NIST Readies Guide on Server Protection

Mitigating Threats to the Integrity of Fundamental System Firmware Information Security Media GroupJuly 31, 2012    
NIST Readies Guide on Server Protection

The National Institute of Standards and Technology is seeking public comment on the a draft of its Special Publication 800-147B, BIOS Protection Guidelines for Servers.

See Also: Keeping Your Side of the Street Clean: 5 Cyber-Hygiene Facts You Wish You Knew Earlier

NIST says the guide is intended to mitigate threats to the integrity of fundamental system firmware, commonly known as the Basic Input/Output System, in server-class systems.

The guide identifies security requirements and guidelines for a secure BIOS update process, using digital signatures to authenticate updates. The intended audience for this document includes BIOS and platform vendors of server-class systems and information system security professionals who are responsible for procuring, deploying and managing servers.

SP 800-147B is the second in a series of publications on BIOS protections. NIST released the first document, SP 800-147, BIOS Protection Guidelines, in April 2011 and provides guidelines for desktop and laptop systems deployed in enterprise environments.

NIST plans to develop a new publication providing an overview of BIOS protections for IT security professionals to be released as SP-800-147 Revision 1, and will reissue the current SP 800-147 as SP 800-147A at that time.

Comments on draft NIST SP 800-147B should be submitted by Sept. 14 to 800-147comments@nist.gov.

Previous
High Roller Attacks: How Banks Respond
Next
Second Stage 2 HITECH Rule Advances

About the Author

Information Security Media Group

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 34 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.



Around the Network

Critical Considerations for Generative AI Use in Healthcare
Critical Considerations for Generative AI Use in Healthcare
The State of Security Leadership
The State of Security Leadership
Threat Modeling Essentials for Generative AI in Healthcare
Threat Modeling Essentials for Generative AI in Healthcare
Addressing Security Gaps and Risks Post-M&A in Healthcare
Addressing Security Gaps and Risks Post-M&A in Healthcare
Generative AI: Embrace It, But Put Up Guardrails
Generative AI: Embrace It, But Put Up Guardrails
Why Entities Should Review Their Online Tracker Use ASAP
Why Entities Should Review Their Online Tracker Use ASAP
Zero Trust, Auditability and Identity Governance
Zero Trust, Auditability and Identity Governance
Why Connected Devices Are Such a Risk to Outpatient Care
Why Connected Devices Are Such a Risk to Outpatient Care
Why OT Security Keeps Some Healthcare Leaders Up at Night
Why OT Security Keeps Some Healthcare Leaders Up at Night
Inside Look: FDA's Cyber Review Process for Medical Devices
Inside Look: FDA's Cyber Review Process for Medical Devices

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.