Description
For [Assignment: organization-defined parameters] , load and execute: The operating environment from hardware-enforced, read-only media; and The following applications from hardware-enforced, read-only media: [Assignment: organization-defined parameters].
Supplemental Guidance
The operating environment for a system contains the code that hosts applications, including operating systems, executives, or virtual machine monitors (i.e., hypervisors). It can also include certain applications that run directly on hardware platforms. Hardware-enforced, read-only media include Compact Disc-Recordable (CD-R) and Digital Versatile Disc-Recordable (DVD-R) disk drives as well as one-time, programmable, read-only memory. The use of non-modifiable storage ensures the integrity of software from the point of creation of the read-only image. The use of reprogrammable, read-only memory can be accepted as read-only media provided that integrity can be adequately protected from the point of initial writing to the insertion of the memory into the system, and there are reliable hardware protections against reprogramming the memory while installed in organizational systems.
Changes from Rev 4
No significant title changes from Rev 4.
MITRE ATT&CK Techniques (15)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.