U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST SP 800-155 (Initial Public Draft)

BIOS Integrity Measurement Guidelines

Date Published: December 2011
Comments Due: January 20, 2012 (public comment period is CLOSED)
Email Questions to: 800-155comments@nist.gov

Author(s)

Andrew Regenscheid (NIST), Karen Scarfone (Scarfone Cybersecurity)

Announcement

NIST announces the public comment release of NIST Special Publication 800-155, BIOS Integrity Measurement Guidelines. This document outlines the security components and security guidelines needed to establish a secure Basic Input/Output System (BIOS) integrity measurement and reporting chain. BIOS is a critical security component in systems due to its unique and privileged position within the personal computer (PC) architecture. A malicious or outdated BIOS could allow or be part of a sophisticated, targeted attack on an organization -either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). The guidelines in this document are intended to facilitate the development of products that can detect problems with the BIOS so that organizations can take appropriate remedial action to prevent or limit harm. The security controls and procedures specified in this document are oriented to desktops and laptops deployed in an enterprise environment.

Abstract

Keywords

integrity measurement; roots of trust  ; ; hardware; Basic Input/Output System (BIOS)
Control Families

Configuration Management; System and Information Integrity

Documentation

Publication:
Draft SP 800-155 (pdf)

Supplemental Material:
None available

Document History:
12/08/11: SP 800-155 (Draft)

Topics

Security and Privacy

maintenance, roots of trust, security measurement

Technologies

BIOS, personal computers

Applications

enterprise