800-53|SC-29

Title

HETEROGENEITY

Description

The organization employs a diverse set of information technologies for [Assignment: organization-defined information system components] in the implementation of the information system.

Supplemental

Increasing the diversity of information technologies within organizational information systems reduces the impact of potential exploitations of specific technologies and also defends against common mode failures, including those failures induced by supply chain attacks. Diversity in information technologies also reduces the likelihood that the means adversaries use to compromise one information system component will be equally effective against other system components, thus further increasing the adversary work factor to successfully complete planned cyber attacks. An increase in diversity may add complexity and management overhead which could ultimately lead to mistakes and unauthorized configurations.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SA-12,SA-14,SC-27

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P0

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.0 L1 Member Server
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.0 L1 Domain Controller
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v3.0.0 L1
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
31 - Starting with Security Manager	Unix	TNS Best Practice Jetty 9 Linux
45.36 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 11 v3.0.1 L1
45.36 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'	Windows	CIS Microsoft Intune for Windows 10 v3.0.1 L1
DTBI014-IE11 - Turn off Encryption Support must be enabled.	Windows	DISA STIG IE 11 v2r4
DTBI1100-IE11 - Allow Fallback to SSL 3.0 (Internet Explorer) must be disabled.	Windows	DISA STIG IE 11 v2r4
User Account Control: Virtualize file and registry write failures to per-user locations	Windows	MSCT Windows Server v2004 MS v1.0.0
User Account Control: Virtualize file and registry write failures to per-user locations	Windows	MSCT Windows Server 1903 MS v1.19.9
User Account Control: Virtualize file and registry write failures to per-user locations	Windows	MSCT Windows Server 2016 DC v1.0.0
User Account Control: Virtualize file and registry write failures to per-user locations	Windows	MSCT Windows Server 2022 v1.0.0
User Account Control: Virtualize file and registry write failures to per-user locations	Windows	MSCT Windows Server v20H2 MS v1.0.0
User Account Control: Virtualize file and registry write failures to per-user locations	Windows	MSCT Windows 10 1903 v1.19.9
User Account Control: Virtualize file and registry write failures to per-user locations	Windows	MSCT Windows 10 1809 v1.0.0
User Account Control: Virtualize file and registry write failures to per-user locations	Windows	MSCT Windows 10 v22H2 v1.0.0
User Account Control: Virtualize file and registry write failures to per-user locations	Windows	MSCT Windows 10 v20H2 v1.0.0
User Account Control: Virtualize file and registry write failures to per-user locations	Windows	MSCT Windows 11 v1.0.0
User Account Control: Virtualize file and registry write failures to per-user locations	Windows	MSCT Windows Server v1909 DC v1.0.0
User Account Control: Virtualize file and registry write failures to per-user locations	Windows	MSCT MSCT Windows Server 2022 DC v1.0.0

Detections

Analytics