Date Published: October 2014
Author(s)
Andrew Regenscheid (NIST), Larry Feldman (G2), Gregory Witte (G2)
Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to enable system components to communicate and work together. The BIOS is typically developed by both original equipment manufacturers (OEMs) and independent BIOS vendors. Manufacturers frequently update system firmware to fix bugs, patch vulnerabilities, and support new hardware, but an unauthorized update constitutes a significant threat because of the BIOS's unique and privileged position within the computing architecture.
Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to enable system components to communicate and work together. The BIOS is typically developed by both original equipment manufacturers (OEMs) and independent BIOS vendors. Manufacturers...
See full abstract
Modern computers rely on fundamental system firmware, commonly known as the Basic Input/Output System (BIOS), to enable system components to communicate and work together. The BIOS is typically developed by both original equipment manufacturers (OEMs) and independent BIOS vendors. Manufacturers frequently update system firmware to fix bugs, patch vulnerabilities, and support new hardware, but an unauthorized update constitutes a significant threat because of the BIOS's unique and privileged position within the computing architecture.
Hide full abstract
Keywords
Basic Input/Output System (BIOS); information security; patch management; server security; firmware; root of trust; root of trust for update
Control Families
Access Control; System and Services Acquisition; System and Information Integrity