800-53|AC-4(2)

Title

PROCESSING DOMAINS

Description

The information system uses protected processing domains to enforce [Assignment: organization-defined information flow control policies] as a basis for flow control decisions.

Supplemental

Within information systems, protected processing domains are processing spaces that have controlled interactions with other processing spaces, thus enabling control of information flows between these spaces and to/from data/information objects. A protected processing domain can be provided, for example, by implementing domain and type enforcement. In domain and type enforcement, information system processes are assigned to domains; information is identified by types; and information flows are controlled based on allowed information accesses (determined by domain and type), allowed signaling among domains, and allowed process transitions to other domains.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: ACCESS CONTROL

Parent Title: INFORMATION FLOW ENFORCEMENT

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AIOS-14-005200 - Apple iOS/iPadOS must not allow non-DoD applications to access DoD data.	MDM	MobileIron - DISA Apple iOS/iPadOS 14 v1r3
AIOS-14-005200 - Apple iOS/iPadOS must not allow non-DoD applications to access DoD data.	MDM	AirWatch - DISA Apple iOS/iPadOS 14 v1r3
DTBI320 - Internet Explorer must be configured to use machine settings.	Windows	DISA STIG IE 10 V1R16
DTBI320 - Security zone machine settings - 'Security_HKLM_only = 1'.	Windows	DISA STIG IE 9 v1r5
DTBI320-IE11 - Internet Explorer must be configured to use machine settings.	Windows	DISA STIG IE 11 v1r18
DTBI320-IE11 - Internet Explorer must be configured to use machine settings.	Windows	DISA STIG IE 11 v1r19
DTBI320-IE11 - Internet Explorer must be configured to use machine settings.	Windows	DISA STIG IE 11 v2r1
GOOG-09-004500 - The Google Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/Paste	MDM	MobileIron - DISA Google Android 9.x v2r1
GOOG-09-004500 - The Google Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Sharing data into the profile	MDM	MobileIron - DISA Google Android 9.x v2r1
GOOG-09-004500 - The Google Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.	MDM	AirWatch - DISA Google Android 9.x v2r1
GOOG-10-004500 - Google Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/Paste	MDM	MobileIron - DISA Google Android 10.x v2r1
GOOG-10-004500 - Google Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Sharing data into the profile	MDM	MobileIron - DISA Google Android 10.x v2r1
GOOG-10-004500 - Google Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.	MDM	AirWatch - DISA Google Android 10.x v2r1
GOOG-11-004500 - Google Android 11 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/Paste	MDM	MobileIron - DISA Google Android 11 COPE v2r1
GOOG-11-004500 - Google Android 11 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - sharing data	MDM	MobileIron - DISA Google Android 11 COPE v2r1
GOOG-11-004500 - Google Android 11 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.	MDM	AirWatch - DISA Google Android 11 COPE v2r1
HONW-09-004500 - The Honeywell Mobility Edge Android Pie device must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/Paste	MDM	MobileIron - DISA Honeywell Android 9.x COPE v1r1
HONW-09-004500 - The Honeywell Mobility Edge Android Pie device must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Sharing data into the profile	MDM	MobileIron - DISA Honeywell Android 9.x COPE v1r1
HONW-09-004500 - The Honeywell Mobility Edge Android Pie device must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.	MDM	AirWatch - DISA Honeywell Android 9.x COPE v1r1
KNOX-07-005500 - The Samsung must be configured to disable exceptions to the access control policy.	MDM	AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1
KNOX-07-005500 - The Samsung must be configured to disable exceptions to the access control policy.	MDM	MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1
MOTO-09-004500 - The Motorola Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/Paste	MDM	MobileIron - DISA Motorola Android Pie.x COPE v1r2
MOTO-09-004500 - The Motorola Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Sharing data into the profile	MDM	MobileIron - DISA Motorola Android Pie.x COPE v1r2
MOTO-09-004500 - The Motorola Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.	MDM	AirWatch - DISA Motorola Android Pie.x COPE v1r2
Security Zones: Use only machine settings	Windows	MSCT Windows 10 v1703 v1.0.0
Security Zones: Use only machine settings	Windows	MSCT Windows 10 v1709 v1.0.0
Security Zones: Use only machine settings	Windows	MSCT Windows 10 1607 v1.0.0
Security Zones: Use only machine settings	Windows	MSCT Windows 10 v1511 v1.0.0
ZEBR-10-004500 - Zebra Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/Paste	MDM	MobileIron - DISA Zebra Android 10 COPE v1r2
ZEBR-10-004500 - Zebra Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Sharing data into the profile	MDM	MobileIron - DISA Zebra Android 10 COPE v1r2
ZEBR-10-004500 - Zebra Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes.	MDM	AirWatch - DISA Zebra Android 10 COPE v1r2

Detections

Analytics