NIST 800-53 SC-03 Mappings

Security functions are isolated from nonsecurity functions by means of an isolation boundary implemented within a system via partitions and domains. The isolation boundary controls access to and protects the integrity of the hardware, software, and firmware that perform system security functions. Systems implement code separation in many ways, such as through the provision of security kernels via processor rings or processor modes. For non-kernel code, security function isolation is often achieved through file system protections that protect the code on disk and address space protections that protect executing code. Systems can restrict access to security functions using access control mechanisms and by implementing least privilege capabilities. While the ideal is for all code within the defined security function isolation boundary to only contain security-relevant code, it is sometimes necessary to include nonsecurity functions as an exception. The isolation of security functions from nonsecurity functions can be achieved by applying the systems security engineering design principles in SA-08, including SA-08(01), SA-08(03), SA-08(04), SA-08(10), SA-08(12), SA-08(13), SA-08(14), and SA-08(18).

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SC-03 Security Function Isolation Protects T1021.003 Distributed Component Object Model
SC-03 Security Function Isolation Protects T1134.005 SID-History Injection
SC-03 Security Function Isolation Protects T1203 Exploitation for Client Execution
SC-03 Security Function Isolation Protects T1210 Exploitation of Remote Services
SC-03 Security Function Isolation Protects T1559 Inter-Process Communication
SC-03 Security Function Isolation Protects T1559.001 Component Object Model
SC-03 Security Function Isolation Protects T1559.002 Dynamic Data Exchange
SC-03 Security Function Isolation Protects T1602 Data from Configuration Repository
SC-03 Security Function Isolation Protects T1602.001 SNMP (MIB Dump)
SC-03 Security Function Isolation Protects T1602.002 Network Device Configuration Dump
SC-03 Security Function Isolation Protects T1211 Exploitation for Defense Evasion
SC-03 Security Function Isolation Protects T1190 Exploit Public-Facing Application
SC-03 Security Function Isolation Protects T1189 Drive-by Compromise
SC-03 Security Function Isolation Protects T1068 Exploitation for Privilege Escalation
SC-03 Security Function Isolation Protects T1003.001 LSASS Memory
SC-03 Security Function Isolation Protects T1047 Windows Management Instrumentation
SC-03 Security Function Isolation Protects T1611 Escape to Host
SC-03 Security Function Isolation Protects T1212 Exploitation for Credential Access