The Mainframe Product must maintain a separate execution domain for each executing process.

From Mainframe Product Security Requirements Guide

Associated with: CCI-002530

SV-82961r1_rule The Mainframe Product must maintain a separate execution domain for each executing process.

Vulnerability discussion

Applications can maintain separate execution domains for each executing process by assigning each process a separate address space. Each process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces.An example is a web browser with process isolation that provides tabs that are separate processes using separate address spaces to prevent one tab crashing the entire browser.

Check content

If the Mainframe Product has no function or capability for multi-session operation, this is not applicable. If the Mainframe Product is not configured to uniquely define and engineer each session to execute independently of any other session, this is a finding.

Fix text

Configure the Mainframe Product to uniquely define and engineer each session to execute independently of any other session.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.