The US National Institute of Standards and Technology (NIST) has published a new document that will help organizations prepare better against potentially destructive attacks to the collection of hardware and firmware components of a computer system, also called the platform.
Special Publication 800-193, Platform Firmware Resiliency Guidelines provides technical guidelines and recommendations supporting resiliency of platform firmware and data against such attacks.
The document’s Abstract reads as follows:
‘This document provides technical guidelines and recommendations supporting resiliency of platform firmware and data against potentially destructive attacks. The platform is a collection of fundamental hardware and firmware components needed to boot and operate a system. A successful attack on platform firmware could render a system inoperable, perhaps permanently, or requiring reprogramming by the original manufacturer, resulting in significant disruptions to users. The technical guidelines in this document promote resiliency in the platform by describing security mechanisms for protecting the platform against unauthorized changes, detecting unauthorized changes that occur, and recovering from attacks rapidly and securely. Implementers, including Original Equipment Manufacturers (OEMs) and component/device suppliers, can use these guidelines to build stronger security mechanisms into platforms. System administrators, security professionals, and users can use this document to guide procurement strategies and priorities for future systems.’