| Organizations may require the information system to load the operating environment from hardware enforced read-only media. The term operating environment is defined as the code upon which applications are hosted, for example, a monitor, executive, operating system, or application running directly on the hardware platform. Hardware-enforced, read-only media include, CD-R/DVD-R disk drives. Use of non-modifiable storage ensures the integrity of the software program from the point of creation of the read-only image.
Rationale for non-applicability:
Given the small form factor of mobile devices and the necessity to minimize the size and number of components, mobile devices are not expected to support read-only media for any application. Even in cases in which this requirement was enforced, it would be as a result of a policy requirement on specialized hardware. There is no technical means for an application to enforce this control as it has no control over the hardware on which it resides. |
