Recently CISA and NSA released a joint Information Sheet that details how to mitigate threats against Baseboard Management Controllers (BMCs). A BMC is a management tool that allows monitoring of the devices remotely including when the system is not on.

CISA and NSA suggest the following if using a BMC:

  1. Protect BMC credentials
  2. Enforce VLAN separation
  3. Harden configurations
  4. Perform routine BMC update checks
  5. Monitor BMC integrity
  6. Move sensitive workloads to hardened devices
  7. Use firmware scanning tools periodically
  8. Do not ignore BMCs

You can find the details for each suggested mitigation HERE.