Skip to content
ATO Pathways
  Log In

CCI-002530

Maintain a separate execution domain for each executing system process.

Logo
12

Rule

Severity: Medium
Enable ExecShield via sysctl
Logo
1

Rule

Severity: Medium
Adobe Acrobat Pro DC Continuous Enhanced Security for browser mode must be enabled.
Logo
1

Rule

Severity: Medium
Adobe Acrobat Pro DC Continuous Protected Mode must be enabled.
Logo
1

Rule

Severity: Medium
Adobe Acrobat Pro DC Continuous Protected View must be enabled.
Logo
1

Rule

Severity: Medium
Apple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.
Logo
2

Rule

Severity: Medium
The application must maintain a separate execution domain for each executing process.
Logo
2

Rule

Severity: Medium
CA IDMS must protect the system code and storage from corruption by user programs.
Logo
2

Rule

Severity: Medium
CA IDMS must protect system and user code and storage from corruption by user programs.
Logo
2

Rule

Severity: Medium
CA IDMS must prevent user code from issuing selected SVC privileged functions.
Logo
1

Rule

Severity: Medium
Google Android 12 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].
Logo
4

Rule

Severity: Medium
Google Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].
Logo
2

Rule

Severity: Medium
The Mainframe Product must maintain a separate execution domain for each executing process.
Logo
1

Rule

Severity: Medium
Microsoft Android 11 must be configured to disable exceptions to the access control policy that prevent application processes from accessing all data stored by other application processes.
Logo
5

Rule

Severity: Medium
Exchange software must be installed on a separate partition from the OS.
Logo
2

Rule

Severity: Medium
The Exchange Email application must not share a partition with another application.
Logo
2

Rule

Severity: Medium
Prisma Cloud Compute must run within a defined/separate namespace (e.g., Twistlock).
Logo
3

Rule

Severity: Medium
Samsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes, and groups of application processes from accessing all data stored by other application processes, and groups of application processes.
Logo
1

Rule

Severity: Medium
Apple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data.
Logo
1

Rule

Severity: Medium
Apple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data.
Logo
3

Rule

Severity: Medium
Apple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.
Logo
2

Rule

Severity: Medium
Apple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data.
Logo
2

Rule

Severity: Medium
The container platform runtime must maintain separate execution domains for each container by assigning each container a separate address space.
Logo
2

Rule

Severity: Medium
The DBMS must maintain a separate execution domain for each executing process.
Logo
3

Rule

Severity: Medium
Google Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].
Logo
2

Rule

Severity: Medium
Trust must be established prior to enabling the loading of remote code in .Net 4.
Logo
2

Rule

Severity: Medium
Software utilizing .Net 4.0 must be identified and relevant access controls configured.
Logo
2

Rule

Severity: Medium
The Exchange email application must not share a partition with another application.
Logo
2

Rule

Severity: Medium
SQL Server must maintain a separate execution domain for each executing process.
Logo
2

Rule

Severity: Medium
SQL Server services must be configured to run under unique dedicated user accounts.
Logo
2

Rule

Severity: Medium
Rancher RKE2 runtime must maintain separate execution domains for each container by assigning each container a separate address space to prevent unauthorized and unintended information transfer via shared system resources.
Logo
3

Rule

Severity: Medium
Samsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes and groups of application processes from accessing all data stored by other application processes and groups of application processes.
Logo
2

Rule

Severity: Medium
The VMM must maintain a separate execution domain for each executing process.
Logo
2

Rule

Severity: Medium
The VMM must maintain a separate execution domain for each guest VM.
Logo
1

Rule

Severity: Medium
Apple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data.
Logo
1

Rule

Severity: Medium
Google Android 15 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].
Logo
1

Rule

Severity: Medium
CPU priority must be set appropriately on all containers.
Logo
1

Rule

Severity: Medium
Host IPC namespace must not be shared.
Logo
1

Rule

Severity: Medium
Apple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data.

Patternfly

PatternFly elements

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules