Advisory panel looks for 'moonshot' in Commerce data
April 24, 2015
The inaugural meeting of the Commerce Data Advisory Council discussed how the Commerce Department can take their troves of data to the next level for the American public.
David Stegon was a staff reporter for FedScoop and StateScoop from 2011-2014.
The National Institute of Standards and Technology is seeking comments on new draft guidelines for securing basic input/output systems on servers, otherwise known as BIOS systems.
The draft publication, "BIOS Protections Guidelines for Servers" (NIST Special Publication 800-147B), addresses BIOS security in the varied architectures used by servers.
"While laptop and desktop computers have largely converged on a single architecture for system BIOS, server class systems have a more diverse set of architectures, and more mechanisms for updating or modifying the system BIOS," said NIST’s Andrew Regenscheid.
Server manufacturers routinely update BIOS to fix bugs, patch vulnerabilities or support new hardware. However, while authorized updates to BIOS can improve functionality or security, unauthorized or malicious changes could be part of a sophisticated, targeted attack on an organization, allowing an attacker to infiltrate an organization's systems or disrupt their operations.
Comments on the draft must be emailed to firstname.lastname@example.org by September 14.