The draft guidelines (NIST SP 800-155) are designed for vendors and security professionals to improve BIOS security. NIST said that unauthorized changes to the BIOS can cause a significant security threat because the system works at a low level before other security protections are in place.
In September of this year, Symantec unveiled the discovery of malware, dubbed Tojan.Mebromi, designed to infect the BIOS, as well as the master boot record.
"Unauthorized changes in the BIOS could allow or be part of a sophisticated, targeted attack on an organization, allowing an attacker to infiltrate an organization's systems or disrupt their operations", commented Andrew Regenscheid, one of the authors of the guidelines. "We believe this is an emerging threat area", he added.
These developments underscore the importance of detecting changes to the BIOS code and configurations, and why monitoring BIOS integrity is an important element of security, NIST said.
SP 800-155 explains the fundamentals of BIOS integrity measurement – a way to determine if the BIOS has been modified – and how to report any changes. The publication provides guidelines to hardware and software vendors that develop products that can support secure BIOS integrity measurement mechanisms. The publication may also be of interest to organizations that are developing deployment strategies for these technologies, NIST noted.
Comments on the draft are due Jan. 20, 2012, and should be sent to via email with "Comment SP 800-155” in the subject line.