Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-155 (DRAFT)

BIOS Integrity Measurement Guidelines

Date Published: December 2011
Comments Due: January 20, 2012 (public comment period is CLOSED)
Email Questions to:


Andrew Regenscheid (NIST), Karen Scarfone (Scarfone Cybersecurity)


NIST announces the public comment release of NIST Special Publication 800-155, BIOS Integrity Measurement Guidelines. This document outlines the security components and security guidelines needed to establish a secure Basic Input/Output System (BIOS) integrity measurement and reporting chain. BIOS is a critical security component in systems due to its unique and privileged position within the personal computer (PC) architecture. A malicious or outdated BIOS could allow or be part of a sophisticated, targeted attack on an organization -either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). The guidelines in this document are intended to facilitate the development of products that can detect problems with the BIOS so that organizations can take appropriate remedial action to prevent or limit harm. The security controls and procedures specified in this document are oriented to desktops and laptops deployed in an enterprise environment.



hardware; integrity measurement; Basic Input/Output System (BIOS); roots of trust
Control Families

Configuration Management; System and Information Integrity;


Draft SP 800-155

Supplemental Material:
None available


Security and Privacy