SI-7(11): Confined Environments With Limited Privileges

Control Family:

System And Information Integrity

Parent Control:

SI-7: Software, Firmware, And Information Integrity

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.DS-6
PR.DS-8

Threats Addressed:

Tampering
Elevation of Privilege

Baselines:

(Not part of any baseline)

Control is withdrawn in the next version of this control set and incorporated into: CM-7(6): Confined Environments with Limited Privileges.

Control Statement

The organization requires that [Assignment: organization-defined user-installed software] execute in a confined physical or virtual machine environment with limited privileges.

Supplemental Guidance

Organizations identify software that may be of greater concern with regard to origin or potential for containing malicious code. For this type of software, user installations occur in confined environments of operation to limit or contain damage from malicious code that may be executed.