[Withdrawn: Incorporated into CM-11 and SI-7.]
Employ [Selection (one or more): design; modification; augmentation; reconfiguration] on [Assignment: organization-defined systems or system components] supporting mission essential services or functions to increase the trustworthiness in those systems or components.
a. Develop, document, and disseminate to [Assignment: organization-defined personnel or roles]: 1. [Selection (one or more): Organization-level; Mission/business process-level; System-level] system and communications protection policy that: (a) Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (b) Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and 2. Procedures to facilitate the implementation of the system and communications protection policy and the associated system and communications protection controls; b. Designate an [Assignment: organization-defined official] to manage the development, documentation, and dissemination of the system and communications protection policy and procedures; and c. Review and update the current system and communications protection: 1. Policy [Assignment: organization-defined frequency] and following [Assignment: organization-defined events]; and 2. Procedures [Assignment: organization-defined frequency] and following [Assignment: organization-defined events].
Separate user functionality, including user interface services, from system management functionality.
Prevent the presentation of system management functionality at interfaces to non-privileged users.
Store state information from applications and software separately.
Isolate security functions from nonsecurity functions.
Employ hardware separation mechanisms to implement security function isolation.
Isolate security functions enforcing access and information flow control from nonsecurity functions and from other security functions.
Minimize the number of nonsecurity functions included within the isolation boundary containing security functions.
Passcode