Navigate

SC-25

SC-25: Thin Nodes

Employ minimal functionality and information storage on the following system components: [system components to be employed with minimal functionality and information storage are defined;].

Supplemental

The deployment of system components with minimal functionality reduces the need to secure every endpoint and may reduce the exposure of information, systems, and services to attacks. Reduced or minimal functionality includes diskless nodes and thin client technologies.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
DAF Baseline, NC3

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SC-25.

Control	Description
SC-30	Employ the following concealment and misdirection techniques for [systems for which concealment and misdirection techniques are to be employed are defined;] at [time periods to employ concealment and misdirection techniques for systems are defined;] to confuse and mislead adversaries: [concealment and misdirection techniques to be employed to confuse and mislead adversaries potentially targeting systems are defined;].
SC-44	Employ a detonation chamber capability within [the system, system component, or location where a detonation chamber capability is to be employed is defined;].

Control

Description

SC-30

Employ the following concealment and misdirection techniques for [systems for which concealment and misdirection techniques are to be employed are defined;] at [time periods to employ concealment and misdirection techniques for systems are defined;] to confuse and mislead adversaries: [concealment and misdirection techniques to be employed to confuse and mislead adversaries potentially targeting systems are defined;].

SC-44

Employ a detonation chamber capability within [the system, system component, or location where a detonation chamber capability is to be employed is defined;].

Enhancements

The controls below (if any) add on to the requirements of SC-25.

Control	Description
No controls

Related CCIs

The CCIs below are tied to SC-25.

CCI	Definition
CCI-001194	Employ minimal functionality and information storage on organization-defined information system components.
CCI-002471	Defines the system components, with minimal functionality and information storage, to be employed.