diff --git a/doc/kernel/usermode/memory_domain.rst b/doc/kernel/usermode/memory_domain.rst
index a1ddcd395e9..f830cc981b9 100644
--- a/doc/kernel/usermode/memory_domain.rst
+++ b/doc/kernel/usermode/memory_domain.rst
@@ -74,10 +74,24 @@ Thread Stack
 ************
 
 Any thread running in user mode will need access to its own stack buffer.
-On context switch into a user mode thread, a dedicated MPU region will be
-programmed with the bounds of the stack buffer. A thread exceeding its stack
-buffer will start pushing data onto memory it doesn't have access to and a
-memory access violation exception will be generated.
+On context switch into a user mode thread, a dedicated MPU region or MMU
+page table entries will be programmed with the bounds of the stack buffer.
+A thread exceeding its stack buffer will start pushing data onto memory
+it doesn't have access to and a memory access violation exception will be
+generated.
+
+Note that user threads have access to the stacks of other user threads in
+the same memory domain. This is the minimum required for architectures to
+support memory domains. Architecture can further restrict access to stacks
+so each user thread only has access to its own stack if such architecture
+advertises this capability via
+:kconfig:option:`CONFIG_ARCH_MEM_DOMAIN_SUPPORTS_ISOLATED_STACKS`.
+This behavior is enabled by default if supported and can be selectively
+disabled via :kconfig:option:`CONFIG_MEM_DOMAIN_ISOLATED_STACKS` if
+architecture supports both operating modes. However, some architectures
+may decide to enable this all the time, and thus this option cannot be
+disabled. Regardless of these kconfigs, user threads cannot access
+the stacks of other user threads outside of their memory domains.
 
 Thread Resource Pools
 *********************
diff --git a/kernel/Kconfig.mem_domain b/kernel/Kconfig.mem_domain
index 9f94f4cdcbd..28f3d003639 100644
--- a/kernel/Kconfig.mem_domain
+++ b/kernel/Kconfig.mem_domain
@@ -53,4 +53,27 @@ config ARCH_MEM_DOMAIN_SYNCHRONOUS_API
 	  tables, these APIs don't need to be implemented as the underlying
 	  memory management hardware will be reprogrammed on context switch
 	  anyway.
+
+config ARCH_MEM_DOMAIN_SUPPORTS_ISOLATED_STACKS
+	bool
+	help
+	  This hidden option is selected by the target architecture if
+	  the architecture supports isolating thread stacks for threads
+	  within the same memory domain.
+
+config MEM_DOMAIN_ISOLATED_STACKS
+	bool
+	default y
+	depends on (MMU || MPU) && ARCH_MEM_DOMAIN_SUPPORTS_ISOLATED_STACKS
+	help
+	  If enabled, thread stacks within the same memory domains are
+	  isolated which means threads within the same memory domains
+	  have no access to others threads' stacks.
+
+	  If disabled, threads within the same memory domains can access
+	  other threads' stacks.
+
+	  Regardless of this settings, threads cannot access the stacks of
+	  threads outside of their domains.
+
 endmenu