home || catalog: SP800-53rev3 / class: Technical / family: (SC) System and Communications Protection ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
RA
SA
SC

SC-01
SC-02
SC-03 *
SC-04
SC-05
SC-06
SC-07
SC-08
SC-09
SC-10
SC-11
SC-12
SC-13
SC-14
SC-15
SC-16
SC-17
SC-18
SC-19
SC-20
SC-21
SC-22
SC-23
SC-24
SC-25
SC-26
SC-27
SC-28
SC-29
SC-30
SC-31
SC-32
SC-33

SI
MMMMM

  SC-03: Security Function Isolation  

base control objective:
The information system isolates security functions from nonsecurity functions.

supplemental objective information:
The information system isolates security functions from nonsecurity functions by means of an isolation boundary (implemented via partitions and domains) that controls access to and protects the integrity of, the hardware, software, and firmware that perform those security functions. The information system maintains a separate execution domain (e.g., address space) for each executing process.

enhancements to the base objective:

(1) The information system implements underlying hardware separation mechanisms to facilitate security function isolation.

(2) The information system isolates security functions enforcing access and information flow control from both nonsecurity functions and from other security functions.

(3) The organization implements an information system isolation boundary to minimize the number of nonsecurity functions included within the boundary containing security functions.
Enhancement Supplemental Guidance: Nonsecurity functions contained within the isolation boundary are considered security relevant.

(4) The organization implements security functions as largely independent modules that avoid unnecessary interactions between modules.

(5) The organization implements security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.

mapping to FIPS199 baseline:

  LOW: null     MOD: null     HIGH: base  

related (regimented) controls:

SA-13   Trustworthiness

documents referenced in SP800-53rev3 for SC-03:

Document Date Status Title
NIST SP800-81 August, 2010 current   Secure Domain Name System (DNS) Deployment Guide

Search SP800-53rev3 catalog: