800-53|SC-4

Title

INFORMATION IN SHARED RESOURCES

Description

The information system prevents unauthorized and unintended information transfer via shared system resources.

Supplemental

This control prevents information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection. This control does not address: (i) information remanence which refers to residual representation of data that has been nominally erased or removed; (ii) covert channels (including storage and/or timing channels) where shared resources are manipulated to violate information flow restrictions; or (iii) components within information systems for which there are only single users/roles.

Reference Item Details

Related: AC-3,AC-4,MP-6

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Create a separate partition for containersUnixCIS Docker 1.13.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containersUnixCIS Docker 1.11.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containersUnixCIS Docker 1.12.0 v1.0.0 L1 Linux
1.1 Create a separate partition for containersUnixCIS Docker 1.6 v1.0.0 L1 Linux
1.1 Ensure a separate partition for containers has been createdUnixCIS Docker Community Edition v1.1.0 L1 Linux Host OS
1.1 Place Databases on Non-System PartitionsUnixCIS MySQL 5.7 Community Linux OS L1 v2.0.0
1.1 Place Databases on Non-System PartitionsWindowsCIS MySQL 5.7 Community Windows OS L1 v2.0.0
1.1 Place Databases on Non-System PartitionsWindowsCIS MySQL 5.6 Community Windows OS L1 v2.0.0
1.1 Place Databases on Non-System PartitionsMySQLDBCIS MySQL 5.7 Community Database L1 v2.0.0
1.1 Place Databases on Non-System PartitionsMySQLDBCIS MySQL 5.6 Community Database L1 v2.0.0
1.1 Place Databases on Non-System PartitionsMySQLDBCIS MySQL 5.7 Enterprise Database L1 v2.0.0
1.1 Place Databases on Non-System PartitionsUnixCIS MariaDB 10.6 on Linux L1 v1.0.0
1.1 Place Databases on Non-System PartitionsUnixCIS MySQL 8.0 Enterprise Linux OS L1 v1.3.0
1.1 Place Databases on Non-System PartitionsUnixCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0
1.1 Place Databases on Non-System PartitionsMySQLDBCIS MySQL 5.6 Enterprise Database L1 v2.0.0
1.1 Place Databases on Non-System PartitionsUnixCIS MySQL 5.6 Community Linux OS L1 v2.0.0
1.1 Place Databases on Non-System PartitionsWindowsCIS MySQL 5.7 Enterprise Windows OS L1 v2.0.0
1.1 Place Databases on Non-System PartitionsWindowsCIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0
1.1 Place Databases on Non-System PartitionsUnixCIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0
1.1 Place Databases on Non-System PartitionsUnixCIS MySQL 8.0 Community Linux OS L1 v1.0.0
1.1.1 Ensure a separate partition for containers has been createdUnixCIS Docker v1.6.0 L1 Docker Linux
1.2 Ensure Single-Function Member Servers are UsedMS_SQLDBCIS SQL Server 2019 Database L1 DB v1.3.0
1.2 Ensure Single-Function Member Servers are UsedMS_SQLDBCIS SQL Server 2022 Database L1 DB v1.0.0
1.2 Ensure Single-Function Member Servers are UsedMS_SQLDBCIS SQL Server 2022 Database L1 AWS RDS v1.0.0
1.2 Ensure Single-Function Member Servers are UsedMS_SQLDBCIS SQL Server 2019 Database L1 AWS RDS v1.3.0
1.2 Ensure Single-Function Member Servers are UsedWindowsCIS SQL Server 2017 Database L1 OS v1.3.0
1.2 Ensure Single-Function Member Servers are UsedWindowsCIS SQL Server 2016 Database L1 OS v1.4.0
1.7 Ensure MariaDB is Run Under a Sandbox EnvironmentUnixCIS MariaDB 10.6 on Linux L2 v1.0.0
1.7 Ensure MariaDB is Run Under a Sandbox EnvironmentMySQLDBCIS MariaDB 10.6 Database L2 v1.0.0
1.7 Ensure MySQL is Run Under a Sandbox EnvironmentUnixCIS MySQL 8.0 Enterprise Linux OS L2 v1.3.0
1.7 Ensure MySQL is Run Under a Sandbox EnvironmentUnixCIS MySQL 8.0 Community Linux OS L2 v1.0.0
1.9 Ensure appropriate DefaultDS is enabledUnixRedhat JBoss EAP 5.x
1.12 Ensure HSQLDB Security Domain is removed - 'HsqlDbRealm = false'UnixRedhat JBoss EAP 5.x
2.2 Dedicate the Machine Running MariaDBMySQLDBCIS MariaDB 10.6 Database L1 v1.0.0
2.2 Dedicate the Machine Running MariaDBUnixCIS MariaDB 10.6 on Linux L1 v1.0.0
2.2 Dedicate the Machine Running MySQLWindowsCIS MySQL 5.6 Community Windows OS L1 v2.0.0
2.2 Dedicate the Machine Running MySQLWindowsCIS MySQL 5.7 Enterprise Windows OS L1 v2.0.0
2.2 Dedicate the Machine Running MySQLMySQLDBCIS MySQL 5.6 Enterprise Database L1 v2.0.0
2.2 Dedicate the Machine Running MySQLUnixCIS MySQL 5.7 Community Linux OS L1 v2.0.0
2.2 Dedicate the Machine Running MySQLWindowsCIS MySQL 5.7 Community Windows OS L1 v2.0.0
2.2 Dedicate the Machine Running MySQLUnixCIS MySQL 5.6 Enterprise Linux OS L1 v2.0.0
2.2 Dedicate the Machine Running MySQLMySQLDBCIS MySQL 5.6 Community Database L1 v2.0.0
2.2 Dedicate the Machine Running MySQLUnixCIS MySQL 5.6 Community Linux OS L1 v2.0.0
2.2 Dedicate the Machine Running MySQLWindowsCIS MySQL 5.6 Enterprise Windows OS L1 v2.0.0
2.2 Dedicate the Machine Running MySQLUnixCIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0
2.3 Dedicate the Machine Running MySQLUnixCIS MySQL 8.0 Enterprise Linux OS L1 v1.3.0
2.3 Dedicate the Machine Running MySQLUnixCIS MySQL 8.0 Community Linux OS L1 v1.0.0
2.015 - File share ACLs have not been reconfigured to remove the Everyone group.WindowsDISA Windows Vista STIG v6r41
3.018 - Anonymous shares are not restricted. - RestrictAnonymousWindowsDISA Windows Vista STIG v6r41
3.018 - Anonymous shares are not restricted. - RestrictAnonymousSAMWindowsDISA Windows Vista STIG v6r41