1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
documentation_complete: true
title: 'Assign Password to Prevent Changes to Boot Firmware Configuration'
description: |-
Assign a password to the system boot firmware (historically called BIOS on PC
systems) to require a password for any configuration changes.
rationale: |-
Assigning a password to the system boot firmware prevents anyone
with physical access from configuring the system to boot
from local media and circumvent the operating system's access controls.
For systems in physically secure locations, such as
a data center or Sensitive Compartmented Information Facility (SCIF), this risk must be weighed
against the risk of administrative personnel being unable to conduct recovery operations in
a timely fashion.
severity: unknown
platform: system_with_kernel
|
