NIST 800-53 REV 5 • SYSTEM AND SERVICES ACQUISITION

SA-17(9)Design Diversity

Use different designs for {{ insert: param, sa-17.09_odp }} to satisfy a common set of requirements or to provide equivalent functionality.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Design diversity is achieved by supplying the same requirements specification to multiple developers, each of whom is responsible for developing a variant of the system or system component that meets the requirements. Variants can be in software design, in hardware design, or in both hardware and a software design. Differences in the designs of the variants can result from developer experience (e.g., prior use of a design pattern), design style (e.g., when decomposing a required function into smaller tasks, determining what constitutes a separate task and how far to decompose tasks into sub-tasks), selection of libraries to incorporate into the variant, and the development environment (e.g., different design tools make some design patterns easier to visualize). Hardware design diversity includes making different decisions about what information to keep in analog form and what information to convert to digital form, transmitting the same information at different times, and introducing delays in sampling (temporal diversity). Design diversity is commonly used to support fault tolerance.

Practitioner Notes

Design diversity means using different technologies and approaches for redundant security controls, so that a single vulnerability does not compromise all layers of defense.

Example 1: Use different vendors or technologies for different layers of network defense. If your perimeter firewall is from Vendor A, use Vendor B for your internal IDS/IPS. A zero-day vulnerability affecting Vendor A's product will not simultaneously compromise your internal monitoring.

Example 2: Use different antivirus/EDR engines for different parts of your environment. Email scanning might use one engine, endpoint protection another, and your network sandbox a third. Malware designed to evade one engine is more likely to be caught by a different one.

More System and Services Acquisition Controls

SA-1 Policy and Procedures SA-2 Allocation of Resources SA-3 System Development Life Cycle SA-3(1) Manage Preproduction Environment