[On-Demand] FBI CJIS Security Policy – Firmware Integrity: Is your agency prepared?

Nefarious actors have been attacking firmware as a mechanism to threaten national security, infiltrate your network, and to steal your organization’s sensitive data. Accordingly, updates to the FBI CJIS Security Policy (CJISSECPOL) now require all criminal justice information hardware, network appliances, and infrastructure to ensure the security of their firmware by employing firmware integrity checks.

CJISSECPOL version 5.9.2 added a new section for system requirements. Policy area 5.15 is now dedicated to System and Information Integrity (SI). SI-7 Software, Firmware, and Information Integrity expands security focus beyond hardware and software and into firmware. Specifically, the most updated language calls for integrity checks and integration on Detection and Response.

To effectively combat firmware threats, it's crucial to understand their primary targets. These threats tend to target one of three areas:

• High value laptops: Laptops serve as a great mobile tool as they bring great computing capacity and capability to any environment. This mobility also makes them a vulnerable target when used in untrusted environments and less than secure networks.
• Critical servers: Servers contain a number of complex components which can be targeted. A compromised server can facilitate data theft, enable attackers to lie in wait, or disrupt user access.
• Network and security: By attacking networking appliances, attackers can move laterally within your system and avoid easy detection. In fact, they can even target network controls dedicated to security, compromising the very tools meant to protect.

In this session you will learn why firmware integrity matters to the security of data. You will also be introduced to Panasonic Connect’s firmware integrity solution, Smart Compliance, and receive a high-level demonstration of the product.