"Last September, the first BIOS-based rootkit in the wild was discovered, called ," notes Andrew Regenscheid, math researcher and project leader in NIST's computer security division. While criminals creating malware have spent far more time over the years targeting and operating systems (OS), the potential for wreaking serious havoc by subverting the BIOS, which typically works to do jobs such as load the OS, is of growing concern.

IN THE NEWS:

So through new security guidelines that will influence what computers the federal government buys in the future, NIST is setting standards that require authentication of BIOS update mechanisms.

Just this week NIST put out for public comment its , "BIOS Protection Guidelines for Servers," with comment sought through mid-September. The intent is to stop any cyberattack related to "unauthorized modification of BIOS firmware by malicious software."

The NIST document basically says government buyers of servers in the future -- whether these are basic servers, managed servers or blade servers -- will be checking to see if gear they are thinking of getting has any way to "authenticate BIOS update mechanism," "secure local update mechanisms," and if there's "firmware integrity protection" and "non-bypassability features."