>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SC-4Information in Shared System Resources

Moderate
High

>Control Description

Prevent unauthorized and unintended information transfer via shared system resources.

>FedRAMP Baseline Requirements

No FedRAMP-specific parameter values or requirements for this baseline.

>Discussion

Preventing unauthorized and unintended information transfer via shared system resources stops information produced by the actions of prior users or roles (or the actions of processes acting on behalf of prior users or roles) from being available to current users or roles (or current processes acting on behalf of current users or roles) that obtain access to shared system resources after those resources have been released back to the system. Information in shared system resources also applies to encrypted representations of information. In other contexts, control of information in shared system resources is referred to as object reuse and residual information protection.

Information in shared system resources does not address information remanence, which refers to the residual representation of data that has been nominally deleted; covert channels (including storage and timing channels), where shared system resources are manipulated to violate information flow restrictions; or components within systems for which there are only single users or roles.

>Cross-Framework Mappings

SCF

SEA-05
Compare

>Programmatic Queries

Beta

Related Services

EC2 Nitro
Lambda
ECS Fargate

CLI Commands

Check Nitro instance types
aws ec2 describe-instances --query 'Reservations[*].Instances[*].{Id:InstanceId,Type:InstanceType,Hypervisor:Hypervisor}'
List dedicated instances
aws ec2 describe-instances --filters 'Name=tenancy,Values=dedicated' --query 'Reservations[*].Instances[*].InstanceId'
Check ECS Fargate tasks
aws ecs list-tasks --cluster CLUSTER --launch-type FARGATE
Verify Lambda isolation
aws lambda list-functions --query 'Functions[*].{Name:FunctionName,Runtime:Runtime,MemorySize:MemorySize}'
Open AWS ConsoleDocumentation

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the implementation of information in shared system resources?
  • How are system and communications protection requirements defined and maintained?
  • Who is responsible for configuring and maintaining the security controls specified in SC-4?
  • What is your cryptographic key management policy?

Technical Implementation:

  • How is information in shared system resources technically implemented in your environment?
  • What systems, tools, or configurations enforce this protection requirement?
  • How do you ensure that information in shared system resources remains effective as the system evolves?
  • What encryption mechanisms and algorithms are used to protect data?

Evidence & Documentation:

  • What documentation demonstrates the implementation of SC-4?
  • Can you provide configuration evidence or system diagrams showing this protection control?
  • What logs or monitoring data verify that this control is functioning correctly?
  • Can you demonstrate that FIPS 140-2 validated cryptography is used?

Ask AI

Configure your API key to use AI features.