CCI-002510

The organization defines the individuals authorized to manually disable hardware-based, write-protect for firmware modifications and re-enable the write-protect prior to returning to operational mode.

Implementation Guidance

The organization being inspected/assessed defines and documents the individuals authorized to manually disable hardware-based, write-protect for firmware modifications and re-enable the write-protect prior to returning to operational mode. DoD has determined the individuals are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented authorized individuals to ensure the organization being inspected/assessed defines the individuals authorized to manually disable hardware-based, write-protect for firmware modifications and re-enable the write-protect prior to returning to operational mode. DoD has determined the individuals are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated Standard Operating Procedure (SOP). 2.) Concept of Operations (CONOP). 3.) System security plan (SSP) (reference "hardware operations" section).

The controls below (if any) were marked by NIST as being related to CCI-002510.