NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-27Platform-independent Applications

Include within organizational systems the following platform independent applications: {{ insert: param, sc-27_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Platforms are combinations of hardware, firmware, and software components used to execute software applications. Platforms include operating systems, the underlying computer architectures, or both. Platform-independent applications are applications with the capability to execute on multiple platforms. Such applications promote portability and reconstitution on different platforms. Application portability and the ability to reconstitute on different platforms increase the availability of mission-essential functions within organizations in situations where systems with specific operating systems are under attack.

Practitioner Notes

Applications should be platform-independent when feasible — able to run on multiple operating systems and hardware platforms. This provides flexibility and reduces vendor lock-in.

Example 1: Develop internal web applications using standard HTML5, CSS, and JavaScript that runs in any modern browser, rather than using browser-specific features or plugins that lock you into one platform.

Example 2: When selecting commercial software, prefer products that run on multiple operating systems (Windows, Linux, macOS) or are delivered as SaaS. This gives you the flexibility to switch platforms if a security vulnerability is discovered in one OS.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability