800-53|SC-39

Title

PROCESS ISOLATION

Description

The information system maintains a separate execution domain for each executing process.

Supplemental

Information systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each information system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. This capability is available in most commercial operating systems that employ multi-state processor technologies.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-3,AC-4,AC-6,SA-4,SA-5,SA-8,SC-2,SC-3

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.36 Ensure that the admission control plugin EventRateLimit is set	Unix	CIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.5 Ensure 'unique application pools' is set for sites	Windows	CIS IIS 8.0 v1.5.1 Level 1
1.5 Ensure 'unique application pools' is set for sites	Windows	CIS IIS 7 L1 v1.8.0
1.5.1 Ensure XD/NX support is enabled	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
1.5.1 Ensure XD/NX support is enabled	Unix	CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*	Unix	CIS Amazon Linux 2 STIG v1.0.0 L1
1.5.2 Ensure address space layout randomization (ASLR) is enabled - config	Unix	CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - config	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS Amazon Linux 2 STIG v1.0.0 L1
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
1.5.2 Ensure XD/NX support is enabled	Unix	CIS Oracle Linux 6 Server L1 v2.0.0
1.5.2 Ensure XD/NX support is enabled	Unix	CIS Debian 9 Workstation L1 v1.0.1
1.5.2 Ensure XD/NX support is enabled	Unix	CIS Debian 9 Server L1 v1.0.1
1.5.2 Ensure XD/NX support is enabled	Unix	CIS Oracle Linux 6 Workstation L1 v2.0.0
1.5.2 Ensure XD/NX support is enabled	Unix	CIS CentOS 6 Workstation L1 v3.0.0
1.5.2 Ensure XD/NX support is enabled	Unix	CIS CentOS 6 Server L1 v3.0.0
1.5.2 Ensure XD/NX support is enabled	Unix	CIS Distribution Independent Linux Server L1 v2.0.0
1.5.2 Ensure XD/NX support is enabled	Unix	CIS Distribution Independent Linux Workstation L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS Distribution Independent Linux Workstation L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS Debian 9 Server L1 v1.0.1
1.5.3 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS Distribution Independent Linux Server L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS Debian 9 Workstation L1 v1.0.1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*	Unix	CIS Oracle Linux 6 Workstation L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*	Unix	CIS Red Hat 6 Server L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*	Unix	CIS CentOS 6 Server L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*	Unix	CIS Red Hat 6 Workstation L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*	Unix	CIS Oracle Linux 6 Server L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*	Unix	CIS CentOS 6 Workstation L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS Red Hat 6 Server L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS CentOS 6 Workstation L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS CentOS 6 Server L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS Oracle Linux 6 Server L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS Oracle Linux 6 Workstation L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS Red Hat 6 Workstation L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS Debian 9 Workstation L1 v1.0.1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS Debian 9 Server L1 v1.0.1
1.6.1 Ensure XD/NX support is enabled	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.6.1 Ensure XD/NX support is enabled	Unix	CIS Debian Family Server L1 v1.0.0
1.6.1 Ensure XD/NX support is enabled	Unix	CIS Debian Family Workstation L1 v1.0.0
1.6.1 Ensure XD/NX support is enabled	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS Debian Family Workstation L1 v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled	Unix	CIS Debian Family Server L1 v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - config	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - config	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctl	Unix	CIS Debian Family Workstation L1 v1.0.0
1.6.2 Ensure XD/NX support is enabled	Unix	CIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.6.2 Ensure XD/NX support is enabled	Unix	CIS Fedora 19 Family Linux Server L1 v1.0.0

Detections

Analytics