标准摘要
[中文适用范围]: 本国际标准规定了防止个人计算机客户端系统上的基本输入/输出系统(BIOS)固件未经授权修改的要求和指南。由于BIOS在其独特而特权的位置,恶意软件对BIOS固件的未经授权修改构成重大威胁。被植入恶意软件的BIOS可能会导致持续存在的恶意软件存在。本国际标准适用于存储在计算机系统闪存中的系统BIOS固件(如常规BIOS或UEFI BIOS)。然而,它不适用于选项ROM、UEFI驱动程序和存储在计算机系统其他位置的固件。第7.2条为平台供应商提供了安全BIOS更新过程的要求。此外,第7.3条提供了在操作环境中管理BIOS的指南。尽管本国际标准主要关注当前和未来x86和x64客户端平台,但控制和程序与特定系统设计无关。 [外文原描述]: ISO 19678:2015 provides requirements and guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS's unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization ?either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). As used in this publication, the term BIOS refers to conventional BIOS, Extensible Firmware Interface (EFI) BIOS, and Unified Extensible Firmware Interface (UEFI) BIOS. This International Standard applies to system BIOS firmware (e.g., conventional BIOS or UEFI BIOS) stored in the system flash memory of computer systems, including portions that may be formatted as Option ROMs. However, it does not apply to Option ROMs, UEFI drivers, and firmware stored elsewhere in a computer system. Subclause 7.2 provides platform vendors with requirements for a secure BIOS update process. Additionally, subclause 7.3 provides guidelines for managing the BIOS in an operational environment. While this International Standard focuses on current and future x86 and x64 client platforms, the controls and procedures are independent of any particular system design.
英文名称Information Technology - BIOS Protection Guidelines