Assign Password to Prevent Changes to Boot Firmware Configuration
An XCCDF Rule
Description
Assign a password to the system boot firmware (historically called BIOS on PC systems) to require a password for any configuration changes.
Rationale
Assigning a password to the system boot firmware prevents anyone with physical access from configuring the system to boot from local media and circumvent the operating system's access controls. For systems in physically secure locations, such as a data center or Sensitive Compartmented Information Facility (SCIF), this risk must be weighed against the risk of administrative personnel being unable to conduct recovery operations in a timely fashion.
- ID
- xccdf_org.ssgproject.content_rule_bios_assign_password
- Severity
- Unknown
- Updated