TCG releases first security verification guide for enterprise systems with NIST

Date Published: May, 19, 2021

Beaverton, OR, USA, May 19, 2021 – IT administrators and manufacturers can now secure enterprise computing, with the latest specification from the Trusted Computing Group (TCG). This new guide verifies the trustworthiness of each end point, by allowing the integrity of devices and networks within enterprise systems to be measured for the first time. This follows a 430% increase in supply chain attacks in 2020, according to Sonatype.

The PC Client Firmware Integrity Measurement (FIM) specification provides an official definitive guide, derived from the National Institute of Standards and Technology’s draft publication SP 800-155, December 2011, to verifying the security status of equipment bought by enterprises. It provides the guidelines for products that can determine the integrity of a device at the manufacturing stage and offers a baseline measurement that allows for security result comparisons throughout its lifecycle.

“Before this specification was released, it was difficult for OEMs to understand how TCG’s various specifications could be used to provide a solution enabling determination of the security status of multiple endpoints within a network,” said Amy Nelson, Distinguished Member Technical Staff, Dell Technologies, and Chair of PC Client Work Group at TCG.

The FIM works best alongside the PC Client Reference Integrity Manifest Specification (RIM), which reflects a baseline measurement for comparison to inform trust decisions.

“TCG continues to coordinate with the industry and government to improve the overall security of the infrastructure. This is one such example where TCG worked closely with NIST to provide a specific set of requirements to meet the NIST SP800-155 draft published in 2011.” – Shiva Dasari, Chief Technologist, HPE Infrastructure Security.

“This specification is key to helping improve firmware security management and assessment industry-wide. It is a milestone in our efforts in the TCG to deliver hardware-enforced security end-to-end, from supply chain to end-user,” says Shankar Balakrishnan, Senior Director, Security Product Management for Commercial Personal Systems at HP Inc.

The full FIM specification can be found on the TCG website.


About TCG

TCG is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry specifications and standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms.  More information is available at the TCG website, Follow TCG on Twitter and on LinkedIn. The organization offers a number of resources for developers and designers at

Twitter: @TrustedComputin




Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.

Join Now

Trusted Computing

Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.

Read more


Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.

Read More