myctrl.tools
Compare

SC-34(1)No Writable Storage

>Control Description

Employ organization-defined system components with no writeable storage that is persistent across component restart or power on/off.

>Supplemental Guidance

Disallowing writeable storage eliminates the possibility of malicious code insertion via persistent, writeable storage within the designated system components. The restriction applies to fixed and removable storage, with the latter being addressed either directly or as specific restrictions imposed through access controls for mobile devices.

>Related Controls

AC-19
MP-7

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the implementation of no writable storage?
  • How are system and communications protection requirements defined and maintained?
  • Who is responsible for configuring and maintaining the security controls specified in SC-34(1)?

Technical Implementation:

  • How is no writable storage technically implemented in your environment?
  • What systems, tools, or configurations enforce this protection requirement?
  • How do you ensure that no writable storage remains effective as the system evolves?

Evidence & Documentation:

  • What documentation demonstrates the implementation of SC-34(1)?
  • Can you provide configuration evidence or system diagrams showing this protection control?
  • What logs or monitoring data verify that this control is functioning correctly?

Ask AI

Configure your API key to use AI features.