New NIST Guidelines To Protect Computer At Start Up

National Institute of Standards and Technology has issued a new draft providing guidance for vendors and security professionals to protect personal computers at start up. This allows the users to secure their BIOS and check for any malicious modifications that might pose a threat to the security of the system. This publication is the second in a series of BIOS documents, after BIOS Protection Guidelines (NIST SP 800-147) was released in April 2011.

#-Link-Snipped-#

When a computer is turned on, the first code that is run by the PC is BIOS or Basic Input/Output System. BIOS is a built in software that initializes and identifies system devices and hardware. Since it interacts directly with the hardware, it is a low level software, hence making its authenticity all the more important. Any unauthorized changes in the BIOS could be part of a sophisticated, targeted attack on an organization, giving the attacker a straight access to organization's systems, causing disturbance. This calls for a proper security measure to monitor the integrity of the BIOS.

The BIOS Integrity Measurement Guidelines (NIST Special Publication 800-155) allows a way to determine if the BIOS has been modified and explains how to report any such modifications. The SP 800-155 provides hardware and software vendors guidelines so as to develop products that will support BIOS security mechanisms. The detection mechanisms in SP 800-155 are in accordance with the protection mechanisms which were outlined in SP 800-147 offering greater authority on the security of the BIOS.

NIST has also requested comments on draft #-Link-Snipped-# by January 20, 2012.

Source: #-Link-Snipped-# Image Credit: #-Link-Snipped-#

Replies

You are reading an archived discussion.

Related Posts

God is in the details and you realize it only when you hold a computer in your palm. CuBox is a 2x2x2 inch feature-packed ARM computer. Running an 800MHz Marvell...
What seems like a tiny price to pay for a better browsing experience is a devil in disguise. With the number of cyber criminals at work and the level of...
CES 2012 is around three weeks from now, but LG has already introduced its new line-up of monitors to be unveiled at the show in Las Vegas. While they have...
Love Samsung Galaxy S2 but miss the dual SIM support? Don't worry, be happy! Samsung has announced Samsung Galaxy S2 Duos I929 - the dual SIM phone that supports GSM...
Neutrinos, also called the “special little things”, do not move as fast as light but they can penetrate through almost all surfaces. These charge less particles interact with surfaces in...