"NSA and CISA Release Guide To Protect Baseboard Management Controllers"

Baseboard Management Controllers (BMCs) are common server-class computer components. Cybercriminals could exploit the capabilities of these controllers to compromise industry and government systems. Neal Ziring, the Technical Director of the National Security Agency's (NSA) Cybersecurity Directorate, commented that implementing effective security defenses for these embedded controllers is often neglected. The firmware in these controllers is highly privileged, so malicious actors can use the firmware's capabilities to remotely control a critical server while evading traditional security tools. Therefore, organizations must take measures to protect servers with BMCs. NSA and the Cybersecurity and Infrastructure Security Agency (CISA) published the Cybersecurity Information Sheet "Harden Baseboard Management Controllers" to help network defenders. The guidance provides network defenders with recommendations and mitigations for securing their systems. This article continues to discuss the guidance released on hardening BMCs. 

NSA reports "NSA and CISA Release Guide To Protect Baseboard Management Controllers"