CCI-001210

For organization-defined system components, load and execute the operating environment from hardware-enforced, read-only media.

Implementation Guidance

Determine if the operating environment for [SC-34_ODP[01]; system components for which the operating environment and applications are to be loaded and executed from hardware-enforced, read-only media are defined] is loaded and executed from hardware-enforced, read-only media.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing non-modifiable executable programs; system design documentation; system configuration settings and associated documentation; system architecture; list of operating system components to be loaded from hardware-enforced, read-only media; list of applications to be loaded from hardware-enforced, read-only media; media used to load and execute the system operating environment; media used to load and execute system applications; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developer; organizational personnel installing, configuring, and/or maintaining the system; system developers/integrators]. Test: [SELECT FROM: Mechanisms supporting and/or implementing, loading, and executing the operating environment from hardware-enforced, read-only media; mechanisms supporting and/or implementing, loading, and executing applications from hardware-enforced, read-only media].

The controls below (if any) were marked by NIST as being related to CCI-001210.