DMTF Releases Latest Version of Security Standard

DMTF announces the public release of its Security Protocol and Data Model (SPDM) Specification 1.1.0, is now available for download. This specification – developed by DMTF’s Platform Management Components Intercommunication (PMCI) Security Task Force – incorporates the input of the organization’s Alliance Partners thus helping align component authentication, confidentiality, and integrity objects across the industry.

The Security Protocol and Data Model (SPDM) Specification 1.1.0 defines messages, data objects, and sequences for performing message exchanges between devices over a variety of transport and physical media. The description of message exchanges includes authentication of hardware identities and measurement for firmware identities. Version 1.1 adds mutual authentication and session key exchange protocols to enable confidentiality, authentication and integrity for data communication. 

Other specifications developed by different standards organizations, such as those being defined by DMTF alliance partners, will specify the mapping of these messages to different transports and physical media. The SPDM enables efficient access to low-level security capabilities and operations. Other mechanisms, including both non-DMTF and DMTF-defined mechanisms, can use the SPDM specification. 

For more information about the PMCI Working Group and the platform management standards it defines, please visit https://www.dmtf.org/standards/pmci.