SC-34(1)

Requirement

Employ [Assignment: organization-defined system components] with no writeable storage that is persistent across component restart or power on/off.

Discussion

Disallowing writeable storage eliminates the possibility of malicious code insertion via persistent, writeable storage within the designated system components. The restriction applies to fixed and removable storage, with the latter being addressed either directly or as specific restrictions imposed through access controls for mobile devices.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: System and communications protection policy; procedures addressing non-modifiable executable programs; system design documentation; system configuration settings and associated documentation; system architecture; list of system components to be employed without writeable storage capabilities; system audit records; system security plan; other relevant documents or records].

Interview

[SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel installing, configuring, and/or maintaining the system; system developers/integrators].

Test

[SELECT FROM: Mechanisms supporting and/or implementing the employment of components with no writeable storage; mechanisms supporting and/or implementing persistent non-writeable storage across component restart and power on/off].

ID	Assessment Objectives
SC-34(01)	<SC-34(01)_ODP system components> are employed with no writeable storage that is persistent across component restart or power on/off.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!