• Shopping Cart
    There are no items in your cart

CAN/CSA-ISO/IEC 19678:16

Current

Current

The latest, up-to-date edition.

Information Technology BIOS Protection Guidelines (Adopted ISO/IEC 19678:2015, first edition, 2015-05-01)

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

01-01-2016

€95.12
Excluding VAT

Foreword
Introduction
1 Scope
2 Conformance
3 Normative references
4 Terms and definitions
5 Symbols (and abbreviated terms)
6 Background
7 Threat Mitigation
Bibliography

Specifies requirements and guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems.

DocumentType
Standard
ISBN
978-1-4883-0526-9
Pages
0
PublisherName
Canadian Standards Association
Status
Current

Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC 19678" throughout. At the time of publication, ISO/IEC 19678:2015 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC. Scope This International Standard provides requirements and guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS's unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization - either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). As used in this publication, the term BIOS refers to conventional BIOS, Extensible Firmware Interface (EFI) BIOS, and Unified Extensible Firmware Interface (UEFI) BIOS. This International Standard applies to system BIOS firmware (e.g., conventional BIOS or UEFI BIOS) stored in the system flash memory of computer systems, including portions that may be formatted as Option ROMs. However, it does not apply to Option ROMs, UEFI drivers, and firmware stored elsewhere in a computer system. Subclause 7.2 provides platform vendors with requirements for a secure BIOS update process. Additionally, subclause 7.3 provides guidelines for managing the BIOS in an operational environment. While this International Standard focuses on current and future x86 and x64 client platforms, the controls and procedures are independent of any particular system design.

Standards Relationship
ISO/IEC 19678:2015 Identical

FIPS PUB 186 : 0 DIGITAL SIGNATURE STANDARD (DSS)

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.