SC-3 SECURITY FUNCTION ISOLATION
Page last updated:
This requirement is not in scope for systems operating at the FISMA Moderate level.
However, PCF PAS is compliant with the intent of these requirements.
PCF PAS implements best practice recommendations to ensure that applications hosted on the platform are isolated from privileged security functions. The PAS Diego container runtime uses isolation constructs such as user namespaces, overlay filesystems, container network configurations, CPU cgroups, Ubuntu AppArmor profiles, and seccomp kernel restrictions to ensure that unprivileged applications may not adversely impact the platform’s core security functions.
The information system isolates security functions from nonsecurity functions.
The information system isolates security functions from nonsecurity functions by means of an isolation boundary (implemented via partitions and domains). Such isolation controls access to and protects the integrity of the hardware, software, and firmware that perform those security functions. Information systems implement code separation (i.e., separation of security functions from nonsecurity functions) in a number of ways, including, for example, through the provision of security kernels via processor rings or processor modes. For non-kernel code, security function isolation is often achieved through file system protections that serve to protect the code on disk, and address space protections that protect executing code. Information systems restrict access to security functions through the use of access control mechanisms and by implementing least privilege capabilities. While the ideal is for all of the code within the security function isolation boundary to only contain security-relevant code, it is sometimes necessary to include nonsecurity functions within the isolation boundary as an exception.