Firmware Security

  1. Industry Standards and Best Practices
    1. NIST Guidelines and Standards
      1. NIST SP 800-147 (BIOS Protection)
        1. Protection Requirements
          1. Update Security
            1. Implementation Guidance
            2. NIST SP 800-155 (BIOS Integrity Measurement)
              1. Measurement Techniques
                1. Reporting Standards
                  1. Validation Procedures
                  2. NIST SP 800-193 (Platform Firmware Resiliency)
                    1. Detection Mechanisms
                      1. Recovery Procedures
                        1. Protection Strategies
                        2. NIST Cybersecurity Framework
                          1. Framework Application
                            1. Risk Management
                              1. Implementation Guidance
                            2. Trusted Computing Group Specifications
                              1. TPM Specifications
                                1. TPM 2.0 Library
                                  1. Platform Profiles
                                    1. Implementation Requirements
                                    2. TCG Standards
                                      1. PC Client Platform Profile
                                        1. Server Platform Profile
                                          1. Mobile Platform Profile
                                        2. UEFI Forum Standards
                                          1. UEFI Specification
                                            1. Security Requirements
                                              1. Implementation Guidelines
                                                1. Compliance Testing
                                                2. Platform Initialization Specification
                                                  1. Boot Phases
                                                    1. Security Considerations
                                                      1. Driver Model
                                                    2. Industry Best Practices
                                                      1. Secure Development Lifecycle
                                                        1. Security by Design
                                                          1. Threat Modeling
                                                            1. Security Testing
                                                            2. Vulnerability Management
                                                              1. Disclosure Processes
                                                                1. Patch Management
                                                                  1. Risk Assessment
                                                                  2. Incident Response
                                                                    1. Detection Procedures
                                                                      1. Response Planning
                                                                        1. Recovery Strategies

                                                                    Previous

                                                                    8. Platform-Specific Security Considerations

                                                                    Go to top

                                                                    Next

                                                                    10. Firmware Security Assessment and Testing