+1 (786) 621-8580
USE CASES
Compliance

Every Major Cybersecurity Framework in the World Requires You to Continuously Monitor Firmware 

Many companies contact Trapezoid because they have failed to meet NIST SP 800-53 SI-7 controls.  These controls require the continuous monitoring of firmware for indicators of compromise. This is not unique to NIST & FISMA.

Lack of visibility into this layer of security means you cannot detect any changes below the operating system. As such, you cannot analyze those changes to determine if they should be alerted or acted upon.

Frameworks Requiring Continuous Firmware Monitoring

=

All Federal Civilian and Defense Agencies Must All be NIST Compliant

=

NIST Cybersecurity Framework (PR.DS-6) SP 800-53 (SI-7)

=

FARs and DFARS - Federal Government Contractor Requirements

=

DFARS clause 252.204-7012 - Safeguarding Covered Defense Information and Cyber Incident Reporting

=

CMMC - Defense Contractor Certification

=

GDPR - failure to patch firmware could lead to breach and material fines

=

HHS CMS ARS 3.1 (SI-7)

=

HITRUST CSF - Control Reference: 10.c - Control of Internal Processing

=

HIPAA - 45 CFR Part 164.306(a)(2) - Protect against “reasonably anticipated" threats includes firmware per HHS comments

=

BANKING - PCI-DSS - definition of malware includes firmware

=

FINANCIAL SERVICES - Sector Cybersecurity Profile (PR.DS-6)

Achieve your Cybersecurity Compliance Requirements for Firmware with Trapezoid FIVE

Deploy Trapezoid FIVE and gain immediate insights into the firmware threat vector.  Get actionable data mapped to every NIST firmware-related control by device in real-time.  Produce reports on-the-fly for your auditors proving you meeting your firmware device monitoring compliance requirements.

Show_Firmware_compliance__report

Meet your firmware requirements today.