clock menu more-arrow no yes mobile

Filed under:

US government sets new guidelines on how to secure low-level PC functions

New, 7 comments

A new set of standards from the National Institute of Standards and Technology should help create a more secure BIOS update process for server vendors.

cluster of locks security privacy stock 1024
cluster of locks security privacy stock 1024

The National Institute of Standards and Technology has released a proposed set of guidelines designed to improve the security of BIOS firmware, one of the fundamental elements of computing. According to NIST, the unauthorized modification of the BIOS firmware — or Basic Input/Output System, the firmware that controls the most basic functions of a computer — is particularly troublesome "because of the BIOS's unique and privileged position within the PC architecture." The new security document covers servers, providing platform vendors with a set of guidelines to try to ensure a secure BIOS update process. The institute describes the BIOS as an "obscure and fundamental" element that has become a target for hackers. "Malicious BIOS modification could be part of a sophisticated, targeted attack on an organization," says NIST, "either a permanent denial of service or a persistent malware presence." NIST is seeking comments on its proposed guidelines by September 14th.