800-53|SC-32

Title

INFORMATION SYSTEM PARTITIONING

Description

The organization partitions the information system into [Assignment: organization-defined information system components] residing in separate physical domains or environments based on [Assignment: organization-defined circumstances for physical separation of components].

Supplemental

Information system partitioning is a part of a defense-in-depth protection strategy. Organizations determine the degree of physical separation of system components from physically distinct components in separate racks in the same room, to components in separate rooms for the more critical components, to more significant geographical separation of the most critical components. Security categorization can guide the selection of appropriate candidates for domain partitioning. Managed interfaces restrict or prohibit network access and information flow among partitioned information system components.

Reference Item Details

Related: AC-4,SA-8,SC-2,SC-3,SC-7

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P0

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.UnixDISA STIG Apache Server 2.4 Unix Site v2r4
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.UnixDISA STIG Apache Server 2.4 Unix Site v2r4 Middleware
GEN003620 - A separate file system must be used for user home directories (such as /home or an equivalent) - such as /home or equivalent.UnixDISA STIG for Oracle Linux 5 v2r1
GEN003620 - A separate file system must be used for user home directories (such as /home or equivalent).UnixDISA STIG AIX 5.3 v1r2
GEN003620 - A separate file system must be used for user home directories (such as /home or equivalent).UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN003620 - A separate file system must be used for user home directories (such as /home or equivalent).UnixDISA STIG AIX 6.1 v1r14
GEN003621 - The system must use a separate file system for /var.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN003621 - The system must use a separate file system for /var.UnixDISA STIG AIX 5.3 v1r2
GEN003621 - The system must use a separate file system for /var.UnixDISA STIG for Oracle Linux 5 v2r1
GEN003621 - The system must use a separate file system for /var.UnixDISA STIG AIX 6.1 v1r14
GEN003623 - The system must use a separate file system for the system audit data path.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN003623 - The system must use a separate file system for the system audit data path.UnixDISA STIG for Oracle Linux 5 v2r1
GEN003623 - The system must use a separate file system for the system audit data path.UnixDISA STIG AIX 5.3 v1r2
GEN003623 - The system must use a separate file system for the system audit data path.UnixDISA STIG AIX 6.1 v1r14
GEN003624 - The system must use a separate file system for /tmp (or equivalent).UnixDISA STIG AIX 6.1 v1r14
GEN003624 - The system must use a separate file system for /tmp (or equivalent).UnixDISA STIG AIX 5.3 v1r2
GEN003624 - The system must use a separate file system for /tmp (or equivalent).UnixDISA STIG for Oracle Linux 5 v2r1
GEN003624 - The system must use a separate file system for /tmp (or equivalent).UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN005380 - If the system is a Network Management System (NMS) server, it must only run the NMS and any software required by the NMS.UnixDISA STIG AIX 6.1 v1r14
GEN005380 - If the system is a Network Management System (NMS) server, it must only run the NMS and any software required by the NMS.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN005380 - If the system is a Network Management System (NMS) server, it must only run the NMS and any software required by the NMS.UnixDISA STIG AIX 5.3 v1r2
GEN005380 - If the system is a Network Management System (NMS) server, it must only run the NMS and any software required by the NMS.UnixDISA STIG for Oracle Linux 5 v2r1
GEN005580 - A system used for routing must not run other network services or applications.UnixDISA STIG AIX 6.1 v1r14
GEN005580 - A system used for routing must not run other network services or applications.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN005580 - A system used for routing must not run other network services or applications.UnixDISA STIG for Oracle Linux 5 v2r1
GEN005580 - A system used for routing must not run other network services or applications.UnixDISA STIG AIX 5.3 v1r2
GEN008680 - If the system boots from removable media, it must be stored in a safe or similarly secured container.UnixDISA STIG for Oracle Linux 5 v2r1
GEN008680 - If the system boots from removable media, it must be stored in a safe or similarly secured container.UnixDISA STIG AIX 5.3 v1r2
GEN008680 - If the system boots from removable media, it must be stored in a safe or similarly secured container.UnixDISA STIG AIX 6.1 v1r14
GEN008680 - If the system boots from removable media, it must be stored in a safe or similarly secured container.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit