NIST SP800-147, BIOS Protection Guidelines
こんにちは、丸山満彦です。NISTがBIOS保護のガイドラインを出していますね。。。
=====
This document provides guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization —either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). This guide provides platform vendors with recommendations and guidelines for a secure BIOS update process. Additionally, it provides recommended best practices that are tightly coupled with the security guidelines for platform vendors.
=====
ということですね。。。
■NIST
・2011.04.28 NIST Special Publication 800-147
=====
Table of Contents
Executive Summary
1. Introduction
1.1 Authority
1.2 Purpose and Scope
1.3 Audience
1.4 Document Structure
2. Background
2.1 System BIOS
2.2 Role of System BIOS in the Boot Process
2.2.1 Conventional BIOS Boot Process
2.2.2 UEFI Boot Process
2.3 Updating the System BIOS
2.4 Importance of BIOS Integrity
2.5 Threats to the System BIOS
3. Threat Mitigation
3.1 Security Guidelines for System BIOS Implementations
3.1.1 BIOS Update Authentication
3.1.2 Secure Local Update
3.1.3 Integrity Protection
3.1.4 Non-Bypassability
3.2 Recommended Practices for BIOS Management
List of Appendices
Appendix A— Summary of Guidelines for System BIOS Implementations
Appendix B— Glossary
Appendix C— Acronyms and Abbreviations
Appendix D— References
=====
« Summary of the Amazon EC2 and Amazon RDS Service Disruption in the US East Region | Main | NIST Full Virtualization Technologies: Guidelines For Secure Implementation And Management »
Comments