AC-06(04) Separate Processing Domains
Provide separate processing domains to enable finer-grained allocation of user privileges.
Baselines
- L
- M
- H
- P
Guidance
Providing separate processing domains for finer-grained allocation of user privileges includes using virtualization techniques to permit additional user privileges within a virtual machine while restricting privileges to other virtual machines or to the underlying physical machine, implementing separate physical domains, and employing hardware or software domain separation mechanisms.
Related controls 6
- AC-04 Information Flow Enforcement L M H P
- SC-02 Separation of System and User Functionality L M H P
- SC-03 Security Function Isolation L M H P
- SC-30 Concealment and Misdirection L M H P
- SC-32 System Partitioning L M H P
- SC-39 Process Isolation L M H P