NIST seeks draft on server security guidelines

David Stegon
Bio
David Stegon Former staff reporter - FedScoop & StateScoop

David Stegon was a staff reporter for FedScoop and StateScoop from 2011-2014.


...

The National Institute of Standards and Technology is seeking comments on new draft guidelines for securing basic input/output systems on servers, otherwise known as BIOS systems.

The draft publication, "BIOS Protections Guidelines for Servers" (NIST Special Publication 800-147B), addresses BIOS security in the varied architectures used by servers.

"While laptop and desktop computers have largely converged on a single architecture for system BIOS, server class systems have a more diverse set of architectures, and more mechanisms for updating or modifying the system BIOS," said NIST’s Andrew Regenscheid.

Server manufacturers routinely update BIOS to fix bugs, patch vulnerabilities or support new hardware. However, while authorized updates to BIOS can improve functionality or security, unauthorized or malicious changes could be part of a sophisticated, targeted attack on an organization, allowing an attacker to infiltrate an organization's systems or disrupt their operations.

Comments on the draft must be emailed to 800-147comments@nist.gov by September 14.

BIOS Protection Guidelines for Servers (Draft)

-In this Story-

Agencies & Departments, Commerce Department, National Institute of Standards and Technology , NIST

Join the Conversation