When using a software-based isolation mechanism to share a physical server’s hardware, patches, updates or vendor mitigations for vulnerabilities are applied to the isolation mechanism and underlying operating system in a timely manner.
Topic
Functional separation between computing environments
Applicable to
all
History
Sep 2023
When using a software-based isolation mechanism to share a physical server’s hardware, patches, updates or vendor mitigations for vulnerabilities are applied to the isolation mechanism and underlying operating system in a timely manner.
References to ‘security vulnerabilities’ were replaced with ‘vulnerabilities’.
Mar 2022
When using a software-based isolation mechanism to share a physical server’s hardware, patches, updates or vendor mitigations for security vulnerabilities are applied to the isolation mechanism and underlying operating system in a timely manner.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Aug 2020
When using a software-based isolation mechanism to share a physical server’s hardware, patches are applied to the isolation mechanism and underlying operating system in a timely manner.
Security control 1460 was split into 5 different security controls (i.e. 1460, 1604 1605, 1606 and 1607) to allow for sufficient focus on each aspect of hardening software-based isolation mechanisms.