BIOS Protection Guidelines - Recommendations of the National Institute of Standards and Technology
BIOS PROTECTION GUIDELINES 
4.  Integrity Protection! 
4-A  The RTU and the BIOS (excluding configuration data used by the BIOS that is stored in non-
volatile memory) shall be protected from unintended or malicious modification using a 
mechanism that cannot be overridden outside of an authenticated BIOS update. 
4-B   The protection mechanism shall be protected from unauthorized modification. 
4-C  The authenticated BIOS update mechanism shall be protected from unintended or malicious 
modification by a mechanism that is at least as strong as that protecting the RTU and the 
system BIOS. 
4-D  The protection mechanism shall protect relevant regions of the system flash memory 
containing the system BIOS prior to executing firmware or software that can be modified 
without using an authenticated update mechanism or a secure local update mechanism. 
4-E   Protections should be enforced by hardware mechanisms that are not alterable except by an 
authorized mechanism. 
! 
5.  Non-Bypassability 
These non-bypassability guidelines do not apply to configuration data used by the system BIOS that 
is stored in non-volatile memory.
! 
5-A  The authenticated BIOS update mechanism shall be the exclusive mechanism for modifying 
the system BIOS absent physical intervention through the secure local update mechanism.
! 
5-B   The design of the system and accompanying system components and firmware shall ensure that 
there are no mechanisms that allow the system processor or any other system component to 
bypass the authenticated update mechanism, except for the secure local update mechanism. 
! 
5-C  While system components may have read access to BIOS flash memory, they shall not be able 
to directly modify the system BIOS except through the authenticated update mechanism or by 
an authorized mechanism requiring physical intervention. 
! 
5-C.i  Bus mastering that bypasses the main processor (e.g., Direct Memory Access to the 
system flash) shall not be capable of directly modifying the firmware. 
! 
Microcontrollers on the system shall not be capable of directly modifying the firmware, unless the 
hardware and firmware components of the microcontroller are protected with equivalent mechanisms 
at the RTU. 
A-2 










