Check: SRG-APP-000238-MAPP-NA
Mobile Application SRG:
SRG-APP-000238-MAPP-NA
(in version v1 r1)
Title
Applications must meet organizational requirements to implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers (Cat II impact)
Discussion
The information system isolates security functions from non-security functions by means of an isolation boundary (implemented via partitions and domains) controlling access to and protecting the integrity of, the hardware, software, and firmware that perform those security functions. The information system maintains a separate execution domain (e.g., address space) for each executing process. Rationale for non-applicability: The mobile application exists at the highest security layer of the mobile device architecture. Therefore, it cannot depend on the functionality or correctness of higher layers.
Check Content
This requirement is NA for the MAPP SRG.
Fix Text
The requirement is NA. No fix is required.
Additional Identifiers
Rule ID: SV-46916r1_rule
Vulnerability ID: V-35629
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001089 |
The organization implements security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers. |
Controls
Number | Title |
---|---|
SC-3 (5) |
Layered Structures |