CMMC Requirement SC.L2-3.13.4 – Shared Resource Control: Prevent unauthorized and unintended information transfer via shared system resources.
Links to Publicly Available Resources
The following provides a sample mapping between the Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2 and AWS managed Config rules. Each Config rule applies to a specific AWS resource, and relates to one or more CMMC 2.0 Level 2 controls. A CMMC 2.0 Level 2 control can be related to multiple Config rules. This blog explores the sources of jitter that cripple distributed AI, why today’s network solutions fail to mitigate its impact, and how organizations can solve the problem—without expensive and disruptive infrastructure overhauls. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. This article describes technologies to minimize jitter and latencies caused by shared hardware resources. Section 6.4.2 Memory Management and Object Reuse explains how Microsoft Windows 10 builds this capability in. This is the Windows 11 Common Criteria Evaluation report. This policy describes the need to prevent unauthorized and unintended information transfer via shared system resource on NC information systems. See section SC-4 - Information in Shared Resources. This article describes UnixWare prevention of object reuse. It notes that the administrator need not do anything to enforce the secure reuse of system objects. This requirement is handled by the kernel automatically. This article provides the key differences between share and NTFS permissions.
The control of information in shared system resources (e.g., registers, cache memory, main memory, hard disks) is also commonly referred to as object reuse and residual information protection. This requirement prevents information produced by the actions of prior users or roles (or the actions of processes acting on behalf of prior users or roles) from being available to any current users or roles (or current processes acting on behalf of current users or roles) that obtain access to shared system resources after those resources have been released back to the system. This requirement also applies to encrypted representations of information. This requirement does not address information remnants, which refers to residual representation of data that has been nominally deleted; covert channels (including storage or timing channels) where shared resources are manipulated to violate information flow restrictions; or components within systems for which there are only single users or roles.
Further Discussion
No shared system resource, such as cache memory, hard disks, registers, or main memory may pass information from one user to another user. In other words, when objects are reused no residual information should exist on that object. This protects the confidentiality of the information. This is typically a feature provided by operating system and software vendors.