STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 4 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-39 — Process Isolation

CCI-002530

Definition

Maintain a separate execution domain for each executing system process.

Parent Control

SC-39Process IsolationSystem and Communications Protection

Linked STIG Checks (56)

V-213117CAT IIAdobe Acrobat Pro DC Continuous Enhanced Security for standalone mode must be enabled.Adobe Acrobat Professional DC Continuous Track Security Technical Implementation Guide V-213118CAT IIAdobe Acrobat Pro DC Continuous Enhanced Security for browser mode must be enabled.Adobe Acrobat Professional DC Continuous Track Security Technical Implementation Guide V-213127CAT IIAdobe Acrobat Pro DC Continuous Protected Mode must be enabled.Adobe Acrobat Professional DC Continuous Track Security Technical Implementation Guide V-213128CAT IIAdobe Acrobat Pro DC Continuous Protected View must be enabled.Adobe Acrobat Professional DC Continuous Track Security Technical Implementation Guide V-254601CAT IIApple iOS/iPadOS 16 must not allow non-DoD applications to access DoD data.Apple iOS-iPadOS 16 Security Technical Implementation Guide V-250942CAT IIApple iOS/iPadOS 15 must not allow non-DoD applications to access DoD data.Apple iOS/iPadOS 15 Security Technical Implementation Guide V-257118CAT IIApple iOS/iPadOS 16 must not allow non-DOD applications to access DOD data.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-257134CAT IIApple iOS/iPadOS 16 must not allow DOD applications to access non-DOD data.Apple iOS/iPadOS 16 BYOAD Security Technical Implementation Guide V-259775CAT IIApple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.Apple iOS/iPadOS 17 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-259794CAT IIApple iOS/iPadOS 17 must not allow DOD applications to access non-DOD data.Apple iOS/iPadOS 17 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-258333CAT IIApple iOS/iPadOS 17 must not allow non-DOD applications to access DOD data.Apple iOS/iPadOS 17 Security Technical Implementation Guide V-268017CAT IIApple iOS/iPadOS 18 must not allow non-DOD applications to access DOD data.Apple iOS/iPadOS 18 Security Technical Implementation Guide V-278777CAT IIApple iOS/iPadOS 26 must not allow non-DOD applications to access DOD data.Apple iOS/iPadOS 26 Security Technical Implementation Guide V-276388CAT IIApple visionOS 2 must not allow non-DOD applications to access DOD data.Apple visionOS 2 Security Technical Implementation Guide V-282797CAT IIApple visionOS 26 must not allow non-DOD applications to access DOD data.Apple visionOS 26 Security Technical Implementation Guide V-222591CAT IIThe application must maintain a separate execution domain for each executing process.Application Security and Development Security Technical Implementation Guide V-237340CAT IIThe ArcGIS Server must maintain a separate execution domain for each executing process.ArcGIS for Server 10.3 Security Technical Implementation Guide V-251642CAT IICA IDMS must protect the system code and storage from corruption by user programs.CA IDMS Security Technical Implementation Guide V-251643CAT IICA IDMS must protect system and user code and storage from corruption by user programs.CA IDMS Security Technical Implementation Guide V-251644CAT IICA IDMS must prevent user code from issuing selected SVC privileged functions.CA IDMS Security Technical Implementation Guide V-233221CAT IIThe container platform runtime must maintain separate execution domains for each container by assigning each container a separate address space.Container Platform Security Requirements Guide V-206606CAT IIThe DBMS must maintain a separate execution domain for each executing process.Database Security Requirements Guide V-258487CAT IIGoogle Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].Google Android 13 BYOAD Security Technical Implementation Guide V-258425CAT IIGoogle Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].Google Android 14 COPE Security Technical Implementation Guide V-260152CAT IIGoogle Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].Google Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-267543CAT IIGoogle Android 15 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].Google Android 15 COPE Security Technical Implementation Guide V-276868CAT IIGoogle Android 16 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].Google Android 16 COPE Security Technical Implementation Guide V-274404CAT IIHoneywell Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].Honeywell Android 13 COPE Security Technical Implementation Guide V-213991CAT IISQL Server must maintain a separate execution domain for each executing process.MS SQL Server 2016 Instance Security Technical Implementation Guide V-213992CAT IISQL Server services must be configured to run under unique dedicated user accounts.MS SQL Server 2016 Instance Security Technical Implementation Guide V-205586CAT IIThe Mainframe Product must maintain a separate execution domain for each executing process.Mainframe Product Security Requirements Guide V-276311CAT IIAzure SQL Managed Instance must maintain a separate execution domain for each executing process.Microsoft Azure SQL Managed Instance Security Technical Implementation Guide V-225233CAT IITrust must be established prior to enabling the loading of remote code in .Net 4.Microsoft DotNet Framework 4.0 Security Technical Implementation Guide V-225236CAT IISoftware utilizing .Net 4.0 must be identified and relevant access controls configured.Microsoft DotNet Framework 4.0 Security Technical Implementation Guide V-221257CAT IIExchange software must be installed on a separate partition from the OS.Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide V-228405CAT IIThe Exchange Email application must not share a partition with another application.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-259637CAT IIExchange software must be installed on a separate partition from the OS.Microsoft Exchange 2019 Edge Server Security Technical Implementation Guide V-259704CAT IIThe Exchange email application must not share a partition with another application.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-271358CAT IISQL Server services must be configured to run under unique dedicated user accounts.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-271359CAT IISQL Server must maintain a separate execution domain for each executing process.Microsoft SQL Server 2022 Instance Security Technical Implementation Guide V-260925CAT IICPU priority must be set appropriately on all containers.Mirantis Kubernetes Engine Security Technical Implementation Guide V-260935CAT IIHost IPC namespace must not be shared.Mirantis Kubernetes Engine Security Technical Implementation Guide V-272336CAT IIMotorola Solutions Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].Motorola Solutions Android 13 COPE Security Technical Implementation Guide V-253547CAT IIPrisma Cloud Compute must run within a defined/separate namespace (e.g., Twistlock).Palo Alto Networks Prisma Cloud Compute Security Technical Implementation Guide V-254570CAT IIRancher RKE2 runtime must maintain separate execution domains for each container by assigning each container a separate address space to prevent unauthorized and unintended information transfer via shared system resources.Rancher Government Solutions RKE2 Security Technical Implementation Guide V-260453CAT IISamsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes and groups of application processes from accessing all data stored by other application processes and groups of application processes.Samsung Android 14 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-272602CAT IISamsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes and groups of application processes from accessing all data stored by other application processes and groups of application processes.Samsung Android 15 MDFPP 3.3 BYOAD Security Technical Implementation Guide V-276646CAT IISamsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes and groups of application processes from accessing all data stored by other application processes and groups of application processes.Samsung Android 16 COPE Security Technical Implementation Guide V-255160CAT IISamsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes, and groups of application processes from accessing all data stored by other application processes, and groups of application processes.Samsung Android OS 13 with Knox 3.x COPE Security Technical Implementation Guide V-258686CAT IISamsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes and groups of application processes from accessing all data stored by other application processes and groups of application processes.Samsung Android OS 14 with Knox 3.x COPE Security Technical Implementation Guide V-269052CAT IISamsung Android's Work profile must be configured to disable exceptions to the access control policy that prevent application processes and groups of application processes from accessing all data stored by other application processes and groups of application processes.Samsung Android OS 15 with Knox 3.x COPE Security Technical Implementation Guide V-241167CAT IITrend Deep Security must maintain a separate execution domain for each executing process.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-207496CAT IIThe VMM must maintain a separate execution domain for each executing process.Virtual Machine Manager Security Requirements Guide V-207497CAT IIThe VMM must maintain a separate execution domain for each guest VM.Virtual Machine Manager Security Requirements Guide V-270150CAT IIZebra Android 13 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].Zebra Android 13 COPE Security Technical Implementation Guide V-283635CAT IIZebra Android 14 must be configured to disable exceptions to the access control policy that prevent [selection: application processes, groups of application processes] from accessing [selection: all, private] data stored by other [selection: application processes, groups of application processes].Zebra Technologies Android 14 COPE Security Technical Implementation Guide