In today’s interconnected world, platform security is more important than ever. With sensitive information shared and stored online, it’s crucial to take every measure possible to protect it. One of the most critical aspects of platform security resiliency is the ability of a system or platform to withstand and recover from disruptions or failures. In terms of cybersecurity, it means a platform’s ability to prevent, detect and recover from cyber attacks or other malicious activities that may compromise the platform’s integrity.
To ensure the resilience of your platform, it is important to implement a Hardware Root of Trust (HRoT) solution compliant with NIST standards. The National Institute of Standards and Technology (NIST) Special Publication 800-193, “Platform Firmware Resilience (PFR),” outlines a set of guidelines for securing your platform firmware to protect it from tampering and ensure supply chain security. It provides a framework for protecting, detecting, and recovering firmware to ensure your platform is resilient.
The technical security guidelines for platform resiliency are outlined in Section 4, Firmware Security Guidelines for Platform Devices. These guidelines are separated into three categories: Shall, Should, and May support, providing a clear understanding of the level of support required for each guideline.
Technical Guidelines for Platform Resiliency
-
Section 4.1, Roots of Trust: Requirements for creating a secure foundation for the firmware and the platform. These guidelines are necessary to protect, detect and recover firmware and ensure its integrity.
-
Section 4.2, Protection: Requirements for protecting all the security-critical firmware in the platform, not just the BIOS. This includes firmware in management controllers, service processors, storage devices, network controllers, and graphics processing units.
-
Section 4.3, Detection: Requirements for detecting unauthorized changes to device firmware and critical data before it is executed.
-
Section 4.4, Recovery: Requirements for how to fix the firmware and data if unauthorized changes or corruption are detected.
Protected: A platform is considered Protected when all critical devices meet the protection guidelines in sections 4.1 and 4.2, but it may not have the ability to fully recover the device’s firmware and/or critical data.
Recoverable: A platform is considered Recoverable when all critical devices can detect corruption following guidelines in sections 4.1 and 4.3 and have the means to recover from the corruption as per guidelines in sections 4.1 and 4.4.
Resilient: A platform is considered Resilient when all critical devices meet all the guidelines outlined in Section 4 of the NIST SP800-193. It attempts to prevent attacks that can disrupt the platform’s correct operation and has mechanisms to detect and recover from malicious or accidental problems.
To better understand these requirements, you can hover and click on the interactive graphic below:
Take Action
When it comes to your platform, resiliency is non-negotiable. Without it, you’re looking at potential operational disasters, financial woes, increased cyber attacks, damaged reputations, and compliance nightmares. By implementing a NIST-compliant Hardware Root of Trust (HRoT) and following the guidelines and requirements outlined in NIST SP800-193 for protecting, detecting, and recovering firmware, you can turn your platform into a fortress of resilience.
Resources: