Navigate

SI-7 (10)

SI-7 (10): Protection Of Boot Firmware

The information system implements [Assignment: organization-defined security safeguards] to protect the integrity of boot firmware in [Assignment: organization-defined devices].

Supplemental

Unauthorized modifications to boot firmware may be indicative of a sophisticated, targeted cyber attack. These types of cyber attacks can result in a permanent denial of service (e.g., if the firmware is corrupted) or a persistent malicious code presence (e.g., if code is embedded within the firmware). Devices can protect the integrity of the boot firmware in organizational information systems by: (i) verifying the integrity and authenticity of all updates to the boot firmware prior to applying changes to the boot devices; and (ii) preventing unauthorized processes from modifying the boot firmware.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
Cross Domain (Access), Cross Domain (Multilevel), Cross Domain (Transfer), NC3

Related Controls

The controls below (if any) were marked by NIST as being related to SI-7 (10).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SI-7 (10).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-7 (10).

CCI	Definition
CCI-002727	The organization defines the security safeguards to be implemented to protect the integrity of the boot firmware in organization-defined devices.
CCI-002728	The organization defines the devices on which organization-defined security safeguards will be implemented to protect the integrity of the boot firmware.
CCI-002729	The information system implements organization-defined security safeguards to protect the integrity of boot firmware in organization-defined devices.