The National Institute of Standards and Technology has released a proposed set of guidelines designed to improve the security of BIOS firmware, one of the fundamental elements of computing. According to NIST, the unauthorized modification of the BIOS firmware — or Basic Input/Output System, the firmware that controls the most basic functions of a computer — is particularly troublesome "because of the BIOS's unique and privileged position within the PC architecture." The new security document covers servers, providing platform vendors with a set of guidelines to try to ensure a secure BIOS update process. The institute describes the BIOS as an "obscure and fundamental" element that has become a target for hackers. "Malicious BIOS modification could be part of a sophisticated, targeted attack on an organization," says NIST, "either a permanent denial of service or a persistent malware presence." NIST is seeking comments on its proposed guidelines by September 14th.
US government sets new guidelines on how to secure low-level PC functions
A new set of standards from the National Institute of Standards and Technology should help create a more secure BIOS update process for server vendors.