Navigate

CCI-001212

CCI-001212 Definition

The organization defines information system components on which the operating environment and organization-defined applications are loaded and executed from hardware-enforced, read-only media.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents information system components for which the operating environment and organization-defined applications are loaded and executed from hardware-enforced, read-only media. DoD has determined the information system components are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented information system components to ensure the organization being inspected/assessed defines information system components for which the operating environment and organization-defined applications are loaded and executed from hardware-enforced, read-only media. DoD has determined the information system components are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated Standard Operating Procedure (SOP). 2.) Concept of Operations (CONOP). 3.) Access Control policy (reference "hardware-enforced, read-only media" section).

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001212.

Control	Description
SC-34	The information system at [Assignment: organization-defined information system components]: SC-34a.: Loads and executes the operating environment from hardware-enforced, read-only media; and SC-34b.: Loads and executes [Assignment: organization-defined applications] from hardware-enforced, read-only media.