SC-34: Non-modifiable Executable Programs
From NIST's SP800-53:
For [Assignment: organization-defined system components], load and execute: a. The operating environment from hardware-enforced, read-only media; and b. The following applications from hardware-enforced, read-only media: [Assignment: organization-defined applications].
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
MITRE ATT&CK Techniques
See which MITRE ATT&CK techniques this control helps to protect against.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1542.004 | ROMMONkit | Defense Evasion, Persistence |
| T1195.003 | Compromise Hardware Supply Chain | Initial Access |
| T1601 | Modify System Image | Defense Evasion |
| T1548 | Abuse Elevation Control Mechanism | Defense Evasion, Privilege Escalation |
| T1542.001 | System Firmware | Defense Evasion, Persistence |
| T1601.002 | Downgrade System Image | Defense Evasion |
| T1047 | Windows Management Instrumentation | Execution |
| T1553 | Subvert Trust Controls | Defense Evasion |
| T1601.001 | Patch System Image | Defense Evasion |
| T1548.004 | Elevated Execution with Prompt | Defense Evasion, Privilege Escalation |
| T1611 | Escape to Host | Privilege Escalation |
| T1542 | Pre-OS Boot | Defense Evasion, Persistence |
| T1553.006 | Code Signing Policy Modification | Defense Evasion |
| T1542.003 | Bootkit | Defense Evasion, Persistence |
| T1542.005 | TFTP Boot | Defense Evasion, Persistence |