Show/Hide Toolbars

ABCI Consultants

Guidance for NIST 800-171 Assessment & Compliance

Navigation: SC-FAMILY: SYSTEM AND COMMUNICATIONS PROTECTION

SC-34 NON-MODIFIABLE EXECUTABLE PROGRAMS
Scroll Prev Top Next More

Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

 

 

 

 

 

 

 

 

 

 

 

 

###

sc-34

non-modifiable executable programs

 

assessment objective:

Determine if:

sc-34[1]

the organization defines information system components for which the operating environment and organization-defined applications are to be loaded and executed from hardware-enforced, read-only media;

sc-34[2]

the organization defines applications to be loaded and executed from hardware-enforced, read-only media;

sc-34[3]

the information system, at organization-defined information system components:

sc-34[3](a)

loads and executes the operating environment from hardware-enforced, read-only media; and

sc-34[3](b)

loads and executes organization-defined applications from hardware-enforced, read-only media.

potential assessment methods and objects:

Examine: [select from: System and communications protection policy; procedures addressing non-modifiable executable programs; information system design documentation; information system configuration settings and associated documentation; information system architecture; list of operating system components to be loaded from hardware-enforced, read-only media; list of applications to be loaded from hardware-enforced, read-only media; media used to load and execute information system operating environment; media used to load and execute information system applications; information system audit records; other relevant documents or records].

Interview: [select from: System/network administrators; organizational personnel with information security responsibilities; system developer; organizational personnel installing, configuring, and/or maintaining the information system; information system developers/integrators].

Test: [select from: Automated mechanisms supporting and/or implementing loading and executing the operating environment from hardware-enforced, read-only media; automated mechanisms supporting and/or implementing loading and executing applications from hardware-enforced, read-only media].

Hosted by ABCI Consultants for Information Security Management Systems | Implementations, Training and Assessments for Compliance | (800) 644-2056