SC-34 Non-modifiable Executable Programs
For sc-34_odp.01 , load and execute:
a. The operating environment from hardware-enforced, read-only media; and
b. The following applications from hardware-enforced, read-only media: sc-34_odp.02.
| Parameter ID | Definition |
|---|---|
| sc-34_odp.01 | system components |
| sc-34_odp.02 | applications |
Baselines
- L
- M
- H
- P
Guidance
The operating environment for a system contains the code that hosts applications, including operating systems, executives, or virtual machine monitors (i.e., hypervisors). It can also include certain applications that run directly on hardware platforms. Hardware-enforced, read-only media include Compact Disc-Recordable (CD-R) and Digital Versatile Disc-Recordable (DVD-R) disk drives as well as one-time, programmable, read-only memory. The use of non-modifiable storage ensures the integrity of software from the point of creation of the read-only image. The use of reprogrammable, read-only memory can be accepted as read-only media provided that integrity can be adequately protected from the point of initial writing to the insertion of the memory into the system, and there are reliable hardware protections against reprogramming the memory while installed in organizational systems.
Control Enhancements 3
- SC-34(01) No Writable Storage L M H P
- SC-34(02) Integrity Protection on Read-only Media L M H P
- SC-34(03) Hardware-based Protection
Related controls 3
- AC-03 Access Enforcement L M H P
- SI-07 Software, Firmware, and Information Integrity L M H P
- SI-14 Non-persistence L M H P