ISO 19678:2015提供了防止未经授权修改PC客户端系统上的基本输入/输出系统（BIOS）固件的要求和指南。由于BIOS在PC体系结构中的独特和特权地位，恶意软件对BIOS固件的未授权修改构成了重大威胁。恶意的BIOS修改可能是针对组织的复杂的、有针对性的攻击的一部分？永久拒绝服务（如果BIOS损坏）或持续存在恶意软件（如果BIOS植入了恶意软件）。 如本出版物中所使用的，术语BIOS是指常规BIOS、可扩展固件接口(EFI)BIOS和统一可扩展固件接口(UEFI)BIOS。本国际标准适用于系统BIOS固件（例如。例如，常规BIOS或UEFI BIOS)存储在计算机系统的系统闪存中，包括可以格式化为选项ROM的部分。但是，它不适用于存储在计算机系统其他地方的选项ROM、UEFI驱动程序和固件。 子条款7.2为平台供应商提供了安全BIOS更新过程的要求。此外，子条款7.3提供了在操作环境中管理BIOS的指南。 虽然该国际标准侧重于当前和未来的x86和x64客户端平台，但控制和程序独立于任何特定的系统设计。

ISO 19678:2015 provides requirements and guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS's unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization?either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). As used in this publication, the term BIOS refers to conventional BIOS, Extensible Firmware Interface (EFI) BIOS, and Unified Extensible Firmware Interface (UEFI) BIOS. This International Standard applies to system BIOS firmware (e.g., conventional BIOS or UEFI BIOS) stored in the system flash memory of computer systems, including portions that may be formatted as Option ROMs. However, it does not apply to Option ROMs, UEFI drivers, and firmware stored elsewhere in a computer system. Subclause 7.2 provides platform vendors with requirements for a secure BIOS update process. Additionally, subclause 7.3 provides guidelines for managing the BIOS in an operational environment. While this International Standard focuses on current and future x86 and x64 client platforms, the controls and procedures are independent of any particular system design.