The National Institute of Standards and Technology released a publication that will assist organizations better guard against potentially destructive attacks to the collection of hardware and firmware components of a computer system, also called the platform, according to a NIST release.
Special Publication 800-193, Platform Firmware Resiliency Guidelines provides technical guidelines and recommendations to support the resiliency of platform firmware and data against destructive cyber threats. The strategies describe security mechanisms for protecting the platform against unauthorized changes, detecting unauthorized changes that occur, and securing recovery from attacks. SP 800-193 is intended to guide implementers, including system manufacturers and component suppliers, on how to use these recommendations to build a strong security foundation into platforms, NIST said.
The platform is described as a collection of fundamental hardware and firmware components needed to boot and operate a system. A successful attack on platform firmware could render a system inoperable, perhaps permanently, or require reprogramming by the original manufacturer, resulting in significant costs and disruptions to users.
“The technical guidelines in this document promote resiliency in the platform by describing security mechanisms for protecting the platform against unauthorized changes, detecting unauthorized changes that occur, and recovering from attacks rapidly and securely,” NIST said.
System administrators, cybersecurity professionals, and users can use this document to guide procurement strategies and priorities for future systems, NIST recommended.
As a non-regulatory agency of the Commerce Department, NIST promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve our quality of life. For more information, visit www.nist.gov.