SC-02 Application Partitioning
System and Communications Protection
Low Moderate High
Description
The information system separates user functionality (including user interface services) from information system management functionality.
Supplemental Guidance
The information system physically or logically separates user interface services (e.g., public web pages) from information storage and management services (e.g., database management). Separation may be accomplished through the use of different computers, different central processing units, different instances of the operating system, different network addresses, combinations of these methods, or other methods as appropriate.
Enhancements
(0) None.
MITRE ATT&CK Techniques (8)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.
Initial Access 2 Execution 1 Privilege Escalation 2 Defense Evasion 1 Credential Access 1 Lateral Movement 1
Initial Access
Execution
Privilege Escalation
Defense Evasion
Credential Access
Lateral Movement
Compliance Mappings
ANSSI
Hygiene.23SecNumCloud.14.1
FINMA Circular 2023/1
IV.C(62)IV.C(63)
OSFI B-13
B-13.2.2B-13.3.2
EU GDPR
Art.32(1)(b)Art.5(1)(f)
EU DORA
Art.9(4)(a)
RBI CSF
Annex1.6
FISC Security Guidelines
FISC.T14FISC.T3
HKMA TM-E-1
TME1.7.3
NCA ECC
2-3
CBB TM
TM-8
Qatar NIA
CS
BoG CISD
CISD-VI
IOSCO Cyber Resilience
PROT-2
BCBS 239
Principle 2
CPMI-IOSCO PFMI
CG.PR
FFIEC IS
II.C.15(b)II.C.2
HIPAA Security Rule
ยง164.308(a)(4)(ii)(A)
ECB CROE
CROE.2.3.5
BOT Cyber Resilience
Ch2.4
CMMC 2.0
SC
FERC CIP Orders
Order 887
Solvency II
EIOPA-ICT-4.6
PRA SS1/23
P-IT.3
Basel SCO60
SCO60.64
SEC Custody (Digital Assets)
SEC-CD-04
ISO 17799 (legacy)
11.4.5
COBIT 4.1 (legacy)
AI2.4