💼 [ECS.3] ECS task definitions should not share the host's process namespace

ID: /frameworks/aws-fsbp-v1.0.0/ecs/03

Description

A process ID (PID) namespace provides separation between processes. It prevents system processes from being visible, and allows PIDs to be reused, including PID 1. If the host's PID namespace is shared with containers, it would allow containers to see all of the processes on the host system. This reduces the benefit of process level isolation between the host and the containers. These circumstances could lead to unauthorized access to processes on the host itself, including the ability to manipulate and terminate them. Customers shouldn't share the host's process namespace with containers running on it.

Similar

AWS Security Hub
- https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-3
Internal
- ID: dec-c-db1f78c5

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST SP 800-53 Revision 5 → 💼 CA-9(1) Internal System Connections _ Compliance Checks			39		no data
💼 NIST SP 800-53 Revision 5 → 💼 CM-2 Baseline Configuration	7		32		no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (1)

Policy	Logic Count	Flags	Compliance
🛡️ AWS ECS Task Definition shares the host's process namespace🟢	1	🟢 x6	no data

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Policies (1)​

Description

Similar

Similar Sections (Give Policies To)

Sub Sections

Policies (1)