SC-34: Non-modifiable Executable Programs

From NIST's SP800-53:

For [Assignment: organization-defined system components], load and execute: a. The operating environment from hardware-enforced, read-only media; and b. The following applications from hardware-enforced, read-only media: [Assignment: organization-defined applications].

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against.

ATT&CK ID	Title	Associated Tactics
T1542.004	ROMMONkit	Defense Evasion, Persistence
T1195.003	Compromise Hardware Supply Chain	Initial Access
T1601	Modify System Image	Defense Evasion
T1548	Abuse Elevation Control Mechanism	Defense Evasion, Privilege Escalation
T1542.001	System Firmware	Defense Evasion, Persistence
T1601.002	Downgrade System Image	Defense Evasion
T1047	Windows Management Instrumentation	Execution
T1553	Subvert Trust Controls	Defense Evasion
T1601.001	Patch System Image	Defense Evasion
T1548.004	Elevated Execution with Prompt	Defense Evasion, Privilege Escalation
T1611	Escape to Host	Privilege Escalation
T1542	Pre-OS Boot	Defense Evasion, Persistence
T1553.006	Code Signing Policy Modification	Defense Evasion
T1542.003	Bootkit	Defense Evasion, Persistence
T1542.005	TFTP Boot	Defense Evasion, Persistence