800-53|AC-4(2)

Title

PROCESSING DOMAINS

Description

The information system uses protected processing domains to enforce [Assignment: organization-defined information flow control policies] as a basis for flow control decisions.

Supplemental

Within information systems, protected processing domains are processing spaces that have controlled interactions with other processing spaces, thus enabling control of information flows between these spaces and to/from data/information objects. A protected processing domain can be provided, for example, by implementing domain and type enforcement. In domain and type enforcement, information system processes are assigned to domains; information is identified by types; and information flows are controlled based on allowed information accesses (determined by domain and type), allowed signaling among domains, and allowed process transitions to other domains.

Reference Item Details

Category: ACCESS CONTROL

Parent Title: INFORMATION FLOW ENFORCEMENT

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AIOS-14-005200 - Apple iOS/iPadOS must not allow non-DoD applications to access DoD data.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r3
AIOS-14-005200 - Apple iOS/iPadOS must not allow non-DoD applications to access DoD data.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r3
GOOG-09-004500 - The Google Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/PasteMDMMobileIron - DISA Google Android 9.x v2r1
GOOG-09-004500 - The Google Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Sharing data into the profileMDMMobileIron - DISA Google Android 9.x v2r1
GOOG-09-004500 - The Google Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.MDMAirWatch - DISA Google Android 9.x v2r1
GOOG-10-004500 - Google Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/PasteMDMMobileIron - DISA Google Android 10.x v2r1
GOOG-10-004500 - Google Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Sharing data into the profileMDMMobileIron - DISA Google Android 10.x v2r1
GOOG-10-004500 - Google Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.MDMAirWatch - DISA Google Android 10.x v2r1
GOOG-11-004500 - Google Android 11 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/PasteMDMMobileIron - DISA Google Android 11 COPE v2r1
GOOG-11-004500 - Google Android 11 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - sharing dataMDMMobileIron - DISA Google Android 11 COPE v2r1
GOOG-11-004500 - Google Android 11 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.MDMAirWatch - DISA Google Android 11 COPE v2r1
HONW-09-004500 - The Honeywell Mobility Edge Android Pie device must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/PasteMDMMobileIron - DISA Honeywell Android 9.x COPE v1r2
HONW-09-004500 - The Honeywell Mobility Edge Android Pie device must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Sharing data into the profileMDMMobileIron - DISA Honeywell Android 9.x COPE v1r2
HONW-09-004500 - The Honeywell Mobility Edge Android Pie device must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.MDMAirWatch - DISA Honeywell Android 9.x COPE v1r2
KNOX-07-005500 - The Samsung must be configured to disable exceptions to the access control policy.MDMAirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-005500 - The Samsung must be configured to disable exceptions to the access control policy.MDMMobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
MOTO-09-004500 - The Motorola Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/PasteMDMMobileIron - DISA Motorola Android Pie.x COPE v1r2
MOTO-09-004500 - The Motorola Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Sharing data into the profileMDMMobileIron - DISA Motorola Android Pie.x COPE v1r2
MOTO-09-004500 - The Motorola Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.MDMAirWatch - DISA Motorola Android Pie.x COPE v1r2
ZEBR-10-004500 - Zebra Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/PasteMDMMobileIron - DISA Zebra Android 10 COPE v1r2
ZEBR-10-004500 - Zebra Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Sharing data into the profileMDMMobileIron - DISA Zebra Android 10 COPE v1r2
ZEBR-10-004500 - Zebra Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.MDMAirWatch - DISA Zebra Android 10 COPE v1r2