| Organizations may require the information system to load the operating environment from hardware-enforced read-only media. The term operating environment is defined as the code upon which applications are hosted, for example, a monitor, executive, operating system, or application running directly on the hardware platform. Hardware-enforced, read-only media includes CD-R/DVD-R disk drives. Use of non-modifiable storage ensures the integrity of the software program from the point of creation of the read-only image.
Rationale for non-applicability: Mobile OS devices must be flash upgradable in order to implement patches to vulnerabilities. The small form factor of a mobile device does not easily allow for multiple forms of storage. Therefore, the persistent memory on a mobile device must be writeable and cannot support this requirement. |
