Title

Applications must support organizationally-defined requirements to load and execute from hardware-enforced, read-only media. (Cat II impact)

Discussion

Use of non-modifiable storage ensures the integrity of the software program from the point of creation of the read-only image. Organizations may require the information system to load specified applications from hardware enforced read-only media. Hardware-enforced, read-only media include, CD-R/DVD-R disk drives. Rationale for non-applicability: Given the small form factor of mobile devices and the necessity to minimize the size and number of components, mobile devices are not expected to support read-only media for any application. Even in cases in which this requirement was enforced, it would be as a result of a policy requirement on specialized hardware. There is no technical means for an application to enforce this control as it has no control over the hardware on which it resides.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46927r1_rule

Vulnerability ID: V-35640

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.