This article is Sponsored Content by AMI
Platform security is essential in today’s computing environments. In a world of increasing cyberattacks, platforms must have the ability to prevent, detect and recover.
Platform security is essential in today’s computing environments. Given the vast amount of data and information we share and store online, the right protections must be in place. A critical aspect of platform security resiliency is a system’s ability to withstand and recover from any disruptions or system failures. In cybersecurity terms, this means the platform must have the ability to prevent, detect and recover from attacks.
The Key: Hardware Root of Trust
A Hardware Root of Trust, or HRoT solution, is essential for platform security. An HRoT solution compliant with NIST standards provides protection, detection and recovery in the instance of a cyberattack so your platform firmware is resilient.
NIST is the gold standard in terms of cybersecurity frameworks to protect critical infrastructure. NIST Special Publication 800-193 is their guidelines for “Platform Firmware Resilience (PFR),” which outlines how to secure platform firmware and prevent tampering within the supply chain – as this is a critical area of security that’s often left vulnerable. This framework offers the necessary guidelines for protection, detection and recovery to bolster platform resilience.
NIST Section 4: Firmware Security Guidelines for Platform Devices
When you dig in, Section 4 of NIST Special Publication 800-193 outlines the security guidelines for platform devices. These are further broken down into three categories: shall, should and may support. These categorizations provide a firm understanding of the level of support required.
Let’s examine their technical guidelines further:
· Section 4.1 outlines Roots of Trust and the requirements for creating a secure foundation for the firmware and the platform. These are necessary to protect, detect and recover firmware and ensure its integrity.
· Section 4.2 covers protection. These are the requirements for protecting all the security-critical firmware in the platform, including firmware in management controllers, service processors, storage devices, network controllers, and graphics processing units.
· Section 4.3 is all about detection. It outlines the requirements for detecting unauthorized changes to device firmware and critical data before it is executed.
· Section 4.4 outlines the requirements for how to recover firmware and data in the event of unauthorized changes or corruption.
These guidelines are measured against the three core principles of NIST Special Publication 800-193.
· Protected: When all critical devices meet the guidelines of sections 4.1 and 4.2, the platform is considered protected. However, it may not have the ability to fully recover firmware or critical data.
· Recoverable: When all critical devices can detect corruption via sections 4.1 and 4.3, the platform is considered recoverable. It will have the capability to recover from corruption per guidelines in sections 4.1 and 4.4.
· Resilient: When all critical devices meet all the guidelines from Section 4, the platform is considered resilient. The platform has the ability to help prevent attacks and the mechanisms to detect and recover from malicious or inadvertent attacks.
Take the steps toward platform resiliency
Platform resiliency is the crux of your cybersecurity strategy. If your platform is not secure and resilient, you risk increased cyberattacks and operational deficiencies – which can lead to financial issues and a sullied reputation.
Following NIST guidelines and implementing a compliant HRoT solution means you can thrive in the face of uncertainty. A trusted HRoT solution offers the protection you need for peace of mind and top-line platform resiliency.
