New Security Guidelines for BIOS

The National Institute for Standards and Technology (NIST) has provided new security guidelines for protecting the system that starts up PCs. NIST is accepting comments on new guidelines to lock down a computer's Basic Input/Output System (BIOS), which can cause a significant security threat if unauthorized changes are made to it.

The document, “BIOS Integrity Measurement Guidelines”, provides integrity measurement mechanisms that have two aims. One is to detect changes to the BIOS code that could allow malicious software to run during a PC's boot process. The other is to detect changes to the configuration of the system. The document provides several use-case scenarios associated with BIOS functions. The uses cases include installing and/or verifying the correct BIOS revision for a given client; managing BIOS settings; setting BIOS passwords etc. The guidelines are aimed at hardware and software vendors developing products to support BIOS integrity measurement mechanisms, as well as organizations developing these types of security technologies. The standards organization NIST published the first in its series of BIOS security guidelines in April. That document, “BIOS Protection Guidelines”, provided ways for computer manufacturers to build security features directly into the BIOS to prevent unauthorized modifications. Those interested have until January 20, 2012 to comment on the most recent BIOS guidelines. For more information it is possible to read original news at Information Week web site.