Threat actors may manipulate boot memory in order to execute malicious code, bypass internal processes, or DoS the system. This technique can be used to perform other tactics such as Defense Evasion.
ID | Name | Description | NIST Rev5 | D3FEND | ISO 27001 | |
CM0028 | Tamper Protection | Perform physical inspection of hardware to look for potential tampering. Leverage tamper proof protection where possible when shipping/receiving equipment. | AC-14 CA-8(3) CM-7(9) MA-7 PL-8 PL-8(1) PL-8(2) PM-30 PM-30(1) RA-3(1) SA-10(3) SA-10(4) SA-11 SA-3 SA-4(5) SA-4(9) SA-8 SA-8(13) SA-9 SC-51 SR-1 SR-1 SR-10 SR-11 SR-11(3) SR-2 SR-2(1) SR-3 SR-4(3) SR-4(4) SR-5 SR-5 SR-5(2) SR-6(1) SR-9 SR-9(1) | D3-PH D3-AH D3-RFS D3-FV | A.5.8 4.4 6.2 7.5.1 7.5.2 7.5.3 10.2 A.5.2 A.5.8 A.8.25 A.8.31 A.8.27 A.8.28 A.5.2 A.5.4 A.5.8 A.5.14 A.5.22 A.5.23 A.8.21 A.8.29 A.8.30 5.2 5.3 7.5.1 7.5.2 7.5.3 A.5.1 A.5.2 A.5.4 A.5.19 A.5.31 A.5.36 A.5.37 A.5.19 A.5.20 A.5.21 A.8.30 A.5.20 A.5.21 A.5.20 A.5.21 A.5.23 A.8.29 | |
CM0015 | Software Source Control | Prohibit the use of binary or machine-executable code from sources with limited or no warranty and without the provision of source code. | CM-11 CM-14 CM-2 CM-4 CM-7(8) SA-10(4) SA-11 SA-3 SA-4(5) SA-4(9) SA-8 SA-9 | D3-PM D3-SBV D3-EI D3-EAL D3- EDL D3-DCE | A.8.9 A.8.9 A.8.19 A.5.2 A.5.8 A.8.25 A.8.31 A.8.27 A.8.28 A.5.2 A.5.4 A.5.8 A.5.14 A.5.22 A.5.23 A.8.21 A.8.29 A.8.30 | |
CM0018 | Dynamic Analysis | Employ dynamic analysis (e.g., using simulation, penetration testing, fuzzing, etc.) to identify software/firmware weaknesses and vulnerabilities in developed and incorporated code (open source, commercial, or third-party developed code). Testing should occur (1) on potential system elements before acceptance; (2) as a realistic simulation of known adversary tactics, techniques, procedures (TTPs), and tools; and (3) throughout the lifecycle on physical and logical systems, elements, and processes. FLATSATs as well as digital twins can be used to perform the dynamic analysis depending on the TTPs being executed. Digital twins via instruction set simulation (i.e., emulation) can provide robust environment for dynamic analysis and TTP execution. | CA-8 CP-4(5) RA-3 RA-5(11) SA-11 SA-11(5) SA-11(8) SA-11(9) SA-3 SA-8 SC-2(2) SC-7(29) SI-3 SR-6(1) SR-6(1) | D3-DA D3-FBA D3-PSA D3-PLA D3-PA D3-SEA D3-MBT | 6.1.2 8.2 9.3.2 A.8.8 A.5.2 A.5.8 A.8.25 A.8.31 A.8.27 A.8.28 A.8.29 A.8.30 A.8.7 | |
CM0021 | Software Digital Signature | Prevent the installation of Flight Software without verification that the component has been digitally signed using a certificate that is recognized and approved by the mission. | AC-14 CM-11 CM-11(3) CM-14 CM-14 IA-2 SA-10(1) SA-11 SA-4(5) SA-9 SI-7 SI-7(12) SI-7(15) | D3-CH D3-CBAN D3-FV D3-DLIC D3-EAL D3-SBV | A.8.19 A.5.16 A.5.2 A.5.4 A.5.8 A.5.14 A.5.22 A.5.23 A.8.21 A.8.29 A.8.30 | |
CM0023 | Configuration Management | Use automated mechanisms to maintain and validate baseline configuration to ensure the spacecraft's is up-to-date, complete, accurate, and readily available. | CM-11(3) CM-2 CM-3(7) CM-3(8) CM-4 CM-5 MA-7 SA-10 SA-10(7) SA-11 SA-3 SA-4(5) SA-4(9) SA-8 SR-11(2) | D3-ACH D3-CI D3-SICA D3-USICA | A.8.9 A.8.9 A.8.9 A.8.9 A.8.2 A.8.4 A.8.9 A.8.19 A.8.31 A.8.3 A.5.2 A.5.8 A.8.25 A.8.31 A.8.27 A.8.28 A.8.9 A.8.28 A.8.30 A.8.32 A.8.29 A.8.30 | |
CM0014 | Secure boot | Software/Firmware must verify a trust chain that extends through the hardware root of trust, boot loader, boot configuration file, and operating system image, in that order. The trusted boot/RoT computing module should be implemented on radiation tolerant burn-in (non-programmable) equipment. | AC-14 PL-8 PL-8(1) SA-8(10) SA-8(12) SA-8(13) SA-8(3) SA-8(4) SC-51 SI-7(9) | D3-PH D3-BA D3-DLIC D3-TBI | A.5.8 |