{"product_id":"nist-sp-800-147-155-national-institute-of-standards-and-tech-9781547202201","title":"NIST SP 800-147 \u0026 -155 BIOS Protection Guidelines \u0026 BIOS Integrity Measurement: Recommendations","description":"Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS's unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization-either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). The move from conventional BIOS implementations to implementations based on the Unified Extensible Firmware Interface (UEFI) may make it easier for malware to target the BIOS in a widespread fashion, as these BIOS implementations are based on a common specification. \u003cp\u003e\u003c\/p\u003e 800-147 focuses on current and future x86 and x64 desktop and laptop systems, although the controls and procedures could potentially apply to any system design. Likewise, although the guide is oriented toward enterprise-class platforms, the necessary technologies are expected to migrate to consumer-grade systems over time. The security guidelines do not attempt to prevent installation of unauthentic BIOSs through the supply chain, by physical replacement of the BIOS chip, or through secure local update procedures. 800-155 Focuses on two scenarios: detecting changes to the system BIOS code stored on the system flash, and detecting changes to the system BIOS configuration. The document is intended for hardware and software vendors that develop products that can support secure BIOS integrity measurement mechanisms, and may also be of use for organizations developing enterprise procurement or deployment strategies for these technologies. \u003cp\u003e\u003c\/p\u003e\u003cb\u003eWhy buy a book you can download for free?\u003c\/b\u003e \u003cp\u003e\u003c\/p\u003eFirst you gotta find it and make sure it's the latest version, not always easy. Then you gotta print it using a network printer you share with 100 other people - and its outta paper - and the toner is low (take out the toner cartridge, shake it, then put it back). If it's just 10 pages, no problem, but if it's a 250-page book, you will need to punch 3 holes in all those pages and put it in a 3-ring binder. Takes at least an hour. An engineer that's paid $75 an hour has to do this himself (who has assistant's anymore?). \u003cp\u003e\u003c\/p\u003eIf you are paid more than $10 an hour and use an ink jet printer, buying this book will save you money. \u003cp\u003e\u003c\/p\u003e\u003cb\u003eIt's much more cost-effective to just order the latest version from Amazon.com\u003c\/b\u003e \u003cp\u003e\u003c\/p\u003eThis public domain material is published by 4th Watch Books. We publish tightly-bound, full-size books at 8 1\/2 by 11 inches, with glossy covers. 4th Watch Books is a Service Disabled Veteran Owned Small Business (SDVOSB) and is not affiliated with the National Institute of Standards and Technology. \u003cp\u003e\u003c\/p\u003eFor more titles published by 4th Watch, please visit: \u003cb\u003ecybah.webplus.net\u003c\/b\u003e \u003cp\u003e\u003c\/p\u003e A full copy of all the pertinent cybersecurity standards is available on DVD-ROM in the CyberSecurity Standards Library disc which is available at Amazon.com. \u003cp\u003e\u003c\/p\u003e GSA P-100 Facilities Standards for the Public Buildings Service \u003cp\u003e\u003c\/p\u003e GSA P-120 Cost and Schedule Management Policy Requirements \u003cp\u003e\u003c\/p\u003e GSA P-140 Child Care Center Design Guide \u003cp\u003e\u003c\/p\u003e GSA Standard Level Features and Finishes for U.S. Courts Facilities \u003cp\u003e\u003c\/p\u003eGSA Courtroom Technology Manual \u003cp\u003e\u003c\/p\u003e NIST SP 500-299 NIST Cloud Computing Security Reference Architecture \u003cp\u003e\u003c\/p\u003eNIST SP 500-291 NIST Cloud Computing Standards Roadmap Version 2 \u003cp\u003e\u003c\/p\u003eNIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 1 \u0026amp; 2 \u003cp\u003e\u003c\/p\u003eNIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 3 DRAFT \u003cp\u003e\u003c\/p\u003eNIST SP 1800-8 Securing Wireless Infusion Pumps \u003cp\u003e\u003c\/p\u003eNISTIR 7497 Security Architecture Design Process for Health Information Exchanges (HIEs) \u003cp\u003e\u003c\/p\u003eNIST SP 800-66 Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule \u003cp\u003e\u003c\/p\u003eNIST SP 1800-1 Securing Electronic Health Records on Mobile Devices\u003cbr\u003e\u003cbr\u003e\u003cb\u003eAuthor:\u003c\/b\u003e National Institute of Standards and Tech\u003cbr\u003e\u003cb\u003eISBN-10:\u003c\/b\u003e 1547202203\u003cbr\u003e\u003cb\u003eISBN-13:\u003c\/b\u003e 9781547202201\u003cbr\u003e\u003cb\u003ePublisher:\u003c\/b\u003e Createspace Independent Publishing Platform\u003cbr\u003e\u003cb\u003eLanguage:\u003c\/b\u003e English\u003cbr\u003e\u003cb\u003ePublished:\u003c\/b\u003e 04\/29\/2011\u003cbr\u003e\u003cb\u003ePages:\u003c\/b\u003e 74\u003cbr\u003e\u003cb\u003eFormat:\u003c\/b\u003e Paperback\u003cbr\u003e\u003cb\u003eWeight:\u003c\/b\u003e 0.43lbs\u003cbr\u003e\u003cb\u003eSize:\u003c\/b\u003e 11.00h x 8.50w x 0.15d","brand":"National Institute of Standards and Tech","offers":[{"title":"Paperback","offer_id":48217471418623,"sku":"9781547202201","price":14.1,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0662\/2982\/9887\/files\/img_4ac05969-24cf-41d7-8160-18e7717684e0.jpg?v=1771997433","url":"https:\/\/www.whiterainbookhouse.com\/products\/nist-sp-800-147-155-national-institute-of-standards-and-tech-9781547202201","provider":"WR Book House","version":"1.0","type":"link"}