Recently quite a few malware have been known to persistently infect computer systems and cannot be removed even on OS reinstalls and NIST is proposing a set of measures through which the BIOS can be made more secure and resistant to such firmware manipulating attacks. An example of such Trojan is Mebromi.
NIST published the draft guidelines [PDF] earlier this week and has proposed four different features through which the server BIOSes can be made more secure – authenticated update mechanism; secure local update mechanism (optional); firmware integrity protections; non-bypassability features.
“Unauthorized modification of a BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and privileged position within the PC architecture,” read the new set of proposed guidelines.
NIST has already published such a similar set of guidelines [PDF] for BIOS protection of desktop and laptop computers.
If you want to give in your suggestions, you have time until September 14 to comment on the proposed server guidelines. Comments may be sent by email to email@example.com.