NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-34(2)Integrity Protection on Read-only Media

Protect the integrity of information prior to storage on read-only media and control the media after such information has been recorded onto the media.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Controls prevent the substitution of media into systems or the reprogramming of programmable read-only media prior to installation into the systems. Integrity protection controls include a combination of prevention, detection, and response.

Practitioner Notes

Protect the integrity of software on read-only media — verify that the media has not been tampered with before booting from it.

Example 1: Store boot images on USB drives with hardware write-protection switches. Before deploying, verify the image's SHA-256 hash against the known-good value. Any mismatch means the media has been tampered with.

Example 2: Use digitally signed firmware images. Before flashing firmware updates, the device verifies the manufacturer's digital signature. Modified or counterfeit firmware is rejected and the update fails safely.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability