Prevent unauthorized and unintended information transfer via shared system resources.

The control of information in shared resources is commonly referred to as object reuse and residual information protection. This requirement prevents information produced by the actions of prior users from being available to any current users/roles.

Before deploying an operating system to your environment check the Common Criteria website to determine if it is certified. Check to see if it has "object reuse and residual information protection" controls in place. Most popular operating systems are certified and have object reuse controls. Examples include Red Hat Enterprise Linux and Windows 10.