SC-39: Process Isolation
From NIST's SP800-53:
Maintain a separate execution domain for each executing system process.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| PR.PT-4 | Communications and control networks are protected |
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1003.002 | Security Account Manager | Credential Access |
| T1189 | Drive-by Compromise | Initial Access |
| T1003.001 | LSASS Memory | Credential Access |
| T1003.008 | /etc/passwd and /etc/shadow | Credential Access |
| T1211 | Exploitation for Defense Evasion | Defense Evasion |
| T1068 | Exploitation for Privilege Escalation | Privilege Escalation |
| T1003.007 | Proc Filesystem | Credential Access |
| T1203 | Exploitation for Client Execution | Execution |
| T1003 | OS Credential Dumping | Credential Access |
| T1556.001 | Domain Controller Authentication | Credential Access, Defense Evasion, Persistence |
| T1547.005 | Security Support Provider | Persistence, Privilege Escalation |
| T1556 | Modify Authentication Process | Credential Access, Defense Evasion, Persistence |
| T1003.005 | Cached Domain Credentials | Credential Access |
| T1547.008 | LSASS Driver | Persistence, Privilege Escalation |
| T1003.004 | LSA Secrets | Credential Access |
| T1212 | Exploitation for Credential Access | Credential Access |
| T1210 | Exploitation of Remote Services | Lateral Movement |
| T1003.006 | DCSync | Credential Access |
| T1003.003 | NTDS | Credential Access |
| T1611 | Escape to Host | Privilege Escalation |
| T1190 | Exploit Public-Facing Application | Initial Access |
| T1547.002 | Authentication Package | Persistence, Privilege Escalation |