Modern computing and information technology systems are built upon a variety of hardware components, many of which rely on firmware and configuration data to drive their behavior. Firmware is a type of software that provides low-level control for the device's hardware. This software is written in the hardware’s nonvolatile memory and is thus saved when the hardware is turned off or loses its external power source. Almost all electronic devices contain some firmware, and this firmware is often permanently installed and cannot be changed. As a result, updating the firmware of a device may rarely or never be done during its lifetime.
NIST announces the release of Special Publication 800-193, Platform Firmware Resiliency Guidelines, a document that provides technical guidelines and recommendations supporting resiliency of the collection of hardware and firmware components of a computer system, also called the platform. These guidelines describe security mechanisms for protecting the platform against unauthorized changes, detecting unauthorized changes that occur, and securing recovery from attacks.
This document is intended to guide implementers, including system manufacturers and component suppliers, on how to use these mechanisms to build a strong security foundation into platforms. The document may also be useful when developing enterprise-wide procurement strategies and deployment.