SI-7(10)—Software, Firmware, And Information Integrity

Unauthorized modifications to boot firmware may be indicative of a sophisticated, targeted cyber-attack. These types of cyber-attacks can result in a permanent denial of service (e.g., if the firmware is corrupted) or a persistent malicious code presence (e.g., if code is embedded within the firmware). Devices can protect the integrity of the boot firmware in organizational information systems by: (i) verifying the integrity and authenticity of all updates to the boot firmware prior to applying changes to the boot devices; and (ii) preventing unauthorized processes from modifying the boot firmware.