{"description": "Assign a password to the system boot firmware (historically called BIOS on PC\nsystems) to require a password for any configuration changes.", "rationale": "Assigning a password to the system boot firmware prevents anyone\nwith physical access from configuring the system to boot\nfrom local media and circumvent the operating system's access controls.\nFor systems in physically secure locations, such as\na data center or Sensitive Compartmented Information Facility (SCIF), this risk must be weighed\nagainst the risk of administrative personnel being unable to conduct recovery operations in\na timely fashion.", "severity": "unknown", "references": {}, "control_references": {}, "components": [], "identifiers": {}, "ocil_clause": null, "ocil": null, "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": "system_with_kernel", "platforms": ["system_with_kernel"], "sce_metadata": {}, "inherited_platforms": [], "cpe_platform_names": ["system_with_kernel"], "inherited_cpe_platform_names": [], "bash_conditional": null, "fixes": {}, "title": "Assign Password to Prevent Changes to Boot Firmware Configuration", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml", "template": null}