SC-34(1): No Writable Storage

Control Family:

System and Communications Protection

Parent Control:

SC-34: Non-modifiable Executable Programs

Threats Addressed:

Tampering
Elevation of Privilege

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SC-34(1): No Writable Storage

Control Statement

Employ [Assignment: organization-defined system components] with no writeable storage that is persistent across component restart or power on/off.

Supplemental Guidance

Disallowing writeable storage eliminates the possibility of malicious code insertion via persistent, writeable storage within the designated system components. The restriction applies to fixed and removable storage, with the latter being addressed either directly or as specific restrictions imposed through access controls for mobile devices.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5