Boot Integrity

Use secure methods to boot a system and verify the integrity of the operating system and loading mechanisms.

ID: M0946
Security Controls: IEC 62443-4-2:2019 - CR 3.14, NIST SP 800-53 Rev. 5 - SI-7
Version: 1.0
Created: 11 June 2019
Last Modified: 19 September 2023

Techniques Addressed by Mitigation

Domain ID Name Use
ICS T0839 Module Firmware

Check the integrity of the existing BIOS or EFI to determine if it is vulnerable to modification. Use Trusted Platform Module technology. [1] Move system's root of trust to hardware to prevent tampering with the SPI flash memory. [2] Technologies such as Intel Boot Guard can assist with this. [3]

ICS T0857 System Firmware

Check the integrity of the existing BIOS or EFI to determine if it is vulnerable to modification. Use Trusted Platform Module technology. [1] Move system's root of trust to hardware to prevent tampering with the SPI flash memory. [2] Technologies such as Intel Boot Guard can assist with this. [3]

References