← Back to catalog
SI-16

Memory Protection

System and Information Integrity (SI)
Baselines
Low · Not includedModerate · IncludedHigh · Included
Description

Implement the following controls to protect the system memory from unauthorized code execution: [assignment].

Discussion

Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Controls employed to protect memory include data execution prevention and address space layout randomization. Data execution prevention controls can either be hardware-enforced or software-enforced with hardware enforcement providing the greater strength of mechanism.

Implementation guidance

No content available.

CSF 2.0 crosswalk
PR.DS-10Protect