Wiz Research disclosed a command injection in GitHub’s internal git pipeline that let any authenticated user reach RCE with a single git push. The root cause is the same one that has burned multi-service architectures for thirty years: trust boundaries that don’t actually exist.
RMF Control SR-9: Tamper Resistance and Detection requires organizations to implement anti-tamper technologies and techniques to protect systems and system components from unauthorized modification or disruption. This is important for protecting information systems from unauthorized access and ensuring that systems are performing as expected. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework …
RMF Control SR-5: Acquisition Strategies, Tools, and Methods requires organizations to implement strategies, tools, and methods to protect their supply chains and ensure that they are acquiring secure information systems and components. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. …
RMF Control SR-11: Component Authenticity requires organizations to develop and implement anti-counterfeit policy and procedures that include the means to detect and prevent counterfeit components from entering the system; and report counterfeit system components to [Assignment: organization-defined source of counterfeit component]. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a …
