UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application must maintain a separate execution domain for each executing process.


Overview

Finding ID Version Rule ID IA Controls Severity
V-70233 APSC-DV-002370 SV-84855r1_rule Medium
Description
Applications can maintain separate execution domains for each executing process by assigning each process a separate address space. Each process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. An example is a web browser with process isolation that provides tabs that are separate processes using separate address spaces to prevent one tab crashing the entire browser.
STIG Date
Application Security and Development Security Technical Implementation Guide 2017-03-20

Details

Check Text ( C-70709r1_chk )
Review the application documentation, the architecture documentation and interview the application administrator.

Identify if the application architecture provides the capability to sandbox executing processes so as to prevent a process in one application domain from sharing another application domain.

Ask the application administrator to demonstrate how the application processes are separated. This may be demonstrated by examining the OS processes running on the system and identifying the separate application processes.

If the application does not maintain a separate execution domain for each executing process, this is a finding.
Fix Text (F-76469r1_fix)
Design and configure applications to maintain a separate execution domain for each executing process.