800-53|SC-29

Title

HETEROGENEITY

Description

The organization employs a diverse set of information technologies for [Assignment: organization-defined information system components] in the implementation of the information system.

Supplemental

Increasing the diversity of information technologies within organizational information systems reduces the impact of potential exploitations of specific technologies and also defends against common mode failures, including those failures induced by supply chain attacks. Diversity in information technologies also reduces the likelihood that the means adversaries use to compromise one information system component will be equally effective against other system components, thus further increasing the adversary work factor to successfully complete planned cyber attacks. An increase in diversity may add complexity and management overhead which could ultimately lead to mistakes and unauthorized configurations.

Reference Item Details

Related: SA-12,SA-14,SC-27

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P0

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L1 v3.0.0
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Windows Server 2012 MS L1 v3.0.0
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
2.3.17.8 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.17.8 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC
2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS
2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller
2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server
2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS
2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC
2.3.17.10 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS
2.3.17.10 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS
2.3.17.10 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC
2.3.17.10 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC
31 - Starting with Security ManagerUnixTNS Best Practice Jetty 9 Linux
45.36 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
45.36 (L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
MS.POWERPLATFORM.3.1v1 - Power Platform tenant isolation SHALL be enabled.microsoft_azureCISA SCuBA Microsoft 365 Power Platform v1.5.0