DCSP-1 Security Support Structure Partitioning
Overview
The security support structure is isolated by means of partitions, domains, etc., including control of access to, and integrity of, hardware, software, and firmware that perform security functions. The security support structure maintains separate execution domains (e.g., address spaces) for each executing process.
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| MACI MACII | Medium | Security Design and Configuration |
Details
| Threat |
|---|
| The security support infrastructure of an information system, particularly in the form of an enclave or application suit isolated from the rest of the system, performs essential functions in guarding the confidentiality, integrity, and availability of the system. Â For this reason, the system is subject to compromise if the security support infrastructure is not appropriately isolated from the rest of the system and access granted only to appropriately authorized administrator personnel. |
| Guidance |
|---|
| 1. Review the system architecture documentation or other relevant functional architecture. 2. Ensure that the security support structure is isolated by means of partitions, domains, etc., including control of access to, and integrity of, hardware, software, and firmware that perform security functions. 3. Verify that the security support structure is maintaining a separate execution domain (e.g., address space) for each process that it is executing. |
References
- DISA Network Infrastructure STIG, Version 5, Release 2, 29 September 2003
- DISA Web Server STIG, Version 5, 26 July 2004