← Back to catalog
SC-29

Heterogeneity

System and Communications Protection (SC)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Employ a diverse set of information technologies for the following system components in the implementation of the system: [assignment].

Discussion

Increasing the diversity of information technologies within organizational systems reduces the impact of potential exploitations or compromises of specific technologies. Such diversity protects against common mode failures, including those failures induced by supply chain attacks. Diversity in information technologies also reduces the likelihood that the means adversaries use to compromise one system component will be effective against other system components, thus further increasing the adversary work factor to successfully complete planned attacks. An increase in diversity may add complexity and management overhead that could ultimately lead to mistakes and unauthorized configurations.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.