NIST 800-53 Rev 5
424 controls available
SC-39lowmoderatehigh
Process Isolation
System and Communications Protection
Control Statement
Maintain a separate execution domain for each executing system process.
Discussion
Systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. Process isolation technologies, including sandboxing or virtualization, logically separate software and firmware from other software, firmware, and data. Process isolation helps limit the access of potentially untrusted software to other system resources. The capability to maintain separate execution domains is available in commercial operating systems that employ multi-state processor technologies.
- Framework
- NIST SP 800-53 Rev 5
- Family
- System and Communications Protection
- Baselines
- low, moderate, high
Related Frameworks
1 path across 1 framework
Related Frameworks
CCI1 mapping
CCI-002530
1.00
- DISA · 2025-01-23 · disa_cci_list · equivalent
Related STIGs
39 STIGs reach this control through 4 CCIs. Expand a row to see the responsible NICE and O*NET roles.
Operating System — Mainframe
3 STIGs
Operating System — Mainframe
3 STIGsCA IDMS Security Technical Implementation Guide
V2R12024-09-133 of 74 findings match
M3
Mainframe Product Security Requirements Guide
32024-12-051 of 193 findings match
M1
Mainframe Product Security Requirements Guide
V3R42025-09-101 of 194 findings match
M1
Operating System — Mobile
14 STIGs
Operating System — Mobile
14 STIGsApple iOS/iPadOS 18 Security Technical Implementation Guide
12025-06-301 of 92 findings match
M1
Apple iOS/iPadOS 18 Security Technical Implementation Guide
V2R22025-12-011 of 92 findings match
M1
Apple iOS/iPadOS 26 Security Technical Implementation Guide
V1R22025-12-011 of 92 findings match
M1
Apple visionOS 2 Security Technical Implementation Guide
V1R12025-09-301 of 50 findings match
M1
Apple visionOS 26 Security Technical Implementation Guide
V1R12026-03-101 of 51 findings match
M1
Google Android 15 COPE Security Technical Implementation Guide
12024-12-051 of 39 findings match
M1
Google Android 15 COPE Security Technical Implementation Guide
V1R42026-02-121 of 47 findings match
M1
Google Android 16 COPE Security Technical Implementation Guide
V1R22026-02-121 of 45 findings match
M1
Show 6 more STIGs in this category →Hide additional STIGs
Honeywell Android 13 COPE Security Technical Implementation Guide
V1R12025-05-071 of 36 findings match
M1
Samsung Android 15 MDFPP 3.3 BYOAD Security Technical Implementation Guide
12025-04-291 of 26 findings match
M1
Samsung Android 16 COPE Security Technical Implementation Guide
V1R22026-02-111 of 48 findings match
M1
Samsung Android OS 15 with Knox 3.x COPE Security Technical Implementation Guide
12024-12-101 of 40 findings match
M1
Zebra Android 13 COBO Security Technical Implementation Guide
V1R12024-12-111 of 31 findings match
M1
Zebra Android 13 COPE Security Technical Implementation Guide
V1R12024-12-111 of 35 findings match
M1
Network Device
2 STIGs
Network Device
2 STIGsPalo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide
22024-12-061 of 31 findings match
M1
Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide
V2R32026-02-131 of 31 findings match
M1
Database
7 STIGs
Database
7 STIGsMicrosoft SQL Server 2022 Instance Security Technical Implementation Guide
12025-05-302 of 80 findings match
M2
Microsoft SQL Server 2022 Instance Security Technical Implementation Guide
V1R42026-02-252 of 79 findings match
M2
MS SQL Server 2016 Instance Security Technical Implementation Guide
32025-06-112 of 101 findings match
M2
MS SQL Server 2016 Instance Security Technical Implementation Guide
V3R62025-12-082 of 84 findings match
M2
Database Security Requirements Guide
42024-12-041 of 142 findings match
M1
Database Security Requirements Guide
V4R52026-02-261 of 142 findings match
M1
Microsoft Azure SQL Managed Instance Security Technical Implementation Guide
V1R12025-10-071 of 84 findings match
M1
Web / Application Server
6 STIGs
Web / Application Server
6 STIGsApplication Security and Development Security Technical Implementation Guide
62025-02-121 of 286 findings match
M1
Application Security and Development Security Technical Implementation Guide
V6R42025-09-091 of 286 findings match
M1
Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide
V2R62024-12-061 of 68 findings match
M1
Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide
V2R62023-12-181 of 64 findings match
M1
Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide
V2R22024-12-061 of 68 findings match
M1
Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide
V2R32025-05-141 of 66 findings match
M1
Virtualization / Container
4 STIGs
Virtualization / Container
4 STIGsVirtual Machine Manager Security Requirements Guide
22024-12-062 of 193 findings match
M2
Virtual Machine Manager Security Requirements Guide
V2R32025-09-102 of 198 findings match
M2
Container Platform Security Requirements Guide
22025-05-151 of 187 findings match
M1
Container Platform Security Requirements Guide
V2R42025-09-101 of 188 findings match
M1
Productivity Application
3 STIGs
Productivity Application
3 STIGsAdobe Acrobat Professional DC Continuous Track Security Technical Implementation Guide
V2R12021-06-222 of 23 findings match
M2
Microsoft DotNet Framework 4.0 Security Technical Implementation Guide
22025-05-162 of 16 findings match
M2
Microsoft DotNet Framework 4.0 Security Technical Implementation Guide
V2R82026-02-122 of 16 findings match
M2