SC-34(1): No Writable Storage

Control Family:

System And Communications Protection

Parent Control:

SC-34: Non-Modifiable Executable Programs

Priority:

P0: Security control not selected in any baseline.

Threats Addressed:

Tampering
Elevation of Privilege

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SC-34(1): No Writable Storage

Control Statement

The organization employs [Assignment: organization-defined information system components] with no writeable storage that is persistent across component restart or power on/off.

Supplemental Guidance

This control enhancement: (i) eliminates the possibility of malicious code insertion via persistent, writeable storage within the designated information system components; and (ii) applies to both fixed and removable storage, with the latter being addressed directly or as specific restrictions imposed through access controls for mobile devices.