>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-16Memory Protection

Moderate
High

>Control Description

Implement the following controls to protect the system memory from unauthorized code execution: organization-defined controls.

>FedRAMP Baseline Requirements

No FedRAMP-specific parameter values or requirements for this baseline.

>Discussion

Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Controls employed to protect memory include data execution prevention and address space layout randomization. Data execution prevention controls can either be hardware-enforced or software-enforced with hardware enforcement providing the greater strength of mechanism.

>Cross-Framework Mappings

SCF

SEA-10
Compare

>Programmatic Queries

Beta

Related Services

EC2 Nitro
Lambda
ECS

CLI Commands

Check Nitro Enclave support
aws ec2 describe-instances --query 'Reservations[*].Instances[*].{Id:InstanceId,EnclaveOptions:EnclaveOptions.Enabled}'
List instances with EBS encryption
aws ec2 describe-instances --query 'Reservations[*].Instances[*].{Id:InstanceId,Encrypted:BlockDeviceMappings[*].Ebs.Encrypted}'
Check Lambda memory config
aws lambda list-functions --query 'Functions[*].{Name:FunctionName,Memory:MemorySize,Architecture:Architectures}'
Verify EC2 instance types (for memory isolation)
aws ec2 describe-instance-types --instance-types INSTANCE_TYPE --query 'InstanceTypes[*].{Type:InstanceType,Hypervisor:Hypervisor,Nitro:NitroEnclavesSupport}'
Open AWS ConsoleDocumentation

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern memory protection?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?

Technical Implementation:

  • What technical controls detect and respond to memory protection issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-16 is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?

Ask AI

Configure your API key to use AI features.