CCI|CCI-002530

Title

Maintain a separate execution domain for each executing system process.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AADC-CL-000205 - Adobe Acrobat Pro DC Classic Enhanced Security for standalone mode must be enabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CL-000210 - Adobe Acrobat Pro DC Classic Enhanced Security for browser mode must be enabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CL-001010 - Adobe Acrobat Pro DC Classic Protected Mode must be enabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CL-001015 - Adobe Acrobat Pro DC Classic Protected View must be enabled.WindowsDISA STIG Adobe Acrobat Pro DC Classic Track v2r1
AADC-CN-000205 - Adobe Acrobat Pro DC Continuous Enhanced Security for standalone mode must be enabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
AADC-CN-000210 - Adobe Acrobat Pro DC Continuous Enhanced Security for browser mode must be enabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
AADC-CN-001010 - Adobe Acrobat Pro DC Continuous Protected Mode must be enabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
AADC-CN-001015 - Adobe Acrobat Pro DC Continuous Protected View must be enabled.WindowsDISA STIG Adobe Acrobat Pro DC Continuous Track v2r1
ADBP-XI-000205 - Adobe Acrobat Pro XI Enhanced Security for standalone mode must be enabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-000210 - Adobe Acrobat Pro XI Enhanced Security for browser mode must be enabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-001010 - Adobe Acrobat Pro XI Protected Mode must be enabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
ADBP-XI-001015 - Adobe Acrobat Pro XI Protected View must be enabled.WindowsDISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2
AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.MDMMobileIron - DISA Apple iOS/iPadOS 14 v1r4
AIOS-15-009700 - Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.MDMAirWatch - DISA Apple iOS/iPadOS 14 v1r4
AIOS-16-009700 - Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data.MDMAirWatch - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-009700 - Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data.MDMMobileIron - DISA Apple iOS/iPadOS 16 v2r1
AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1
AIOS-16-709700 - Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1
AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 16 BYOAD v1r1
AIOS-16-714900 - Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 16 v1r1
AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-009700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 17 v2r1
AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIOS-17-709700 - Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data.MDMMobileIron - DISA Apple iOS/iPadOS BYOAD 17 v1r1
AIOS-17-714900 - Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 17 BYOAD v1r1
AIOS-18-009700 - Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data.MDMMobileIron - DISA Apple iOS/iPadOS 18 v1r1
AIOS-18-009700 - Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data.MDMAirWatch - DISA Apple iOS/iPadOS 18 v1r1
APPNET0065 - Trust must be established prior to enabling the loading of remote code in .Net 4.WindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r4
APPNET0070 - Software utilizing .Net 4.0 must be identified and relevant access controls configured.WindowsDISA STIG for Microsoft Dot Net Framework 4.0 v2r4
CNTR-R2-000970 Rancher RKE2 runtime must maintain separate execution domains for each container by assigning each container a separate address space to prevent unauthorized and unintended information transfer via shared system resources.UnixDISA Rancher Government Solutions RKE2 STIG v2r2
EX13-CA-000140 - Exchange software must be installed on a separate partition from the OS.WindowsDISA Microsoft Exchange 2013 Client Access Server STIG v2r2
EX13-EG-000310 - Exchange software must be installed on a separate partition from the OS.WindowsDISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6
EX13-MB-000310 - The Exchange Email application must not share a partition with another application.WindowsDISA Microsoft Exchange 2013 Mailbox Server STIG v2r3
EX16-ED-000620 - Exchange software must be installed on a separate partition from the OS.WindowsDISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5
EX16-MB-000620 - The Exchange Email application must not share a partition with another application.WindowsDISA Microsoft Exchange 2016 Mailbox Server STIG v2r6
EX19-ED-000230 - Exchange software must be installed on a separate partition from the OS.WindowsDISA Microsoft Exchange 2019 Edge Server STIG v2r1
EX19-MB-000229 - The Exchange email application must not share a partition with another application.WindowsDISA Microsoft Exchange 2019 Mailbox Server STIG v2r2
GOOG-12-008900 - Google Android 12 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].MDMAirWatch - DISA Google Android 12 COPE v1r2
GOOG-12-008900 - Google Android 12 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].MDMMobileIron - DISA Google Android 12 COPE v1r2
GOOG-13-008900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].MDMAirWatch - DISA Google Android 13 COPE v2r1
GOOG-13-708900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].MDMAirWatch - DISA Google Android 13 BYOD v1r2
GOOG-13-708900 - Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].MDMMobileIron - DISA Google Android 13 BYOD v1r2
GOOG-14-008900 - Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].MDMAirWatch - DISA Google Android 14 COPE v2r1
GOOG-14-708900 - Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].MDMAirWatch - DISA Google Android 14 BYOAD v1r1
MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes - Copy/PasteMDMMobileIron - DISA Microsoft Android 11 COPE v1r2
MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes - Sharing data into the profileMDMMobileIron - DISA Microsoft Android 11 COPE v1r2
MSFT-11-004500 - Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes.MDMAirWatch - DISA Microsoft Android 11 COPE v1r2
SQL6-D0-012300 - SQL Server must maintain a separate execution domain for each executing process.MS_SQLDBDISA STIG SQL Server 2016 Instance DB Audit v3r2
SQL6-D0-012400 - SQL Server services must be configured to run under unique dedicated user accounts.MS_SQLDBDISA STIG SQL Server 2016 Instance DB Audit v3r2