CCI-002511

The organization implements specific procedures for organization-defined authorized individuals to manually disable hardware-based, write-protect for firmware modifications.

Implementation Guidance

The organization being inspected/assessed documents and implements specific procedures for authorized individuals defined in SC-34 (3), CCI 2510 to manually disable hardware-based, write-protect for firmware modifications.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented procedures and a sampling of the information system components defined in SC-34 (3), CCI 2508 to ensure the organization being inspected/assessed implements specific procedures for authorized individuals defined in SC-34 (3), CCI 2510 to manually disable hardware-based, write-protect for firmware modifications.

Compelling Evidence

1.) Signed and dated Standard Operating Procedure (SOP). 2.) Concept of Operations (CONOP). 3.) System security plan (SSP) (reference "hardware operations" section).

The controls below (if any) were marked by NIST as being related to CCI-002511.