id: os_application_sandboxing
title: "Ensure Seperate Execution Domain for Processes"
discussion: |
  The inherent configuration of the macOS _IS_ in compliance as Apple has implemented multiple features Mandatory access controls (MAC), System Integrity Protection (SIP), and application sandboxing.

  link:https://support.apple.com/guide/security/system-integrity-protection-secb7ea06b49/web[]

  link:https://developer.apple.com/library/archive/documentation/Security/Conceptual/AppSandboxDesignGuide/AboutAppSandbox/AboutAppSandbox.html[]
check: |
  The technology supports this requirement and cannot be configured to be out of compliance. The technology inherently meets this requirement.
fix: |
  The technology inherently meets this requirement. No fix is required.
references:
  cce:
    - CCE-92760-8
  800-53r5:
    - SC-39
  800-53r4:
    - N/A
  disa_stig:
    - N/A
  srg:
    - N/A
macOS:
  - "14.0"
tags:
  - inherent
  - 800-53r5_low
  - 800-53r5_moderate
  - 800-53r5_high
  - cnssi-1253_moderate
  - cnssi-1253_low
  - cnssi-1253_high
mobileconfig: false
mobileconfig_info: