TRENDING:

NIST Readies Guide on Server Protection

Mitigating Threats to the Integrity of Fundamental System Firmware Information Security Media GroupJuly 31, 2012    
NIST Readies Guide on Server Protection

The National Institute of Standards and Technology is seeking public comment on the a draft of its Special Publication 800-147B, BIOS Protection Guidelines for Servers.

See Also: A CISO’s Guide to Defender Alignment

NIST says the guide is intended to mitigate threats to the integrity of fundamental system firmware, commonly known as the Basic Input/Output System, in server-class systems.

The guide identifies security requirements and guidelines for a secure BIOS update process, using digital signatures to authenticate updates. The intended audience for this document includes BIOS and platform vendors of server-class systems and information system security professionals who are responsible for procuring, deploying and managing servers.

SP 800-147B is the second in a series of publications on BIOS protections. NIST released the first document, SP 800-147, BIOS Protection Guidelines, in April 2011 and provides guidelines for desktop and laptop systems deployed in enterprise environments.

NIST plans to develop a new publication providing an overview of BIOS protections for IT security professionals to be released as SP-800-147 Revision 1, and will reissue the current SP 800-147 as SP 800-147A at that time.

Comments on draft NIST SP 800-147B should be submitted by Sept. 14 to 800-147comments@nist.gov.

Previous
High Roller Attacks: How Banks Respond
Next
Yahoo! Sued After Breach

About the Author

Information Security Media Group

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.



Around the Network

Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.