800-53|SC-2

Title

APPLICATION PARTITIONING

Description

The information system separates user functionality (including user interface services) from information system management functionality.

Supplemental

Information system management functionality includes, for example, functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from information system management functionality is either physical or logical. Organizations implement separation of system management-related functionality from user functionality by using different computers, different central processing units, different instances of operating systems, different network addresses, virtualization techniques, or combinations of these or other methods, as appropriate. This type of separation includes, for example, web administrative interfaces that use separate authentication methods for users of any other information system resources. Separation of system and user functionality may include isolating administrative interfaces on different domains and with additional access controls.

Reference Item Details

Related: SA-4,SA-8,SC-3

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.3.2 RedHat bind-chroot Rpm 'ROOTDIR'UnixCIS ISC BIND 9.0/9.5 v2.0.0
AS24-U1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.UnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.UnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000440 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.UnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000440 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.UnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-U1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.UnixDISA STIG Apache Server 2.4 Unix Server v2r5
AS24-U1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.UnixDISA STIG Apache Server 2.4 Unix Server v2r5 Middleware
AS24-W1-000280 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.WindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.WindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.WindowsDISA STIG Apache Server 2.4 Windows Server v2r2
AS24-W2-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000440 - Anonymous user access to the Apache web server application directories must be prohibited.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - All Profiles
CNTR-K8-001360 - Kubernetes must separate user functionality.UnixDISA STIG Kubernetes v1r5
EX13-MB-000100 - Exchange Mailbox databases must reside on a dedicated partition.WindowsDISA Microsoft Exchange 2013 Mailbox Server STIG v2r2
EX16-MB-000200 - Exchange Mailbox databases must reside on a dedicated partition.WindowsDISA Microsoft Exchange 2016 Mailbox Server STIG v2r4
IIST-SI-000221 - Anonymous IIS 10.0 website access accounts must be restricted - Anonymous usernameWindowsDISA IIS 10.0 Site v2r5
IIST-SI-000221 - Anonymous IIS 10.0 website access accounts must be restricted - Local System GroupsWindowsDISA IIS 10.0 Site v2r5
IIST-SV-000131 - IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.WindowsDISA IIS 10.0 Server v2r5
IIST-SV-000132 - The IIS 10.0 web server must separate the hosted applications from hosted web server management functionality.WindowsDISA IIS 10.0 Server v2r5
IISW-SI-000221 - Anonymous IIS 8.5 website access accounts must be restricted - Anonymous usernameWindowsDISA IIS 8.5 Site v2r5
IISW-SI-000221 - Anonymous IIS 8.5 website access accounts must be restricted - Local System GroupsWindowsDISA IIS 8.5 Site v2r5
IISW-SV-000131 - IIS 8.5 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.WindowsDISA IIS 8.5 Server v2r3
IISW-SV-000132 - The IIS 8.5 web server must separate the hosted applications from hosted web server management functionality.WindowsDISA IIS 8.5 Server v2r3
JBOS-AS-000355 - The JBoss server must separate hosted application functionality from application server management functionality.UnixDISA RedHat JBoss EAP 6.3 STIG v2r3
MD3X-00-000390 - MongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).MongoDBDISA STIG MongoDB Enterprise Advanced 3.x v2r1 DB
MD4X-00-000700 - MongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).MongoDBDISA STIG MongoDB Enterprise Advanced 4.x v1r1 DB
Monterey - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Monterey v1.0.0 - 800-171
Monterey - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Monterey v1.0.0 - CNSSI 1253
Monterey - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Monterey v1.0.0 - 800-53r4 Moderate
Monterey - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Monterey v1.0.0 - 800-53r4 High
Monterey - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Monterey v1.0.0 - All Profiles
Monterey - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Monterey v1.0.0 - 800-53r5 Moderate
OH12-1X-000266 - OHS accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.UnixDISA STIG Oracle HTTP Server 12.1.3 v2r1
PGS9-00-008500 - PostgreSQL must separate user functionality (including user interface services) from database management functionality.UnixDISA STIG PostgreSQL 9.x on RHEL OS v2r2