NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-25Thin Nodes

Employ minimal functionality and information storage on the following system components: {{ insert: param, sc-25_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

The deployment of system components with minimal functionality reduces the need to secure every endpoint and may reduce the exposure of information, systems, and services to attacks. Reduced or minimal functionality includes diskless nodes and thin client technologies.

Practitioner Notes

Thin nodes (thin clients, zero clients) minimize the processing and storage on the endpoint itself. All the real work happens on a server — the endpoint is just a window into the server session.

Example 1: Deploy thin client terminals (Dell Wyse, HP t-series) for users who primarily work in virtual desktops (VDI). The thin client has no local storage for data and boots from a read-only image. If the device is stolen, there is nothing on it to compromise.

Example 2: Use Azure Virtual Desktop or Citrix to deliver applications to users on thin clients. All data processing and storage happens in the data center or cloud. The thin client only sends keyboard/mouse input and receives screen updates.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability