implemented on a manual basis, only after testing and review.
               Oversight of firmware version control should focus on maintaining a

               stable operating platform while minimizing exposure to downtime or
               compromise.


               Wrappers

               A wrapper is something used to enclose or contain something else.
               Wrappers are well known in the security community in relation to
               Trojan horse malware. A wrapper of this sort is used to combine a
               benign host with a malicious payload.

               Wrappers are also used as encapsulation solutions. Some static

               environments may be configured to reject updates, changes, or
               software installations unless they’re introduced through a controlled
               channel. That controlled channel can be a specific wrapper. The
               wrapper may include integrity and authentication features to ensure
               that only intended and authorized updates are applied to the system.


               Monitoring

               Even embedded and static systems should be monitored for
               performance, violations, compliance, and operational status. Some of

               these types of devices can perform on-device monitoring, auditing,
               and logging, while others may require external systems to collect
               activity data. Any and all devices, equipment, and computers within an
               organization should be monitored to ensure high performance,
               minimal downtime, and detecting and stopping violations and abuse.


               Control Redundancy and Diversity

               As with any security solution, relying on a single security mechanism
               is unwise. Defense in depth uses multiple types of access controls in

               literal or theoretical concentric circles or layers. This form of layered
               security helps an organization avoid a monolithic security stance. A
               monolithic mentality is the belief that a single security mechanism is
               all that is required to provide sufficient security. By having security
               control redundancy and diversity, a static environment can avoid the

               pitfalls of a single security feature failing; the environment has several
               opportunities to deflect, deny, detect, and deter any threat.