AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Maintain separate execution domains for running processes | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Maintain separate execution domains for running processes
Id bfc540fe-376c-2eef-4355-121312fa4437
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1665 - Maintain separate execution domains for running processes
Additional metadata Name/Id: CMA_C1665 / CMA_C1665
Category: Operational
Title: Maintain separate execution domains for running processes
Ownership: Customer
Description: The customer is responsible for maintaining separate execution domains for running processes.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 6 compliance controls are associated with this Policy definition 'Maintain separate execution domains for running processes' (bfc540fe-376c-2eef-4355-121312fa4437)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 SC-39 FedRAMP_High_R4_SC-39 FedRAMP High SC-39 System And Communications Protection Process Isolation Shared n/a The information system maintains a separate execution domain for each executing process. Supplemental Guidance: Information systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each information system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. This capability is available in most commercial operating systems that employ multi-state processor technologies. Related controls: AC-3, AC-4, AC-6, SA-4, SA-5, SA-8, SC-2, SC-3. References: None. link 1
FedRAMP_Moderate_R4 SC-39 FedRAMP_Moderate_R4_SC-39 FedRAMP Moderate SC-39 System And Communications Protection Process Isolation Shared n/a The information system maintains a separate execution domain for each executing process. Supplemental Guidance: Information systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each information system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. This capability is available in most commercial operating systems that employ multi-state processor technologies. Related controls: AC-3, AC-4, AC-6, SA-4, SA-5, SA-8, SC-2, SC-3. References: None. link 1
hipaa 0817.01w2System.123-01.w hipaa-0817.01w2System.123-01.w 0817.01w2System.123-01.w 08 Network Protection 0817.01w2System.123-01.w 01.06 Application and Information Access Control Shared n/a Unless the risk is identified and accepted by the data owner, sensitive systems are isolated (physically or logically) from non-sensitive applications/systems. 13
hipaa 0818.01w3System.12-01.w hipaa-0818.01w3System.12-01.w 0818.01w3System.12-01.w 08 Network Protection 0818.01w3System.12-01.w 01.06 Application and Information Access Control Shared n/a Shared system resources (e.g., registers, main memory, secondary storage) are released back to the system, protected from disclosure to other systems/applications/users, and users cannot intentionally or unintentionally access information remnants. 4
NIST_SP_800-53_R4 SC-39 NIST_SP_800-53_R4_SC-39 NIST SP 800-53 Rev. 4 SC-39 System And Communications Protection Process Isolation Shared n/a The information system maintains a separate execution domain for each executing process. Supplemental Guidance: Information systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each information system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. This capability is available in most commercial operating systems that employ multi-state processor technologies. Related controls: AC-3, AC-4, AC-6, SA-4, SA-5, SA-8, SC-2, SC-3. References: None. link 1
NIST_SP_800-53_R5 SC-39 NIST_SP_800-53_R5_SC-39 NIST SP 800-53 Rev. 5 SC-39 System and Communications Protection Process Isolation Shared n/a Maintain a separate execution domain for each executing system process. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add bfc540fe-376c-2eef-4355-121312fa4437
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC