CAN/CSA-ISO/IEC 19678:16
Current
The latest, up-to-date edition.
Information Technology BIOS Protection Guidelines (Adopted ISO/IEC 19678:2015, first edition, 2015-05-01)
Hardcopy , PDF
English
01-01-2016
Foreword
Introduction
1 Scope
2 Conformance
3 Normative references
4 Terms and definitions
5 Symbols (and abbreviated terms)
6 Background
7 Threat Mitigation
Bibliography
Specifies requirements and guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems.
DocumentType |
Standard
|
ISBN |
978-1-4883-0526-9
|
Pages |
0
|
PublisherName |
Canadian Standards Association
|
Status |
Current
|
Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). For brevity, this Standard will be referred to as "CAN/CSA-ISO/IEC 19678" throughout. At the time of publication, ISO/IEC 19678:2015 is available from ISO and IEC in English only. CSA Group will publish the French version when it becomes available from ISO and IEC. Scope This International Standard provides requirements and guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS's unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization - either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). As used in this publication, the term BIOS refers to conventional BIOS, Extensible Firmware Interface (EFI) BIOS, and Unified Extensible Firmware Interface (UEFI) BIOS. This International Standard applies to system BIOS firmware (e.g., conventional BIOS or UEFI BIOS) stored in the system flash memory of computer systems, including portions that may be formatted as Option ROMs. However, it does not apply to Option ROMs, UEFI drivers, and firmware stored elsewhere in a computer system. Subclause 7.2 provides platform vendors with requirements for a secure BIOS update process. Additionally, subclause 7.3 provides guidelines for managing the BIOS in an operational environment. While this International Standard focuses on current and future x86 and x64 client platforms, the controls and procedures are independent of any particular system design.
Standards | Relationship |
ISO/IEC 19678:2015 | Identical |
FIPS PUB 186 : 0 | DIGITAL SIGNATURE STANDARD (DSS) |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.