compliance controls are associated with this Policy definition 'Use dedicated machines for administrative tasks' (b8972f60-8d77-1cb8-686f-9c9f4cdd8a59)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
SC-2 |
FedRAMP_High_R4_SC-2 |
FedRAMP High SC-2 |
System And Communications Protection |
Application Partitioning |
Shared |
n/a |
The information system separates user functionality (including user interface services) from information system management functionality.
Supplemental Guidance: Information system management functionality includes, for example, functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from information system management functionality is either physical or logical. Organizations implement separation of system management-related functionality from user functionality by using different computers, different central processing units, different instances of operating systems, different network addresses, virtualization techniques, or combinations of these or other methods, as appropriate. This type of separation includes, for example, web administrative interfaces that use separate authentication methods for users of any other information system resources. Separation of system and user functionality may include isolating administrative interfaces on different domains and with additional access controls. Related controls: SA-4, SA-8, SC-3.
References: None. |
link |
3 |
| FedRAMP_Moderate_R4 |
SC-2 |
FedRAMP_Moderate_R4_SC-2 |
FedRAMP Moderate SC-2 |
System And Communications Protection |
Application Partitioning |
Shared |
n/a |
The information system separates user functionality (including user interface services) from information system management functionality.
Supplemental Guidance: Information system management functionality includes, for example, functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from information system management functionality is either physical or logical. Organizations implement separation of system management-related functionality from user functionality by using different computers, different central processing units, different instances of operating systems, different network addresses, virtualization techniques, or combinations of these or other methods, as appropriate. This type of separation includes, for example, web administrative interfaces that use separate authentication methods for users of any other information system resources. Separation of system and user functionality may include isolating administrative interfaces on different domains and with additional access controls. Related controls: SA-4, SA-8, SC-3.
References: None. |
link |
3 |
| hipaa |
0208.09j2Organizational.7-09.j |
hipaa-0208.09j2Organizational.7-09.j |
0208.09j2Organizational.7-09.j |
02 Endpoint Protection |
0208.09j2Organizational.7-09.j 09.04 Protection Against Malicious and Mobile Code |
Shared |
n/a |
User functionality (including user interface services [e.g., web services]) is separated from information system management (e.g., database management systems) functionality. |
|
4 |
| hipaa |
0817.01w2System.123-01.w |
hipaa-0817.01w2System.123-01.w |
0817.01w2System.123-01.w |
08 Network Protection |
0817.01w2System.123-01.w 01.06 Application and Information Access Control |
Shared |
n/a |
Unless the risk is identified and accepted by the data owner, sensitive systems are isolated (physically or logically) from non-sensitive applications/systems. |
|
13 |
| hipaa |
1785.10a1Organizational.8-10.a |
hipaa-1785.10a1Organizational.8-10.a |
1785.10a1Organizational.8-10.a |
17 Risk Management |
1785.10a1Organizational.8-10.a 10.01 Security Requirements of Information Systems |
Shared |
n/a |
Where additional functionality is supplied and causes a security risk, the functionality is disabled or mitigated through application of additional controls. |
|
5 |
| ISO27001-2013 |
A.13.1.1 |
ISO27001-2013_A.13.1.1 |
ISO 27001:2013 A.13.1.1 |
Communications Security |
Network controls |
Shared |
n/a |
Networks shall be managed and controlled to protect information in systems and applications. |
link |
40 |
| ISO27001-2013 |
A.13.1.3 |
ISO27001-2013_A.13.1.3 |
ISO 27001:2013 A.13.1.3 |
Communications Security |
Segregation of networks |
Shared |
n/a |
Groups of information services, users, and information systems shall be segregated on networks. |
link |
17 |
| ISO27001-2013 |
A.14.1.3 |
ISO27001-2013_A.14.1.3 |
ISO 27001:2013 A.14.1.3 |
System Acquisition, Development And Maintenance |
Protecting application services transactions |
Shared |
n/a |
Information involved in application service transactions shall be protected to prevent incomplete transmission, mis-routing, unauthorized message alteration, unauthorized disclosure, unauthorized message duplication or replay. |
link |
29 |
|
mp.com.2 Protection of confidentiality |
mp.com.2 Protection of confidentiality |
404 not found |
|
|
|
n/a |
n/a |
|
55 |
|
mp.com.3 Protection of integrity and authenticity |
mp.com.3 Protection of integrity and authenticity |
404 not found |
|
|
|
n/a |
n/a |
|
62 |
|
mp.com.4 Separation of information flows on the network |
mp.com.4 Separation of information flows on the network |
404 not found |
|
|
|
n/a |
n/a |
|
51 |
|
mp.info.3 Electronic signature |
mp.info.3 Electronic signature |
404 not found |
|
|
|
n/a |
n/a |
|
40 |
|
mp.info.4 Time stamps |
mp.info.4 Time stamps |
404 not found |
|
|
|
n/a |
n/a |
|
33 |
|
mp.s.2 Protection of web services and applications |
mp.s.2 Protection of web services and applications |
404 not found |
|
|
|
n/a |
n/a |
|
102 |
| NIST_SP_800-171_R2_3 |
.13.3 |
NIST_SP_800-171_R2_3.13.3 |
NIST SP 800-171 R2 3.13.3 |
System and Communications Protection |
Separate user functionality from system management functionality. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
System management functionality includes functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from system management functionality is physical or logical. Organizations can implement separation of system management functionality from user functionality by using different computers, different central processing units, different instances of operating systems, or different network addresses; virtualization techniques; or combinations of these or other methods, as appropriate. This type of separation includes web administrative interfaces that use separate authentication methods for users of any other system resources. Separation of system and user functionality may include isolating administrative interfaces on different domains and with additional access controls. |
link |
3 |
| NIST_SP_800-53_R4 |
SC-2 |
NIST_SP_800-53_R4_SC-2 |
NIST SP 800-53 Rev. 4 SC-2 |
System And Communications Protection |
Application Partitioning |
Shared |
n/a |
The information system separates user functionality (including user interface services) from information system management functionality.
Supplemental Guidance: Information system management functionality includes, for example, functions necessary to administer databases, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from information system management functionality is either physical or logical. Organizations implement separation of system management-related functionality from user functionality by using different computers, different central processing units, different instances of operating systems, different network addresses, virtualization techniques, or combinations of these or other methods, as appropriate. This type of separation includes, for example, web administrative interfaces that use separate authentication methods for users of any other information system resources. Separation of system and user functionality may include isolating administrative interfaces on different domains and with additional access controls. Related controls: SA-4, SA-8, SC-3.
References: None. |
link |
3 |
| NIST_SP_800-53_R5 |
SC-2 |
NIST_SP_800-53_R5_SC-2 |
NIST SP 800-53 Rev. 5 SC-2 |
System and Communications Protection |
Separation of System and User Functionality |
Shared |
n/a |
Separate user functionality, including user interface services, from system management functionality. |
link |
3 |
|
op.acc.6 Authentication mechanism (organization users) |
op.acc.6 Authentication mechanism (organization users) |
404 not found |
|
|
|
n/a |
n/a |
|
78 |
|
op.exp.2 Security configuration |
op.exp.2 Security configuration |
404 not found |
|
|
|
n/a |
n/a |
|
112 |
|
op.exp.3 Security configuration management |
op.exp.3 Security configuration management |
404 not found |
|
|
|
n/a |
n/a |
|
123 |
|
op.ext.4 Interconnection of systems |
op.ext.4 Interconnection of systems |
404 not found |
|
|
|
n/a |
n/a |
|
68 |
|
op.pl.2 Security Architecture |
op.pl.2 Security Architecture |
404 not found |
|
|
|
n/a |
n/a |
|
65 |
|
op.pl.3 Acquisition of new components |
op.pl.3 Acquisition of new components |
404 not found |
|
|
|
n/a |
n/a |
|
61 |
|
org.4 Authorization process |
org.4 Authorization process |
404 not found |
|
|
|
n/a |
n/a |
|
127 |