Skip to content
Log In

CCI-002530

Maintain a separate execution domain for each executing system process.

Enable ExecShield via sysctl

4 rules found Severity: Medium

Logo

Adobe Acrobat Pro DC Continuous Enhanced Security for browser mode must be enabled.

1 rule found Severity: Medium

Logo

Adobe Acrobat Pro DC Continuous Protected Mode must be enabled.

1 rule found Severity: Medium

Logo

Adobe Acrobat Pro DC Continuous Protected View must be enabled.

1 rule found Severity: Medium

Logo

Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.

1 rule found Severity: Medium

Logo

Google Android 12 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].

1 rule found Severity: Medium

Logo

Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes.

1 rule found Severity: Medium

Logo

Exchange software must be installed on a separate partition from the OS.

4 rules found Severity: Medium

Logo

The Exchange Email application must not share a partition with another application.

2 rules found Severity: Medium

Logo

Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data.

1 rule found Severity: Medium

Logo

Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data.

1 rule found Severity: Medium

Logo

Samsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes, and groups of application processes from accessing all data stored by other application processes, and groups of application processes.

2 rules found Severity: Medium

Logo

Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.

2 rules found Severity: Medium

Logo

Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data.

1 rule found Severity: Medium

Logo

Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data.

1 rule found Severity: Medium

Logo

CA IDMS must protect the system code and storage from corruption by user programs.

1 rule found Severity: Medium

Logo

CA IDMS must protect system and user code and storage from corruption by user programs.

1 rule found Severity: Medium

Logo

CA IDMS must prevent user code from issuing selected SVC privileged functions.

1 rule found Severity: Medium

Logo

Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].

2 rules found Severity: Medium

Logo

Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].

2 rules found Severity: Medium

Logo

CPU priority must be set appropriately on all containers.

1 rule found Severity: Medium

Logo

Host IPC namespace must not be shared.

1 rule found Severity: Medium

Logo

Samsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes and groups of application processes from accessing all data stored by other application processes and groups of application processes.

3 rules found Severity: Medium

Logo

Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data.

1 rule found Severity: Medium

Logo

The application must maintain a separate execution domain for each executing process.

1 rule found Severity: Medium

Logo

The container platform runtime must maintain separate execution domains for each container by assigning each container a separate address space.

1 rule found Severity: Medium

Logo

The DBMS must maintain a separate execution domain for each executing process.

1 rule found Severity: Medium

Logo

Google Android 15 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].

1 rule found Severity: Medium

Logo

The Mainframe Product must maintain a separate execution domain for each executing process.

1 rule found Severity: Medium

Logo

Trust must be established prior to enabling the loading of remote code in .Net 4.

1 rule found Severity: Medium

Logo

Software utilizing .Net 4.0 must be identified and relevant access controls configured.

1 rule found Severity: Medium

Logo

The Exchange email application must not share a partition with another application.

1 rule found Severity: Medium

Logo

SQL Server must maintain a separate execution domain for each executing process.

1 rule found Severity: Medium

Logo

SQL Server services must be configured to run under unique dedicated user accounts.

1 rule found Severity: Medium

Logo

Prisma Cloud Compute must run within a defined/separate namespace (e.g., Twistlock).

1 rule found Severity: Medium

Logo

Rancher RKE2 runtime must maintain separate execution domains for each container by assigning each container a separate address space to prevent unauthorized and unintended information transfer via shared system resources.

1 rule found Severity: Medium

Logo

The VMM must maintain a separate execution domain for each executing process.

1 rule found Severity: Medium

Logo

The VMM must maintain a separate execution domain for each guest VM.

1 rule found Severity: Medium

Logo

Zebra Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].

2 rules found Severity: Medium

Logo

Adobe Acrobat Pro DC Continuous Enhanced Security for standalone mode must be enabled.

1 rule found Severity: Medium

Logo