800-53|SC-39

Title

PROCESS ISOLATION

Description

The information system maintains a separate execution domain for each executing process.

Supplemental

Information systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each information system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. This capability is available in most commercial operating systems that employ multi-state processor technologies.

Reference Item Details

Related: AC-3,AC-4,AC-6,SA-4,SA-5,SA-8,SC-2,SC-3

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.36 Ensure that the admission control plugin EventRateLimit is setUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.5 Ensure 'unique application pools' is set for sitesWindowsCIS IIS 8.0 v1.5.1 Level 1
1.5 Ensure 'unique application pools' is set for sitesWindowsCIS IIS 7 L1 v1.8.0
1.5.1 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
1.5.1 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS Amazon Linux 2 STIG v1.0.0 L1
1.5.2 Ensure address space layout randomization (ASLR) is enabled - configUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - configUnixCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0
1.5.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Amazon Linux 2 STIG v1.0.0 L1
1.5.2 Ensure XD/NX support is enabledUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
1.5.2 Ensure XD/NX support is enabledUnixCIS Debian 9 Server L1 v1.0.1
1.5.2 Ensure XD/NX support is enabledUnixCIS Debian 9 Workstation L1 v1.0.1
1.5.2 Ensure XD/NX support is enabledUnixCIS CentOS 6 Workstation L1 v3.0.0
1.5.2 Ensure XD/NX support is enabledUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.5.2 Ensure XD/NX support is enabledUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.5.2 Ensure XD/NX support is enabledUnixCIS Distribution Independent Linux Server L1 v2.0.0
1.5.2 Ensure XD/NX support is enabledUnixCIS CentOS 6 Server L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Debian 9 Server L1 v1.0.1
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Distribution Independent Linux Server L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Distribution Independent Linux Workstation L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabledUnixCIS Debian 9 Workstation L1 v1.0.1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS Red Hat 6 Server L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS Red Hat 6 Workstation L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS CentOS 6 Workstation L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS Oracle Linux 6 Server L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS CentOS 6 Server L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/*UnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Oracle Linux 6 Workstation L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS CentOS 6 Server L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS CentOS 6 Workstation L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Debian 9 Workstation L1 v1.0.1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Red Hat 6 Workstation L1 v3.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Oracle Linux 6 Server L1 v2.0.0
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Debian 9 Server L1 v1.0.1
1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Red Hat 6 Server L1 v3.0.0
1.6.1 Ensure XD/NX support is enabledUnixCIS Debian Family Workstation L1 v1.0.0
1.6.1 Ensure XD/NX support is enabledUnixCIS Debian Family Server L1 v1.0.0
1.6.1 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.6.1 Ensure XD/NX support is enabledUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabledUnixCIS Debian Family Workstation L1 v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabledUnixCIS Debian Family Server L1 v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - configUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - configUnixCIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Debian Family Workstation L1 v1.0.0
1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctlUnixCIS Debian Family Server L1 v1.0.0
1.6.2 Ensure XD/NX support is enabledUnixCIS Fedora 19 Family Linux Workstation L1 v1.0.0
1.6.2 Ensure XD/NX support is enabledUnixCIS Fedora 19 Family Linux Server L1 v1.0.0