Visit AMI at Booth 5-243 in Hall 5 of the Nuremberg Messe throughout the event for an exciting and informative lineup of demonstrations and the latest innovations in AMI firmware solutions for embedded, edge and IoT systems.

The post Embedded World 2026 appeared first on AMI.

Why It Matters

As cybersecurity regulations evolve, organizations are under increasing pressure to demonstrate software supply chain transparency. AMI Meridian Security Services empower customers to proactively manage firmware vulnerabilities, streamline patching workflows, and meet compliance mandates from bodies such as CISA and NTIA as well as recent U.S. Executive Orders and the Cyber Resilience Act (CRA).

“Security is a continuous journey. Our partners need to be enabled to confidently answer ‘What’s in my firmware?’ and ‘Does this vulnerability affect my systems?’. And we believe we’re leading the industry by working with them to develop these solutions for improving the security posture of the entire industry and our end customers.” – Brian Mullen, PSIRT and SSDLC Director of Engineering, AMI

Key Security Service Features:

• SBOM Service: Generate detailed SBOMs in SPDX 2.3 and CycloneDX 1.5 formats with internal vulnerability database integration for on-demand security analysis and update tracking. Reports include open-source, third-party, and AMI components, with NDA-specific options for partner ingredients.
• Vulnerability Management Service: Track CVEs, Security Advisories, and patch status across firmware projects. Exportable dashboards and reports enable real-time vulnerability analysis and mitigation planning through SaaS-powered Web and API tools.
• AMI Meridian Integration: Both services are accessible via AMI’s secure Meridian platform, offering intuitive UI, search and upload capabilities, role-based access control, and user management.

“Firmware is foundational to every computing platform. With the launch of our SBOM and VMS services, AMI empowers customers to take charge of their firmware security posture and meet the demands of modern compliance frameworks.” – Sudan Ayanam, VP of Technology and Architecture, AMI

Availability

From today, our SBOM and VMS are generally available across all regions for Aptio V, MegaRAC SP-X, and MegaRAC OneTree projects. Customers can begin onboarding immediately. Learn more about our platform security solutions on the Server Platform Security section of our website and contact us to schedule a demo or request access.

The post AMI Launches Comprehensive Firmware Security Service through AMI Meridian Platform appeared first on AMI.

FIRST is based on a peer-to-peer network governance model, where Computer Security Incident Response Teams (CSIRTs), Product Security Incident Response Teams (PSIRTs) and independent security researchers work together across borders to limit the damage of security incidents. This requires a high degree of trust – fostered by FIRST through its distributed governance as well as the various activities it promotes. This model also fosters inclusiveness and ownership, by inviting membership from all geographic and cultural regions.

And today, we are pleased to share that after the completion of a rigorous application process, we have joined the global FIRST team. Notably, AMI is the first independent BIOS vendor (IBV) to gain admission to the Forum.

“As the Chair of the FIRST Board of Directors, it is my great pleasure to welcome AMI as a new full member to FIRST. With its deep experience at the forefront of firmware security and incident response, we are confident that AMI will make an immediate and meaningful impact as a FIRST member,” said Tracy A. Bills, Chairperson of the FIRST Board of Directors.

Recognizing the importance of its admission, Samuel Cure, Chief Information Officer at AMI commented that “As the first IBV to receive this honor, we are extremely proud to become a member of FIRST. We strongly believe that our many decades of leadership and expertise in firmware and platform security will bring a unique and effective perspective to this important work.”

About FIRST

FIRST is the Forum of Incident Response and Security Teams, whose members have resolved an almost continuous stream of security-related attacks and incidents including handling thousands of security vulnerabilities affecting nearly all of the millions of computer systems and networks throughout the world connected by the ever-growing Internet. FIRST brings together a wide variety of security and incident response teams including product security teams from the government, commercial, and academic sectors. Learn more at https://www.first.org/about/.

The post AMI Is First Independent BIOS Vendor to Join the Forum of Incident Response and Security Teams (FIRST) appeared first on AMI.

The post Hardwear.io Security Training and Conference USA 2025 appeared first on AMI.

In a way, talking about information and data security is like talking about brushing one’s teeth: we all know it is important, and exhibiting consistency and strong daily habits is essential to avoid catastrophic issues (and pain!) in the future.

At AMI, as developers of critical system firmware for all types of compute platforms worldwide – from servers to notebooks to industrial computers and beyond – we have a deep understanding of the importance of assuring our customers, platform end-users and the industry at large that we are adhering to the highest standard of security practices and benchmarks.

That’s why AMI participates in security performance monitoring by SecurityScorecode, a real-time security score monitoring organization based in the US. AMI is proud to consistently receive an “A” rating, earning a score of 95/100 or higher, as updated in real-time on the AMI Trust Center section of our website.

What is SecurityScorecard?

SecurityScorecard bills itself as “the largest proprietary risk and threat intelligence dataset on the planet.” Its mission is to “make the world a safer place by transforming the way the world measures and manages cybersecurity risk across the entire digital ecosystem.”

It does so by providing real-time security score data for monitored organizations and allows participants to display that score as a measure of their security posture, as well as examine any areas of deficiency. A detailed breakdown of the methodology used by SecurityScorecard to calculate an organization’s score can be found at Trust – SecurityScorecard.

The Benefits of SecurityScorecard

As part of holistic security practices, businesses and organizations should regularly evaluate the SecurityScorecard of their hardware, software, and firmware vendors to streamline their vendor risk management program. A SecurityScorecard offers real-time, comprehensive cybersecurity ratings that:

Continuously Monitor Third-Party Risk

SecurityScorecard allows organizations to assess the cybersecurity posture of vendors, partners, and supply chains, helping to prevent breaches that originate from external relationships. With continuous monitoring, organizations stay on top of security incidents or security score changes early – sometimes before attackers exploit the gaps – reducing friction in third-party risk processes.

Get an Independent, Objective View

The SecurityScorecard platform provides an outside-in view of your own organization’s security health, identifying vulnerabilities you may not catch internally.

Prioritize and Remediate Threats Faster

The comprehensive scoring system highlights critical weaknesses across areas like application security, network security, DNS health, and patching cadence, helping teams prioritize remediation efforts.

Support Compliance and Regulatory Requirements

Security ratings can support frameworks like NIST, ISO, GDPR, and CMMC by offering documented, measurable evidence of cyber risk management.

AMI’s Commitment

“We are extremely proud of our continued A-level rating with SecurityScorecard. Our AMI security team works tirelessly to maintain a strong security posture, and this rating reflects our deep dedication and effort. So foremost I would like to thank the team for its hard work in achieving this rating. I also want to assure our customers, partners, and end users that we will continue to apply the same level of discipline and effort to uphold these results with SecurityScorecard going forward,” said Samuel Cure, AMI Chief Information Officer.

We encourage OEMs, ODMs and our partners and customers to strongly consider a firmware vendor’s security rating when selecting a partner for a system development project of any kind. Doing so will ensure that sensitive customer data and IP is safe and secure, and that products are designed and released in line with the best data safeguarding practices.

The post AMI Receives “A” Grade for Holistic Security Practices by SecurityScorecard appeared first on AMI.

Enterprises Must Start Designing for the CRA Now

What does this mean for companies that produce and ship critical products with digital elements (PDEs)? Starting in late 2027, the EU will begin enforcing CRA requirements on products that started shipping 20 days after publication, in 2024. Developers and manufacturers should plan accordingly to ensure compliance and avoid any potential fines or disruptions in shipping, come late 2027.

Changes in Technology and Practice are Required 

Included in CRA requirements are key elements that should be addressed as initial units are shipped before the 2027 enforcement date. Through the CRA’s definition of “software”, any “part of an electronic system that consists of computer code” will need to have an associated software bill of materials (SBOM) and be resilient from cyber-attacks. This includes all firmware, as it is the foundational computer code for all electronic systems.

Firmware Must be Resilient

To ensure compliance in late 2027, developers of PDEs must design capabilities to detect corrupted firmware at power-on, prevent firmware corruption during runtime, and recover corrupted firmware to a trusted firmware image. Additionally, all versions of firmware running on PDEs must have an associated SBOM where vulnerabilities can be traced and managed.

How AMI Can Help?

Aligning with these requirements, AMI offers products and services that help our customers comply with the EU CRA, along with other international standards and regulations. This includes firmware with all associated SBOMs, vulnerability management through our Product Security Incident Response Team (PSIRT) and AMI’s Tektagon Platform Root of Trust (PRoT) solution for platform firmware resilience.

Customers should contact their associated AMI sales representative to learn more about how AMI can help them comply with the CRA and other cyber security regulations.

The post The European Union Cyber Resilience Act Has Arrived appeared first on AMI.

IEEE QRS

The IEEE QRS Conference pulls scientists and engineers in industry and academia together into a single forum to present work related to the best and most efficient techniques for the development of reliable, secure, and trustworthy systems.  Program selection involves a detailed review by 3 committee members across a pool of 209 other papers.  AMI and Colorado State’s methodology for preventing device tampering during transit was one of 50 papers selected to be presented at the conference.

Protection in Transit (PIT)

In order to tamper with or modify device platform firmware in transit, a hacker would need to either write to the firmware’s storage location or physically replace the firmware code. This paper addresses writing to the firmware storage location, which necessitates the device being booted up to a minimal state where firmware memory I/O is enabled.  Therefore, securing platform firmware requires that the first boot of the BIOS/UEFI or BMC following shipping is exclusive to the authorized downstream user.

To achieve this, AMI and Colorado State propose a mechanism where the device manufacturer implements a BIOS or BMC lock post-production that can only be unlocked by a Hardware Root of Trust (HRoT) device during the BIOS/UEFI or BMC boot process.  Unlocking of the BIOS or BMC firmware would only occur after a successful authentication by the HRoT.

Extension of Project Cerberus

This methodology is an extension of the Project Cerberus, open-source initiative that establishes a hardware root of trust for servers.  Adopting the protection in transit (PIT) methodology greatly enhances Cerberus security; where today it focuses on attestation of platform firmware at boot and during runtime, Cerberus does not currently address user authentication.

Efforts by AMI and Colorado State University

In order to ensure the highest level of security for the PIT-Cerberus framework, AMI and Colorado State have leveraged strong data encryption techniques and have implemented the solution within a trusted HRoT microcontroller. These efforts put forth by AMI and Colorado State can be sampled through the PIT-Cerberus framework’s libraries, available on Project Cerberus today.

The presentation of “The PIT-Cerberus Framework:  Preventing Device Tampering During Transit” paper can be seen July 1^st through the 5^th at the IEEE QRS, Churchill College, University of Cambridge, UK.

This paper will be available to read in the IEEE Xplore digital library upon approval.

The post AMI and Colorado State University Joint Security Paper to be presented at the 24th IEEE International Conference on Software Quality, Reliability, and Security appeared first on AMI.

The post Embedded World appeared first on AMI.

ISO 27001: A Testament to Our Dedication

ISO 27001 is an internationally recognized standard that sets out the criteria for establishing, implementing, maintaining, and continually improving an ISMS within an organization. By achieving this certification, AMI demonstrates its dedication to ensuring the confidentiality, integrity, and availability of information assets.

What Does ISO 27001 Certification Mean for AMI Customers?

• Enhanced Security Measures: ISO 27001 certification validates that AMI has implemented robust security controls and measures to protect information assets from potential threats and vulnerabilities.
• Client and Partner Confidence: Our customers and partners can now have increased confidence and commitment to information security, knowing that we adhere to globally recognized best practices.
• Risk Management: The certification process involves a comprehensive risk assessment, allowing us to identify and mitigate potential risks effectively, ensuring the continued resilience of our information security management systems.
• Legal and Regulatory Compliance: ISO 27001 certification ensures that AMI complies with relevant legal and regulatory requirements related to information security, providing a solid foundation for our operations.

A Collaborative Effort

Achieving ISO 27001 certification was no small feat, and we owe our success to the collective efforts of every team member at AMI. It reflects our shared commitment to maintaining the highest standards of information security across all aspects of our operations.

AMI remains dedicated to continuous improvement. We will continually review and enhance our information security practices to adapt to emerging threats and technological advancements, ensuring that our systems remain at the forefront of security excellence.

The post AMI Attains ISO 27001 Certification, Excellence in Information Security appeared first on AMI.

A Powerhouse Trio

Our showcase revolves around the collaborative DC-SCM design from ASPEED and AMI, AMI’s Meridian Services, and Jabil’s DC-MHS platform. The ASPEED/AMI DC-SCM 2.0 card includes the ASPEED AST2600 BMC powered by the industry-leading AMI MegaRAC platform management solution. It also features the ASPEED AST1060 PRoT (Platform Root of Trust) SoC to enhance firmware security on enterprise platforms. Harnessing Jabil’s Mustang platform, we’ll demonstrate a transition from a Jabil DC-SCM to the ASPEED/AMI DC-SCM, a seamless connection to AMI’s Meridian Services, an effortless update of AMI’s MegaRAC BMC firmware and Tektagon PRoT firmware, ensuring a secure, future-proof data center environment. This demonstration exemplifies our commitment to innovation, flexibility, and precision in meeting the dynamic needs of the data center landscape.

“We are excited to join forces with AMI and Jabil in unveiling the ASPEED/AMI DC-SCM 2.0 card, featuring both the AST2600 BMC and AST1060 PRoT SoC from ASPEED,” stated Chris Lin, Chairman of ASPEED. “The AST2600 BMC signifies a groundbreaking advancement in hardware management and remote server control, delivering enhanced efficiency and dependability to data center operations. In tandem with AST2600, the AST1060 PRoT SoC offers comprehensive firmware security for enterprise platforms, ensuring the integrity of critical data, shielding against tampering and compromising, detecting any data manipulation, and enabling the restoration of vital information to its original state. Our partnership with AMI and Jabil exemplifies the seamless integration of our AST2600 BMC and AST1060 PRoT SoC with their solutions, collectively forging a fortified, forward-thinking data center ecosystem.”

“Choosing the ASPEED-designed DC-SCM module for this demonstration perfectly highlights how the DC-MHS specifications enable multi-vendor modular server solutions,” stated Ed Bailey, Technology VP of Jabil. “The Jabil and ASPEED teams were able to come together after independently developing their own DC-MHS compliant components and integrate them into a single system. The AMI team was brought into the collaboration to automate the “plug and recode” aspect of this demonstration. Their firmware orchestration and automation services not only made the DC-MHS swap seamless but added additional security via the AMI Tektagon Platform Root of Trust solution running on the AST1060 PRoT SOC.”

Connecting It All Together

Behind the scenes, AMI Meridian Services, an integral part of AMI’s Dynamic Firmware concept, brings a new level of sophistication to firmware orchestration and automation. AMI Meridian Services extends to critical components such as firmware configuration, software bill of materials (SBOM) generation, build automation, and comprehensive testing, in order to provide an end-to-end solution for Dynamic Firmware management. Expect to see the AMI Meridian – Build Orchestrator Services in action to build and deploy AMI Tektagon and MegaRAC firmware solutions to the DC-SCM.

Flexibility and Customization for Secure Data Center Solutions

This solution will deliver the highest level of flexibility and platform security to cloud service providers, data center operators, and server ODMs.

“ODMs can now align to the specific needs of the data center through flexibility in platform management in a truly secure foundational environment. This partnership between AMI, ASPEED, and Jabil demonstrates how all three companies will be working together to ensure platform security on these next-gen Intel platforms,” says Stefano Righi, Senior Vice President of Global Security, AMI.

Join Us at OCP Global Summit 2023

Join us at booth A33 to experience these remarkable demos firsthand and discuss them with our technologists. We can’t wait to see you there!

The post AMI, ASPEED, and Jabil to Showcase the Next Generation DC-SCM Solution with Dynamic Firmware appeared first on AMI.