SC-25—Thin Nodes
>Control Description
Employ minimal functionality and information storage on the following system components: ⚙organization-defined system components.
>Cross-Framework Mappings
>Supplemental Guidance
The deployment of system components with minimal functionality reduces the need to secure every endpoint and may reduce the exposure of information, systems, and services to attacks. Reduced or minimal functionality includes diskless nodes and thin client technologies.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of thin nodes?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-25?
Technical Implementation:
- •How is thin nodes technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that thin nodes remains effective as the system evolves?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-25?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
Ask AI
Configure your API key to use AI features.