Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
FedRAMP_High_R4 |
SC-2 |
FedRAMP_High_R4_SC-2 |
FedRAMP High SC-2 |
System And Communications Protection |
Application Partitioning |
Shared |
n/a |
The information system separates user functionality (including user interface services) from information system management functionality.
Supplemental Guidance: Information system management functionality includes, for example, functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from information system management functionality is either physical or logical. Organizations implement separation of system management-related functionality from user functionality by using different computers, different central processing units, different instances of operating systems, different network addresses, virtualization techniques, or combinations of these or other methods, as appropriate. This type of separation includes, for example, web administrative interfaces that use separate authentication methods for users of any other information system resources. Separation of system and user functionality may include isolating administrative interfaces on different domains and with additional access controls. Related controls: SA-4, SA-8, SC-3.
References: None. |
link |
3 |
FedRAMP_Moderate_R4 |
SC-2 |
FedRAMP_Moderate_R4_SC-2 |
FedRAMP Moderate SC-2 |
System And Communications Protection |
Application Partitioning |
Shared |
n/a |
The information system separates user functionality (including user interface services) from information system management functionality.
Supplemental Guidance: Information system management functionality includes, for example, functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from information system management functionality is either physical or logical. Organizations implement separation of system management-related functionality from user functionality by using different computers, different central processing units, different instances of operating systems, different network addresses, virtualization techniques, or combinations of these or other methods, as appropriate. This type of separation includes, for example, web administrative interfaces that use separate authentication methods for users of any other information system resources. Separation of system and user functionality may include isolating administrative interfaces on different domains and with additional access controls. Related controls: SA-4, SA-8, SC-3.
References: None. |
link |
3 |
hipaa |
0208.09j2Organizational.7-09.j |
hipaa-0208.09j2Organizational.7-09.j |
0208.09j2Organizational.7-09.j |
02 Endpoint Protection |
0208.09j2Organizational.7-09.j 09.04 Protection Against Malicious and Mobile Code |
Shared |
n/a |
User functionality (including user interface services [e.g., web services]) is separated from information system management (e.g., database management systems) functionality. |
|
4 |
hipaa |
0817.01w2System.123-01.w |
hipaa-0817.01w2System.123-01.w |
0817.01w2System.123-01.w |
08 Network Protection |
0817.01w2System.123-01.w 01.06 Application and Information Access Control |
Shared |
n/a |
Unless the risk is identified and accepted by the data owner, sensitive systems are isolated (physically or logically) from non-sensitive applications/systems. |
|
13 |
hipaa |
1785.10a1Organizational.8-10.a |
hipaa-1785.10a1Organizational.8-10.a |
1785.10a1Organizational.8-10.a |
17 Risk Management |
1785.10a1Organizational.8-10.a 10.01 Security Requirements of Information Systems |
Shared |
n/a |
Where additional functionality is supplied and causes a security risk, the functionality is disabled or mitigated through application of additional controls. |
|
5 |
ISO27001-2013 |
A.13.1.1 |
ISO27001-2013_A.13.1.1 |
ISO 27001:2013 A.13.1.1 |
Communications Security |
Network controls |
Shared |
n/a |
Networks shall be managed and controlled to protect information in systems and applications. |
link |
40 |
ISO27001-2013 |
A.13.1.3 |
ISO27001-2013_A.13.1.3 |
ISO 27001:2013 A.13.1.3 |
Communications Security |
Segregation of networks |
Shared |
n/a |
Groups of information services, users, and information systems shall be segregated on networks. |
link |
17 |
ISO27001-2013 |
A.14.1.3 |
ISO27001-2013_A.14.1.3 |
ISO 27001:2013 A.14.1.3 |
System Acquisition, Development And Maintenance |
Protecting application services transactions |
Shared |
n/a |
Information involved in application service transactions shall be protected to prevent incomplete transmission, mis-routing, unauthorized message alteration, unauthorized disclosure, unauthorized message duplication or replay. |
link |
29 |
NIST_SP_800-171_R2_3 |
.13.3 |
NIST_SP_800-171_R2_3.13.3 |
NIST SP 800-171 R2 3.13.3 |
System and Communications Protection |
Separate user functionality from system management functionality. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
System management functionality includes functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from system management functionality is physical or logical. Organizations can implement separation of system management functionality from user functionality by using different computers, different central processing units, different instances of operating systems, or different network addresses; virtualization techniques; or combinations of these or other methods, as appropriate. This type of separation includes web administrative interfaces that use separate authentication methods for users of any other system resources. Separation of system and user functionality may include isolating administrative interfaces on different domains and with additional access controls. |
link |
3 |
NIST_SP_800-53_R4 |
SC-2 |
NIST_SP_800-53_R4_SC-2 |
NIST SP 800-53 Rev. 4 SC-2 |
System And Communications Protection |
Application Partitioning |
Shared |
n/a |
The information system separates user functionality (including user interface services) from information system management functionality.
Supplemental Guidance: Information system management functionality includes, for example, functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from information system management functionality is either physical or logical. Organizations implement separation of system management-related functionality from user functionality by using different computers, different central processing units, different instances of operating systems, different network addresses, virtualization techniques, or combinations of these or other methods, as appropriate. This type of separation includes, for example, web administrative interfaces that use separate authentication methods for users of any other information system resources. Separation of system and user functionality may include isolating administrative interfaces on different domains and with additional access controls. Related controls: SA-4, SA-8, SC-3.
References: None. |
link |
3 |
NIST_SP_800-53_R5 |
SC-2 |
NIST_SP_800-53_R5_SC-2 |
NIST SP 800-53 Rev. 5 SC-2 |
System and Communications Protection |
Separation of System and User Functionality |
Shared |
n/a |
Separate user functionality, including user interface services, from system management functionality. |
link |
3 |