CMMC Requirement SI.L3-3.14.1E – Integrity Verification: Verify the integrity of security critical and essential software using root of trust mechanisms or cryptographic signatures.
Links to Publicly Available Resources – Coming Soon
This document provides guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and privileged position within the PC architecture.
Verifying the integrity of the organization’s security-critical or essential software is an important capability since corrupted software is the primary attack vector used by adversaries to undermine or disrupt the proper functioning of organizational systems. There are many ways to verify software integrity throughout the system development life cycle. Root of trust mechanisms (e.g., secure boot, trusted platform modules, Unified Extensible Firmware Interface [UEFI]), verify that only trusted code is executed during boot processes. This capability helps system components protect the integrity of boot firmware in organizational systems by verifying the integrity and authenticity of updates to the firmware prior to applying changes to the system component and preventing unauthorized processes from modifying the boot firmware. The employment of cryptographic signatures ensures the integrity and authenticity of critical and essential software that stores, processes, or transmits, CUI. Cryptographic signatures include digital signatures and the computation and application of signed hashes using asymmetric cryptography, protecting the confidentiality of the key used to generate the hash, and using the public key to verify the hash information. Hardware roots of trust are considered to be more secure. This requirement supports 3.4.1e and 3.4.3.e.
[FIPS 140-3] provides security requirements for cryptographic modules. [FIPS 180-4] and [FIPS 202] provide secure hash standards. [FIPS 186-4] provides a digital signature standard. [NIST SP 800-147] provides BIOS protection guidance. [NIST TRUST] provides guidance on the roots of trust project.
Further Discussion
Organizations verify the integrity of security critical and essential software every time that software is executed. Secure boot mechanisms for firmware and a cryptographically protected boot chain ensure the integrity of the operating system (OS) and security critical software, and cryptographic techniques ensure the essential software has not been tampered with after development prior to execution. If software is itself considered to be CUI or if it uses CUI, this requirement ensures it has not been compromised.
Software and information integrity verification tools can help check the integrity during the development process for those organizations developing software. As critical software is updated, the integrity of any configuration data and the software must result in updated signatures and an ongoing verification process.
Operating systems include mechanisms to validate digital signatures for installed software. Most software packages use signatures to prove the integrity of the provided software, and the organization should leverage these capabilities. Similarly, most hardware appliance vendors have secure boot checks in place for their devices and built-in features that check the digital signature of an upgrade/update package before they allow an upgrade to take place. For locally developed software, the organization should sign the software to ensure its integrity.