SI-7(13): Code Execution in Protected Environments

10 min readLast verified: February 2026By

SI-7(13) requires you to ensure software runs only in protected execution environments so unauthorized or untrusted code cannot execute on production systems. Operationally, you do this by enforcing strong workload isolation (sandboxing/containers/VMs), hardened runtime controls, and tightly governed deployment paths, then retaining evidence that enforcement is continuous and cannot be bypassed. 1

Key takeaways:

  • Treat SI-7(13) as a runtime control: it governs what executes, where it executes, and under what restrictions.
  • “Protected environment” must be engineered and enforced (policy alone fails audits); isolate, harden, and restrict privilege at execution time.
  • Your audit success depends on proof: architecture, configs, and logs that show untrusted code cannot run in production.

The si-7(13): code execution in protected environments requirement is one of the most practical integrity controls in NIST SP 800-53 because it forces a concrete answer to a hard question: “What stops arbitrary code from running in our environment?” You operationalize it by defining which execution environments are “protected,” then making those environments the only place code is allowed to run for in-scope workloads.

For a Compliance Officer, CCO, or GRC lead, the fastest path is to (1) set scope, (2) select enforceable technical guardrails, and (3) collect durable evidence that those guardrails work day-to-day. The control fails most often due to gaps between intent and enforcement: teams document “we use containers” but cannot show hardened runtime settings, cannot demonstrate isolation boundaries, or allow ad-hoc execution paths (debug pods, SSH into servers, privileged containers) that bypass protections.

This page gives requirement-level implementation guidance you can hand to engineering and still assess as a control owner. It also outlines what auditors typically test, what evidence to retain, and a practical execution plan you can run through your governance cadence. 1

Regulatory text

Excerpt (as provided): “NIST SP 800-53 control SI-7.13.” 2

Operator interpretation of the excerpt: SI-7(13) is the enhancement titled “Code Execution in Protected Environments.” You must ensure code executes only within environments that enforce protection boundaries (isolation, restrictions, and controls) appropriate to the system’s risk. The expectation is technical enforcement, not a statement of intent. 1

Plain-English interpretation (what the requirement means)

You need to prevent untrusted, unauthorized, or tampered code from executing in production by forcing execution into controlled “protected” runtimes. A protected runtime is one where:

  • The execution boundary is isolated (process, container, VM, enclave, or equivalent).
  • Privileges are minimized (no broad admin by default).
  • The runtime is constrained (allowed binaries, allowed syscalls/capabilities, restricted network/FS access).
  • Deployment is governed (only signed/approved artifacts run).
  • Attempts to bypass controls are detectable and investigated.

If your teams can “just run something” in production (SSH and run a script, kubectl exec into a pod and curl a binary, mount host paths from containers, run privileged containers), you likely have an SI-7(13) gap even if you have strong CI/CD. 1

Who it applies to (entity + operational context)

Typical entities:

  • Federal information systems.
  • Contractor systems handling federal data (including environments supporting federal contracts where NIST SP 800-53 is flowed down or used as the baseline). 1

Operational contexts where SI-7(13) matters most:

  • Production compute that runs business logic (VMs, Kubernetes, serverless, PaaS runtimes).
  • High-integrity workloads (identity, payment, safety, regulated data processing).
  • Shared platforms and multi-tenant services.
  • Build and release systems that can introduce code into runtime environments.

Scope decision you must document: which systems are “in scope” for protected execution (usually all production workloads handling sensitive data), and which runtime patterns are approved (Kubernetes with admission control, hardened VM images, managed serverless with tight IAM). 1

What you actually need to do (step-by-step)

Use this as a control implementation runbook. Keep it short enough that engineering will follow it, and strict enough that audit can test it.

1) Define “protected execution environment” for your org

Create a one-page standard that answers:

  • Approved runtime types (VM, container, serverless).
  • Minimum isolation requirements (no direct host execution for app code; no shared admin accounts).
  • Minimum runtime hardening requirements (what must be disabled, what must be enforced).
  • Approved break-glass paths and logging requirements.

Deliverable: Protected Execution Environment Standard mapped to SI-7(13). 1

2) Inventory execution paths into production

Document every way code can run:

  • CI/CD deployments
  • Interactive admin access (SSH/RDP)
  • Orchestration exec features (kubectl exec, SSM Run Command, etc.)
  • Scheduled tasks/cron
  • “One-off” runbooks and incident scripts

Goal: identify bypass routes where unreviewed code could run.

Deliverable: Production Code Execution Path Inventory owned by platform/security engineering with GRC oversight. 1

3) Pick enforcement points you can prove

Auditors test enforcement. Choose controls that produce config evidence and logs.

Common enforcement patterns:

  • Kubernetes: admission policies to block privileged containers, hostPath mounts, hostNetwork, unapproved images; restrict exec into pods; enforce namespace boundaries.
  • VM-based: immutable images, disable direct SSH for app operators, restrict script interpreters, allow only signed packages, enforce EDR allowlisting.
  • Serverless/PaaS: strict IAM so only CI/CD roles deploy; no runtime shell access; artifact signing where supported.

Deliverable: Control design that clearly states where enforcement occurs (platform gate, runtime policy, identity control) and what is blocked. 1

4) Implement minimum runtime protections (baseline)

Set a baseline aligned to your tech stack. Examples you can operationalize quickly:

  • No interactive shell to production workloads except break-glass with ticket approval.
  • No privileged container execution; no host namespace sharing.
  • Workloads run as non-root; file systems read-only where feasible.
  • Network egress restricted for workloads that do not require open outbound access.
  • CI/CD is the only normal deployment path; artifacts come from approved registries/repos.

Deliverable: Runtime Baseline Config (Kubernetes policies, VM hardening scripts, IAM policies). 1

5) Establish an exception process that doesn’t break the control

Exceptions are allowed in reality; uncontrolled exceptions fail audits.

Minimum requirements:

  • Time-bound exception with business justification.
  • Compensating controls (extra monitoring, restricted scope, dedicated environment).
  • Formal approval by risk owner.
  • Evidence trail (ticket + approval + expiration + validation that it was removed).

Deliverable: SI-7(13) Exception Register with periodic review. 1

6) Add monitoring that detects bypass attempts

Protected environments are incomplete without detection:

  • Alerts on interactive access in production.
  • Alerts on execution of new/unapproved binaries.
  • Alerts on privileged runtime settings (privileged containers, host mounts).
  • Logs retained and searchable for incident response.

Deliverable: Monitoring Use Cases + Log Retention Proof tied to protected execution objectives. 1

7) Prove it works with control testing

Run a repeatable test:

  • Attempt to deploy an unapproved image or unsigned artifact.
  • Attempt privileged container creation or host mount.
  • Attempt interactive execution path without break-glass.
  • Validate it is blocked and logged.

Deliverable: Quarterly (or release-cycle) SI-7(13) control test results plus remediation tracking. 1

Required evidence and artifacts to retain

Auditors want durable proof, not screenshots without context. Retain:

Governance

  • Protected Execution Environment Standard mapped to SI-7(13). 1
  • RACI/control ownership record (who builds, who approves, who monitors). 1
  • Exception register with approvals and expiration. 1

Architecture

  • Reference architecture diagrams showing isolation boundaries (cluster/namespace, VPC/subnet, VM tiers). 1
  • Data flow diagram identifying which workloads are in-scope. 1

Technical enforcement

  • Policy-as-code exports (admission controller policies, runtime security policies, IAM policy JSON). 1
  • Hardened build/image pipeline records (golden image definition, container base image standards). 1
  • CI/CD controls: who can deploy, how approvals work, and logs of deployments. 1

Operations

  • Monitoring rules and sample alerts for bypass attempts. 1
  • Break-glass runbooks and sample tickets showing proper use. 1
  • Control test records and remediation evidence. 1

Tip: In Daydream, treat SI-7(13) as a control with recurring evidence tasks (policy export, access logs sample, exception review). That prevents the “we had it once” documentation problem. 1

Common exam/audit questions and hangups

Auditors and assessors usually probe:

  1. “Define ‘protected environment’ for your system.”
    Hangup: teams describe tools, not properties. Provide your standard and show enforcement points. 1

  2. “Show me how you prevent unapproved code execution.”
    Hangup: CI/CD controls alone do not stop ad-hoc execution in prod. Show runtime blocks and logs. 1

  3. “Who can run code interactively in production and how is it controlled?”
    Hangup: “everyone in SRE can SSH” breaks the story. Show break-glass, least privilege, and review evidence. 1

  4. “How do you know these settings stay enforced?”
    Hangup: one-time hardening without drift detection. Show continuous policy enforcement and alerting. 1

Frequent implementation mistakes (and how to avoid them)

Mistake Why it fails What to do instead
Treating “containers” as protection by default Containers can be privileged and bypass host controls Enforce admission policies + non-root + blocked host mounts + restricted capabilities 1
Allowing interactive prod execution as a norm Bypass path for unreviewed scripts and binaries Make CI/CD the default; restrict break-glass; log everything 1
Relying on policy documents without configs Auditors test enforcement Keep policy-as-code exports and configuration baselines as evidence 1
No exception lifecycle Permanent “temporary” exceptions undermine control Time-bound exceptions with expiration, review, and compensating monitoring 1
No negative testing Control exists only on paper Attempt bypass in a controlled test and keep results 1

Enforcement context and risk implications

No public enforcement cases were provided in the source catalog for this requirement, so this page does not list enforcement actions.

Risk-wise, SI-7(13) is tied to real failure modes: malware execution, lateral movement after credential compromise, insider-driven script execution, and supply chain tampering that lands in runtime. If your protected environments are weak, you will struggle to claim integrity for production processing, and incident containment becomes slower because responders lack reliable boundaries and telemetry. 1

Practical 30/60/90-day execution plan

First 30 days (Immediate stabilization)

  • Name a control owner and platform owner; publish the “protected execution environment” definition for in-scope production workloads. 1
  • Inventory all production code execution paths, including break-glass and orchestration exec features. 1
  • Freeze new high-risk execution patterns (new privileged runtime permissions, new direct admin pathways) until reviewed. 1

Days 31–60 (Enforcement and exception governance)

  • Implement enforceable runtime policies for your primary platform (Kubernetes or VM fleet) and document the controls with exports/config snapshots. 1
  • Stand up exception workflow and register with approvals, expiration, and compensating monitoring requirements. 1
  • Define and enable key monitoring alerts for bypass attempts; validate alerts reach an owned queue. 1

Days 61–90 (Prove operation and build audit muscle)

  • Run a formal control test (attempt to run unapproved code paths) and capture results, including logs and tickets. 1
  • Close the top bypass routes (interactive exec, ungoverned admin scripting) or document compensating controls with a remediation plan. 1
  • Convert evidence into a recurring collection cadence in Daydream so each audit cycle has fresh artifacts without a scramble. 1

Frequently Asked Questions

What counts as a “protected execution environment” for SI-7(13)?

A protected environment is one where execution is isolated and restricted by technical controls you can demonstrate, not just described in a policy. Your definition must map to enforceable settings in your platform and produce logs/config evidence. 1

Does a CI/CD pipeline satisfy SI-7(13) by itself?

Usually no, because CI/CD governs deployment, not all execution paths. You also need runtime restrictions that block ad-hoc or unauthorized code execution in production. 1

How do we handle break-glass access without failing the control?

Allow break-glass only through a controlled workflow with approvals, strong authentication, time limits, and full logging. Track each use in a ticket and review it as part of control operation. 1

We run Kubernetes. What do auditors expect to see for SI-7(13)?

Expect scrutiny on admission controls, container privilege restrictions, image source governance, and whether operators can exec into pods to run arbitrary commands. Provide policy exports and examples of blocked actions with logs. 1

How do we scope SI-7(13) across multiple cloud accounts and environments?

Start with production environments handling sensitive or regulated data and the shared platforms that deploy to them. Document the boundary, then expand coverage by standardizing runtime guardrails and evidence collection per environment. 1

What’s the minimum evidence set to keep this from becoming a quarterly fire drill?

Keep your protected environment standard, enforcement configs (policy-as-code exports/IAM policies), monitoring alerts, an exception register, and at least one control test record per review cycle. Store them in a system like Daydream with assigned owners and recurring tasks. 1

Footnotes

  1. NIST SP 800-53 Rev. 5

  2. NIST SP 800-53 Rev. 5 OSCAL JSON

Frequently Asked Questions

What counts as a “protected execution environment” for SI-7(13)?

A protected environment is one where execution is isolated and restricted by technical controls you can demonstrate, not just described in a policy. Your definition must map to enforceable settings in your platform and produce logs/config evidence. (Source: NIST SP 800-53 Rev. 5)

Does a CI/CD pipeline satisfy SI-7(13) by itself?

Usually no, because CI/CD governs deployment, not all execution paths. You also need runtime restrictions that block ad-hoc or unauthorized code execution in production. (Source: NIST SP 800-53 Rev. 5)

How do we handle break-glass access without failing the control?

Allow break-glass only through a controlled workflow with approvals, strong authentication, time limits, and full logging. Track each use in a ticket and review it as part of control operation. (Source: NIST SP 800-53 Rev. 5)

We run Kubernetes. What do auditors expect to see for SI-7(13)?

Expect scrutiny on admission controls, container privilege restrictions, image source governance, and whether operators can exec into pods to run arbitrary commands. Provide policy exports and examples of blocked actions with logs. (Source: NIST SP 800-53 Rev. 5)

How do we scope SI-7(13) across multiple cloud accounts and environments?

Start with production environments handling sensitive or regulated data and the shared platforms that deploy to them. Document the boundary, then expand coverage by standardizing runtime guardrails and evidence collection per environment. (Source: NIST SP 800-53 Rev. 5)

What’s the minimum evidence set to keep this from becoming a quarterly fire drill?

Keep your protected environment standard, enforcement configs (policy-as-code exports/IAM policies), monitoring alerts, an exception register, and at least one control test record per review cycle. Store them in a system like Daydream with assigned owners and recurring tasks. (Source: NIST SP 800-53 Rev. 5)

Related Resources

Operationalize this requirement

Map requirement text to controls, owners, evidence, and review workflows inside Daydream.

See Daydream