Bootkit

Adversaries may use bootkits to persist on systems and evade detection. Bootkits reside at a layer below the operating system and may make it difficult to perform full remediation unless an organization suspects one was used and can act accordingly.

ID: CM0014
Sub-techniques: 
Related Aerospace Threat IDs: 
Related MITRE ATT&CK TTPs:  T1542 T1542.003
Tactic:
Created: 2022/12/08
Last Modified: 2022/12/08

Countermeasures

ID Name Description NIST Rev5 D3FEND ISO 27001
CM0021 Software Digital Signature Prevent the installation of Flight Software without verification that the component has been digitally signed using a certificate that is recognized and approved by the mission. CM-11(3) CM-14 CM-14 SA-10(1) SI-7 SI-7(12) SI-7(15)
CM0014 Secure boot Software/Firmware must verify a trust chain that extends through the hardware root of trust, boot loader, boot configuration file, and operating system image, in that order. The trusted boot/RoT computing module should be implemented on radiation tolerant burn-in (non-programmable) equipment.  SC-51 SI-7(9)