Adversaries may use bootkits to persist on systems and evade detection. Bootkits reside at a layer below the operating system and may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.
|ID||Name||Description||NIST Rev5||D3FEND||ISO 27001|
|CM0021||Software Digital Signature||Prevent the installation of Flight Software without verification that the component has been digitally signed using a certificate that is recognized and approved by the mission.||AC-14 CM-11 CM-11(3) CM-14 CM-14 IA-2 SA-10(1) SA-11 SA-4(5) SA-9 SI-7 SI-7(12) SI-7(15)||D3-CH D3-CBAN D3-FV D3-DLIC D3-EAL D3-SBV||A.8.19 A.5.16 A.5.2 A.5.4 A.5.8 A.5.14 A.5.22 A.5.23 A.8.21 A.8.29 A.8.30|
|CM0014||Secure boot||Software/Firmware must verify a trust chain that extends through the hardware root of trust, boot loader, boot configuration file, and operating system image, in that order. The trusted boot/RoT computing module should be implemented on radiation tolerant burn-in (non-programmable) equipment.||AC-14 PL-8 PL-8(1) SA-8(10) SA-8(12) SA-8(13) SA-8(3) SA-8(4) SC-51 SI-7(9)||D3-PH D3-BA D3-DLIC D3-TBI||A.5.8|