SC-27—Platform-Independent Applications
>Control Description
Include within organizational systems the following platform independent applications: ⚙organization-defined platform-independent applications.
>Cross-Framework Mappings
>Supplemental Guidance
Platforms are combinations of hardware, firmware, and software components used to execute software applications. Platforms include operating systems, the underlying computer architectures, or both. Platform-independent applications are applications with the capability to execute on multiple platforms.
Such applications promote portability and reconstitution on different platforms. Application portability and the ability to reconstitute on different platforms increase the availability of mission-essential functions within organizations in situations where systems with specific operating systems are under attack.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of platform-independent applications?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-27?
Technical Implementation:
- •How is platform-independent applications technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that platform-independent applications remains effective as the system evolves?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-27?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
Ask AI
Configure your API key to use AI features.