ISO 19678:2015提供了防止未经授权修改PC客户端系统上基本输入/输出系统（BIOS）固件的要求和指南。由于BIOS在PC体系结构中的独特和特权地位，恶意软件未经授权修改BIOS固件构成重大威胁。恶意BIOS修改可能是针对某个组织的复杂、有针对性的攻击的一部分？永久拒绝服务（如果BIOS已损坏）或持续存在恶意软件（如果BIOS已植入恶意软件）。 在本出版物中，BIOS一词指的是传统BIOS、可扩展固件接口（EFI）BIOS和统一可扩展固件接口（UEFI）BIOS。 本国际标准适用于存储在计算机系统的系统闪存中的系统BIOS固件（例如，传统BIOS或UEFI BIOS），包括可格式化为选件ROM的部分。但是，它不适用于选项ROM、UEFI驱动程序和存储在计算机系统其他地方的固件。 第7.2款为平台供应商提供了安全BIOS更新过程的要求。此外，第7.3款提供了在操作环境中管理BIOS的指南。 虽然本国际标准侧重于当前和未来的x86和x64客户端平台，但控制和程序独立于任何特定的系统设计。

ISO 19678:2015 provides requirements and guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS's unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization?either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). As used in this publication, the term BIOS refers to conventional BIOS, Extensible Firmware Interface (EFI) BIOS, and Unified Extensible Firmware Interface (UEFI) BIOS. This International Standard applies to system BIOS firmware (e.g., conventional BIOS or UEFI BIOS) stored in the system flash memory of computer systems, including portions that may be formatted as Option ROMs. However, it does not apply to Option ROMs, UEFI drivers, and firmware stored elsewhere in a computer system. Subclause 7.2 provides platform vendors with requirements for a secure BIOS update process. Additionally, subclause 7.3 provides guidelines for managing the BIOS in an operational environment. While this International Standard focuses on current and future x86 and x64 client platforms, the controls and procedures are independent of any particular system design.