NIST 800-53 SC-39 Mappings

Systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. Process isolation technologies, including sandboxing or virtualization, logically separate software and firmware from other software, firmware, and data. Process isolation helps limit the access of potentially untrusted software to other system resources. The capability to maintain separate execution domains is available in commercial operating systems that employ multi-state processor technologies.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SC-39 Process Isolation Protects T1003 OS Credential Dumping
SC-39 Process Isolation Protects T1003.003 NTDS
SC-39 Process Isolation Protects T1003.004 LSA Secrets
SC-39 Process Isolation Protects T1003.005 Cached Domain Credentials
SC-39 Process Isolation Protects T1003.006 DCSync
SC-39 Process Isolation Protects T1003.008 /etc/passwd and /etc/shadow
SC-39 Process Isolation Protects T1203 Exploitation for Client Execution
SC-39 Process Isolation Protects T1210 Exploitation of Remote Services
SC-39 Process Isolation Protects T1547.002 Authentication Package
SC-39 Process Isolation Protects T1547.005 Security Support Provider
SC-39 Process Isolation Protects T1547.008 LSASS Driver
SC-39 Process Isolation Protects T1556.001 Domain Controller Authentication
SC-39 Process Isolation Protects T1211 Exploitation for Defense Evasion
SC-39 Process Isolation Protects T1190 Exploit Public-Facing Application
SC-39 Process Isolation Protects T1189 Drive-by Compromise
SC-39 Process Isolation Protects T1068 Exploitation for Privilege Escalation
SC-39 Process Isolation Protects T1003.001 LSASS Memory
SC-39 Process Isolation Protects T1003.002 Security Account Manager
SC-39 Process Isolation Protects T1611 Escape to Host
SC-39 Process Isolation Protects T1556 Modify Authentication Process
SC-39 Process Isolation Protects T1212 Exploitation for Credential Access
SC-39 Process Isolation Protects T1003.007 Proc Filesystem