The National Institute of Standards and Technology (NIST) recently updated its widely used Cybersecurity Framework (CSF) with version 2.0. Following a presidential Executive Order, NIST first released the CSF in 2014 to help organizations understand, reduce and communicate about cybersecurity risk. The framework’s core is now organized around six key functions: Identify, Protect, Detect, Respond and Recover, along with CSF 2.0’s newly added Govern function. When considered together, these functions provide a comprehensive view of the life cycle for managing cybersecurity risk.
For the first time, NIST pointed to firmware as an example of software that should be managed for risk. It was specifically mentioned on page 20 of the framework as part of the Protect function and more specifically in Platform Security. Here is the exact language from the document:
Platform Security (PR.PS): The hardware, software (e.g., firmware, operating systems, applications), and services of physical and virtual platforms are managed consistent.
It is great to see that firmware is finally getting the attention it deserves from a cybersecurity perspective. Those organizations that want to implement any part of CSF 2.0, must now also consider firmware security in addition to operating system and applications.
FirmGuard is uniquely positioned in the marketplace to help IT administrators monitor their endpoints for firmware vulnerabilities and thus keep up with the NIST CSF Detect function (DE.CM): Assets are monitored to find anomalies, indicators of compromise, and other potentially adverse events.
FirmGuard addresses other aspects of the CSF 2.0 including the Identify function: ID.AM-01: Inventories of hardware managed by the organization are maintained and ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded. The combination of FirmGuard SecureSense and SecureCheck achieves these objectives by keeping track of the entire endpoint inventory while also making sure that firmware vulnerabilities are identified and tracked.
For the Protect function, FirmGuard provides SecureKey which enforces multi-factor authentication (MFA) using a physical key such as a FIDO/FIDO2 compliant or USB storage device. The operating system (OS) will not load without the configured secure key. Configuration can be done remotely by an IT administrator and keeps organizations in compliance with CSF 2.0 PR.AA-01: Identities and credentials for authorized users, services, and hardware are managed by the organization.
And finally, FirmGuard addresses the Respond and Recover functions of CSF 2.0 with the three mitigate features: SecureClone, SecureLock and SecureWipe. These features respectively help organizations backup endpoint data, lock endpoints if there is suspicion of anomalous behavior and finally wipe or purge data from an endpoint so it is no longer recoverable.
As should be clear by now, FirmGuard is a key element of any organization’s security posture with respect to endpoint firmware and thus must be part of CSF 2.0 planning.
