Firmware security is a key element of multiple important NIST documents, including SP 800-37 (the Risk Management Framework), SP 800-53 (Security and Privacy Controls), SP 800-147 (BIOS Protection Guidelines), 800-155 (BIOS Integrity Measurement) and 800-193 (Platform Resiliency Guidelines). At a high level, SP 800-37 establishes a lifecycle approach that guides the creation and ongoing administration of a security program. SP 800-53, then provides additional details on the types of controls that may be implemented and considerations for each. Both documents identify firmware as a critical part of the security program and consistently use the phrase “hardware, software, and firmware” when describing the components of technology and devices to be protected. In this brief we outline the NIST requirements that pertain to firmware security and provide guidance for organizations seeking to achieve compliance with these standards.
The post NIST Compliance appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.
Article Link: https://eclypsium.com/solution-briefs/nist-compliance/