800-53|AC-6(4)

Title

SEPARATE PROCESSING DOMAINS

Description

The information system provides separate processing domains to enable finer-grained allocation of user privileges.

Supplemental

Providing separate processing domains for finer-grained allocation of user privileges includes, for example: (i) using virtualization techniques to allow additional privileges within a virtual machine while restricting privileges to other virtual machines or to the underlying actual machine; (ii) employing hardware and/or software domain separation mechanisms; and (iii) implementing separate physical domains.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-4,SC-3,SC-30,SC-32

Category: ACCESS CONTROL

Parent Title: LEAST PRIVILEGE

Family: ACCESS CONTROL

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.1 Enable Secure Admin Access - 'telnet.distinct.enable = on'	NetApp	TNS NetApp Data ONTAP 7G
5.3 Ensure Linux Kernel Capabilities are restricted within containers	Unix	CIS Docker Community Edition v1.1.0 L1 Docker
5.3 Restrict Linux Kernel Capabilities within containers	Unix	CIS Docker 1.12.0 v1.0.0 L1 Docker
5.3 Restrict Linux Kernel Capabilities within containers	Unix	CIS Docker 1.13.0 v1.0.0 L1 Docker
5.3 Restrict Linux Kernel Capabilities within containers	Unix	CIS Docker 1.11.0 v1.0.0 L1 Docker
5.4 Do not use privileged containers	Unix	CIS Docker 1.12.0 v1.0.0 L1 Docker
5.4 Do not use privileged containers	Unix	CIS Docker 1.11.0 v1.0.0 L1 Docker
5.4 Do not use privileged containers	Unix	CIS Docker 1.13.0 v1.0.0 L1 Docker
5.4 Ensure privileged containers are not used	Unix	CIS Docker Community Edition v1.1.0 L1 Docker
5.4 Restrict Linux Kernel Capabilities within containers	Unix	CIS Docker 1.6 v1.0.0 L1 Docker

Detections

Analytics