← Controls / SC

SC-39 Process Isolation

System and Communications Protection

Low Moderate High

Description

Maintain a separate execution domain for each executing system process.

Supplemental Guidance

Systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces.

Changes from Rev 4

No significant changes from Rev 4.

MITRE ATT&CK Techniques (22)

ATT&CK v16.1

Techniques mitigated by this control, mapped via CTID.

Initial Access 2 Execution 1 Persistence 5 Privilege Escalation 5 Defense Evasion 3 Credential Access 12 Lateral Movement 1

Compliance Mappings

NIST CSF 2.0

PR.DS-10

RBI CSF

Annex1.4

FISC Security Guidelines

FISC.T14

HKMA TM-E-1

TME1.7.3

EU CRA

CRA.I.2k

SWIFT CSCF

SWIFT.1.3

CBB TM

TM-8

Qatar NIA

CS

CBUAE

CR-7

CBE CSF

CTO-6

SA JS2

JS2-7.2

CBN CSF

Part3.3

BoG CISD

CISD-VI

BoM CTRM

3.2

IOSCO Cyber Resilience

PROT-2

CPMI-IOSCO PFMI

CG.PR

FFIEC IS

II.C.15(a)II.C.2

ECB CROE

CROE.2.3.5

SEBI CSCRF

PR.NS

BOT Cyber Resilience

Ch2.4

CMMC 2.0

SC

FERC CIP Orders

Order 887

FIPS 140-3

FIPS 140-3 ยง7.6

NHS DSPT

NDG-9.2