NIST SP800-147, BIOS Protection Guidelines

　こんにちは、丸山満彦です。NISTがBIOS保護のガイドラインを出していますね。。。
＝＝＝＝＝
This document provides guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization —either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). This guide provides platform vendors with recommendations and guidelines for a secure BIOS update process. Additionally, it provides recommended best practices that are tightly coupled with the security guidelines for platform vendors.
＝＝＝＝＝
　ということですね。。。

　
■NIST
・2011.04.28 NIST Special Publication 800-147

＝＝＝＝＝
Table of Contents

Executive Summary
1. Introduction
　1.1 Authority
　1.2 Purpose and Scope
　1.3 Audience
　1.4 Document Structure
2. Background
　2.1 System BIOS
　2.2 Role of System BIOS in the Boot Process
　　2.2.1 Conventional BIOS Boot Process
　　2.2.2 UEFI Boot Process
　2.3 Updating the System BIOS
　2.4 Importance of BIOS Integrity
　2.5 Threats to the System BIOS
3. Threat Mitigation
　3.1 Security Guidelines for System BIOS Implementations
　　3.1.1 BIOS Update Authentication
　　3.1.2 Secure Local Update
　　3.1.3 Integrity Protection
　　3.1.4 Non-Bypassability
　3.2 Recommended Practices for BIOS Management

List of Appendices

　Appendix A— Summary of Guidelines for System BIOS Implementations
　Appendix B— Glossary
　Appendix C— Acronyms and Abbreviations
　Appendix D— References
＝＝＝＝＝