This site contains information from January 2009-December 2014. Click HERE to go the CURRENT website.

Protecting Personal Computers at Start-Up: NIST Offers Guidelines

Printer-friendly version

A new draft computer security publication from Commerce's National Institute of Standards and Technology (NIST) provides guidance for vendors and security professionals as they work to protect personal computers as they start up.

The first software that runs when a computer is turned on is the "Basic Input/Output System" (BIOS). This fundamental system software initializes the hardware before the operating system starts. Since it works at such a low level, before other security protections are in place, unauthorized changes—malicious or accidental—to the BIOS can cause a significant security threat.

"Unauthorized changes in the BIOS could allow or be part of a sophisticated, targeted attack on an organization, allowing an attacker to infiltrate an organization's systems or disrupt their operations," said Andrew Regenscheid, one of the authors of BIOS Integrity Measurement Guidelines. In September, 2011, a security company discovered the first malware designed to infect the BIOS, called Mebromi. "We believe this is an emerging threat area," said Regenscheid. "These developments underscore the importance of detecting changes to the BIOS code and configurations, and why monitoring BIOS integrity is an important element of security." NIST release

Comments Closed

Due to increased spam, comments have been closed on this content. If you wish to comment about the content, we encourage you to email