The operating environment for a system contains the code that hosts applications, including operating systems, executives, or virtual machine monitors (i.e., hypervisors). It can also include certain applications that run directly on hardware platforms. Hardware-enforced, read-only media include Compact Disc-Recordable (CD-R) and Digital Versatile Disc-Recordable (DVD-R) disk drives as well as one-time, programmable, read-only memory. The use of non-modifiable storage ensures the integrity of software from the point of creation of the read-only image. The use of reprogrammable, read-only memory can be accepted as read-only media provided that integrity can be adequately protected from the point of initial writing to the insertion of the memory into the system, and there are reliable hardware protections against reprogramming the memory while installed in organizational systems.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| SC-34 | Non-modifiable Executable Programs | Protects | T1195.003 | Compromise Hardware Supply Chain |
| SC-34 | Non-modifiable Executable Programs | Protects | T1542 | Pre-OS Boot |
| SC-34 | Non-modifiable Executable Programs | Protects | T1542.001 | System Firmware |
| SC-34 | Non-modifiable Executable Programs | Protects | T1542.003 | Bootkit |
| SC-34 | Non-modifiable Executable Programs | Protects | T1542.004 | ROMMONkit |
| SC-34 | Non-modifiable Executable Programs | Protects | T1542.005 | TFTP Boot |
| SC-34 | Non-modifiable Executable Programs | Protects | T1548 | Abuse Elevation Control Mechanism |
| SC-34 | Non-modifiable Executable Programs | Protects | T1548.004 | Elevated Execution with Prompt |
| SC-34 | Non-modifiable Executable Programs | Protects | T1601 | Modify System Image |
| SC-34 | Non-modifiable Executable Programs | Protects | T1601.001 | Patch System Image |
| SC-34 | Non-modifiable Executable Programs | Protects | T1601.002 | Downgrade System Image |