Navigate

CCI-002508

CCI-002508 Definition

The organization defines the information system firmware components for which hardware-based, write-protect is employed.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and documents the information system firmware components for which hardware-based, write-protect is employed. DoD has determined the information system firmware components are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented information system firmware components to ensure the organization being inspected/assessed defines the information system firmware components for which hardware-based, write-protect is employed. DoD has determined the information system firmware components are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated Standard Operating Procedure (SOP). 2.) Concept of Operations (CONOP). 3.) Installation guide (reference "hardware-enforced" section).

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002508.

Control	Description
SC-34 (3)	The organization: SC-34 (3)(a): Employs hardware-based, write-protect for [Assignment: organization-defined information system firmware components]; and SC-34 (3)(b): Implements specific procedures for [Assignment: organization-defined authorized individuals] to manually disable hardware write-protect for firmware modifications and re-enable the write-protect prior to returning to operational mode.

Control

Description

SC-34 (3)

The organization:

SC-34 (3)(a): Employs hardware-based, write-protect for [Assignment: organization-defined information system firmware components]; and

SC-34 (3)(b): Implements specific procedures for [Assignment: organization-defined authorized individuals] to manually disable hardware write-protect for firmware modifications and re-enable the write-protect prior to returning to operational mode.