Applications must, for organization defined information system components, load and execute the operating environment from hardware-enforced, read-only media.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35647	SRG-APP-000241-AS-NA	SV-46934r1_rule		Medium

Description
Organizations may require the information system to load the operating environment from hardware-enforced, read-only media. The term operating environment is defined as the code upon which applications are hosted, for example, a monitor, executive, operating system, or application running directly on the hardware platform. Hardware-enforced, read-only media include CD-R/DVD-R disk drives. Use of non-modifiable storage ensures the integrity of the software program from the point of creation of the read-only image. This requirement is NA. Application servers are installed and do not load and execute from CD-ROM.

Description

Organizations may require the information system to load the operating environment from hardware-enforced, read-only media. The term operating environment is defined as the code upon which applications are hosted, for example, a monitor, executive, operating system, or application running directly on the hardware platform. Hardware-enforced, read-only media include CD-R/DVD-R disk drives. Use of non-modifiable storage ensures the integrity of the software program from the point of creation of the read-only image. This requirement is NA. Application servers are installed and do not load and execute from CD-ROM.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43989r1_chk )
This requirement is NA for the AS SRG.

Fix Text (F-40189r1_fix)
The requirement is NA. No fix is required.