NIST Readies Guide on Server Protection

Mitigating Threats to the Integrity of Fundamental System Firmware
NIST Readies Guide on Server Protection

The National Institute of Standards and Technology is seeking public comment on the a draft of its Special Publication 800-147B, BIOS Protection Guidelines for Servers.

See Also: Breaking Down Silos With a Holistic View of Security, Risk

NIST says the guide is intended to mitigate threats to the integrity of fundamental system firmware, commonly known as the Basic Input/Output System, in server-class systems.

The guide identifies security requirements and guidelines for a secure BIOS update process, using digital signatures to authenticate updates. The intended audience for this document includes BIOS and platform vendors of server-class systems and information system security professionals who are responsible for procuring, deploying and managing servers.

SP 800-147B is the second in a series of publications on BIOS protections. NIST released the first document, SP 800-147, BIOS Protection Guidelines, in April 2011 and provides guidelines for desktop and laptop systems deployed in enterprise environments.

NIST plans to develop a new publication providing an overview of BIOS protections for IT security professionals to be released as SP-800-147 Revision 1, and will reissue the current SP 800-147 as SP 800-147A at that time.

Comments on draft NIST SP 800-147B should be submitted by Sept. 14 to

About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.