Pursuant to Executive Order (EO) 14028, "Improving the Nation's Cybersecurity," and subsequent directives emphasizing the security of the software supply chain and the implementation of Zero Trust Architecture (ZTA), this interagency briefing addresses the critical importance of boot firmware security in federal systems. Boot firmware, including the Unified Extensible Firmware Interface (UEFI) BIOS, serves as the foundational layer of system startup and is increasingly targeted by sophisticated cyber threats.

While numerous security technologies and methodologies have come along to protect the integrity of the boot firmware, if the boot firmware itself contains security vulnerabilities that can be exploited, the system is still at risk of being compromised. If a system can become compromised at the firmware level, all other security investments can potentially be circumvented.

As attackers increasingly exploit vulnerabilities in UEFI BIOS, it's essential for federal agencies to evaluate their exposure and take action. This session will explore the vulnerabilities associated with UEFI BIOS, discuss alternative boot firmware solutions, and provide guidance on specifying firmware requirements in federal acquisition programs to enhance system integrity and resilience.

Recommended attending personnel:

• Federal agencies (DoD, FAA, NASA, etc.)
• Prime contractors
• Systems integrators
• Embedded systems vendors
• Computer board vendors

Important: This briefing uses a Zoom-based communication connection via your network. This briefing will be accessible via phone if you are unable to connect online and recorded versions will be distributed with closed-caption for the hearing impaired. Instructions for login will be provided upon registration.

Topical Overview

• What is Boot Firmware?
• How does UEFI BIOS impact Security?
• Bios Level System Security

Zero Trust Architecture (ZTA)

Boot Firmware Security

Importance of Boot Firmware Security

Security Vulnerabilities in UEFI BIOS

Correcting Vulnerabilities and Deploying Updates

Alternative Intel® Boot Firmware Solutions

Alternative Intel® Boot Firmware Security

Boot Firmware Requirements

Recommended Flow Down Requirements

Next Steps

• Evaluating Tools
• Continuing the Conversation

Final Remarks