CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs)

Today, CISA, together with the National Security Agency (NSA), released a Cybersecurity Information Sheet (CSI), highlighting threats to Baseboard Management Controller (BMC) implementations and detailing actions organizations can use to harden them.

BMCs are trusted components designed into a computer’s hardware that operate separately from the operating system (OS) and firmware to allow for remote management and control, even when the system is shut down. Hardened credentials, firmware updates, and network segmentation options are often overlooked, leading to a vulnerable BMC.

Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency