Navigate

SC-34(1)

SC-34(1): No Writable Storage

The organization employs [organization-defined information system components] with no writeable storage that is persistent across component restart or power on/off.

Supplemental

This control enhancement: (i) eliminates the possibility of malicious code insertion via persistent, writeable storage within the designated information system components; and (ii) applies to both fixed and removable storage, with the latter being addressed directly or as specific restrictions imposed through access controls for mobile devices.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SC-34(1).

Control	Description
AC-19	The organization: a: Establishes usage restrictions, configuration requirements, connection requirements, and implementation guidance for organization-controlled mobile devices; and b: Authorizes the connection of mobile devices to organizational information systems.
MP-7	The organization [] the use of [organization-defined types of information system media] on [organization-defined information systems or system components] using [organization-defined security safeguards].

Enhancements

The controls below (if any) add on to the requirements of SC-34(1).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SC-34(1).

CCI	Definition
CCI-001214	Employ organization-defined system components with no writeable storage that is persistent across component restart or power on/off.
CCI-001215	Defines the system components to be employed with no writeable storage.