The operating system must implement an information system isolation boundary to minimize the number of non-security functions included within the boundary containing security functions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-33116	SRG-OS-000136-NA	SV-43514r1_rule		Medium

Description
The operating system isolates security functions from non-security functions by means of an isolation boundary (implemented via partitions and domains) controlling access to and protecting the integrity of the hardware, software, and firmware that perform those security functions. The operating system maintains a separate execution domain (e.g., address space) for each executing process. Rationale for non-applicability: For the purposes of this IA control, a mobile OS is assumed to support a single user security domain.

Description

The operating system isolates security functions from non-security functions by means of an isolation boundary (implemented via partitions and domains) controlling access to and protecting the integrity of the hardware, software, and firmware that perform those security functions. The operating system maintains a separate execution domain (e.g., address space) for each executing process. Rationale for non-applicability: For the purposes of this IA control, a mobile OS is assumed to support a single user security domain.

STIG	Date
Mobile Operating System Security Requirements Guide	2013-07-03

Details

Check Text ( C-41375r1_chk )
This requirement is NA for the Mobile OS SRG.

Fix Text (F-37016r1_fix)
The requirement is NA. No fix is required.