800-53|SC-2

Title

APPLICATION PARTITIONING

Description

The information system separates user functionality (including user interface services) from information system management functionality.

Supplemental

Information system management functionality includes, for example, functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from information system management functionality is either physical or logical. Organizations implement separation of system management-related functionality from user functionality by using different computers, different central processing units, different instances of operating systems, different network addresses, virtualization techniques, or combinations of these or other methods, as appropriate. This type of separation includes, for example, web administrative interfaces that use separate authentication methods for users of any other information system resources. Separation of system and user functionality may include isolating administrative interfaces on different domains and with additional access controls.

Reference Item Details

Related: SA-4,SA-8,SC-3

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.3.2 RedHat bind-chroot Rpm 'ROOTDIR'UnixCIS ISC BIND 9.0/9.5 v2.0.0
AS24-U1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.UnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000440 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000440 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.UnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-U1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.UnixDISA STIG Apache Server 2.4 Unix Server v3r1
AS24-U1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.UnixDISA STIG Apache Server 2.4 Unix Server v3r1 Middleware
AS24-W1-000280 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000280 - Apache web server application directories, libraries, and configuration files must only be accessible to privileged users.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W1-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.WindowsDISA STIG Apache Server 2.4 Windows Server v2r3
AS24-W1-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.WindowsDISA STIG Apache Server 2.4 Windows Server v3r1
AS24-W2-000430 - Apache web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000440 - Anonymous user access to the Apache web server application directories must be prohibited.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000450 - The Apache web server must separate the hosted applications from hosted Apache web server management functionality.WindowsDISA STIG Apache Server 2.4 Windows Site v2r1
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-171
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - All Profiles
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 High
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-53r4 Moderate
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - CNSSI 1253
Big Sur - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Big Sur v1.4.0 - 800-53r5 Moderate
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - CNSSI 1253
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-171
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-53r4 High
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-53r4 Moderate
Catalina - Configure the System to Separate User and System Functionality - separateUnixNIST macOS Catalina v1.5.0 - 800-53r5 Moderate
CD12-00-008500 - PostgreSQL must separate user functionality (including user interface services) from database management functionality.UnixDISA STIG Crunchy Data PostgreSQL OS v3r1
CNTR-K8-001360 - Kubernetes must separate user functionality.UnixDISA STIG Kubernetes v2r1
DB2X-00-004800 - DB2 must separate user functionality (including user interface services) from database management functionalityIBM_DB2DBDISA STIG IBM DB2 v10.5 LUW v2r1 Database
EP11-00-005100 - The EDB Postgres Advanced Server must separate user functionality (including user interface services) from database management functionality.PostgreSQLDBEDB PostgreSQL Advanced Server v11 DB Audit v2r4
EPAS-00-005100 - The EDB Postgres Advanced Server must separate user functionality (including user interface services) from database management functionality.UnixEnterpriseDB PostgreSQL Advanced Server OS Linux v2r1
EX13-MB-000100 - Exchange Mailbox databases must reside on a dedicated partition.WindowsDISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX16-MB-000200 - Exchange Mailbox databases must reside on a dedicated partition.WindowsDISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
EX19-ED-000094 Exchange queue database must reside on a dedicated partition.WindowsDISA Microsoft Exchange 2019 Edge Server STIG v2r1
EX19-MB-000105 Exchange Mailbox databases must reside on a dedicated partition.WindowsDISA Microsoft Exchange 2019 Mailbox Server STIG v2r1
IIST-SI-000221 - Anonymous IIS 10.0 website access accounts must be restricted.WindowsDISA IIS 10.0 Site v2r9
IIST-SV-000131 - IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.WindowsDISA IIS 10.0 Server v2r10
IIST-SV-000131 - IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.WindowsDISA IIS 10.0 Server v3r1
IIST-SV-000132 - The IIS 10.0 web server must separate the hosted applications from hosted web server management functionality.WindowsDISA IIS 10.0 Server v2r10
IIST-SV-000132 - The IIS 10.0 web server must separate the hosted applications from hosted web server management functionality.WindowsDISA IIS 10.0 Server v3r1
IISW-SI-000221 - Anonymous IIS 8.5 website access accounts must be restricted.WindowsDISA IIS 8.5 Site v2r9
IISW-SV-000131 - IIS 8.5 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts.WindowsDISA IIS 8.5 Server v2r7
IISW-SV-000132 - The IIS 8.5 web server must separate the hosted applications from hosted web server management functionality.WindowsDISA IIS 8.5 Server v2r7
JBOS-AS-000355 - The JBoss server must separate hosted application functionality from application server management functionality.UnixDISA RedHat JBoss EAP 6.3 STIG v2r4
MADB-10-004600 - MariaDB must separate user functionality (including user interface services) from database management functionality.MySQLDBDISA MariaDB Enterprise 10.x v2r1 DB
MD3X-00-000390 - MongoDB must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).MongoDBDISA STIG MongoDB Enterprise Advanced 3.x v2r3 DB