NIST 800-53 SC-29 Mappings

Increasing the diversity of information technologies within organizational systems reduces the impact of potential exploitations or compromises of specific technologies. Such diversity protects against common mode failures, including those failures induced by supply chain attacks. Diversity in information technologies also reduces the likelihood that the means adversaries use to compromise one system component will be effective against other system components, thus further increasing the adversary work factor to successfully complete planned attacks. An increase in diversity may add complexity and management overhead that could ultimately lead to mistakes and unauthorized configurations.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SC-29 Heterogeneity Protects T1189 Drive-by Compromise
SC-29 Heterogeneity Protects T1190 Exploit Public-Facing Application
SC-29 Heterogeneity Protects T1203 Exploitation for Client Execution
SC-29 Heterogeneity Protects T1210 Exploitation of Remote Services
SC-29 Heterogeneity Protects T1211 Exploitation for Defense Evasion
SC-29 Heterogeneity Protects T1068 Exploitation for Privilege Escalation
SC-29 Heterogeneity Protects T1212 Exploitation for Credential Access