /etc/my.cnfUnixCIS MySQL 4.1/5.1 OS L1 v1.0.2
1.3 Unix Run in Chroot - /etc/mysql/my.cnfUnixCIS MySQL 4.1/5.1 OS L1 v1.0.2
2.1 FTP User IsolationWindowsCIS IIS 6.0 v1.0.0
2.3.2 RedHat bind-chroot Rpm 'ROOTDIR'UnixCIS ISC BIND 9.0/9.5 v2.0.0
9 - Isolate BIND via chroot or Solaris ZonesUnixBIND - TNS BIND Best Practices Audit v1.0.0
AS24-U1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.UnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000440 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000440 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.UnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.UnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-W1-000280 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000280 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W2-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000440 - Anonymous user access to the Apache web server application directories must be prohibited.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
CNTR-K8-001360 - Kubernetes must separate user functionality.UnixDISA STIG Kubernetes v2r1
DB2X-00-004800 - DB2 must separate user functionality (including user interface services) from database management functionalityIBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
Define and Categorize Assets on AWSamazon_awsTenable AWS Best Practice Audit
EC2: DescribeAccountAttributes - 'maximum security groups per interface'amazon_awsTenable AWS Best Practice Audit
EC2: DescribeAddresses - 'Review list of interface assignments and private IPs'amazon_awsTenable AWS Best Practice Audit
EC2: DescribeInstances - 'Verify the security group of instances in the VPC'amazon_awsTenable AWS Best Practice Audit
EC2: DescribeNetworkAcls - 'Review list of network ACLs'amazon_awsTenable AWS Best Practice Audit
EC2: DescribePlacementGroups - 'Placement groups currently in use'amazon_awsTenable AWS Best Practice Audit
EC2: DescribePlacementGroups - 'Placement groups deleted or deleting'amazon_awsTenable AWS Best Practice Audit
EC2: DescribePlacementGroups - 'Placement groups pending'amazon_awsTenable AWS Best Practice Audit
EC2: DescribeSecurityGroups - 'Review security groups'amazon_awsTenable AWS Best Practice Audit
EC2: DescribeSubnets - 'Current subnet list'amazon_awsTenable AWS Best Practice Audit
EC2: DescribeSubnets - 'Default subnets'amazon_awsTenable AWS Best Practice Audit
EP11-00-005100 - The EDB Postgres Advanced Server must separate user functionality (including user interface services) from database management functionality.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4