Boot Integrity

From attackics
Revision as of 13:17, 10 April 2021 by Oalexander (talk | contribs) (Oalexander moved page Boot Integrity to Boot Integrity)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Boot Integrity
Mitigation
ID M0946
NIST SP 800-53 Rev. 4 SI-7
IEC 62443-4-2:2019 CR 3.14

Description

Use secure methods to boot a system and verify the integrity of the operating system and loading mechanisms.


Techniques Addressed by Mitigation

NameUse
Module FirmwareCheck the integrity of the existing BIOS or EFI to determine if it is vulnerable to modification. Use Trusted Platform Module technology.1 Move system's root of trust to hardware to prevent tampering with the SPI flash memory.2 Technologies such as Intel Boot Guard can assist with this.3
System FirmwareCheck the integrity of the existing BIOS or EFI to determine if it is vulnerable to modification. Use Trusted Platform Module technology.1 Move system's root of trust to hardware to prevent tampering with the SPI flash memory.2 Technologies such as Intel Boot Guard can assist with this.3