AC-6(4): Separate Processing Domains

Control Family:

Access Control

Parent Control:

AC-6: Least Privilege

CSF v1.1 References:

PR.AC-4
PR.DS-5

Threats Addressed:

Elevation of Privilege

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
AC-6(4): Separate Processing Domains

Control Statement

Provide separate processing domains to enable finer-grained allocation of user privileges.

Supplemental Guidance

Providing separate processing domains for finer-grained allocation of user privileges includes using virtualization techniques to permit additional user privileges within a virtual machine while restricting privileges to other virtual machines or to the underlying physical machine, implementing separate physical domains, and employing hardware or software domain separation mechanisms.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5