Deploying Signed BIOSes to Enterprise Client Systems (version 1)

Abstract: This guide is meant to assist United States government and Department of Defense Windows system administrators deploy BIOSes to their enterprise client systems that support signed BIOSes and signed BIOS update mechanisms but do not have signed BIOSes installed by default due to these systems predating the NIST SP 800-147 standard. Vendors that implement signed BIOses currently ship systems with a signed BIOS already installed. This guide also provides information on tools for managing BIOSes that are freely available and officially supported by vendors for commercial use. The guide assumes administrators operate in a restrictive network environment where common remote management protocols may be blocked and common automation technologies may be disabled. Very basic techniques and technologies are used in this guide to apply to the widest audience possible and to allow easier integration into restrictive environments.

Date Published:

Last Reviewed: 16 July 2015

Version: 1

Identifier: ADF-2012-1215

Creator:

Dissemination Control: N/A

Length: 32 page(s)

Format: pdf

Type: Guide/Plan

Tags: Signed BIOSes; Configuration Management; Secure Lifecycle Management