Implementing a PC Hardware Configuration (BIOS) Baseline

High level operating system features such as patch management, full disk encryption, virtualization, and malware protection are increasingly reliant on properly configured Basic Input Output System (BIOS) firmware settings and support. Varying configuration settings complicate the implementation process and subsequent troubleshooting sessions. This paper presents a solution to these issues through implementation of a hardware configuration policy, a BIOS firmware features baseline, and hardware configuration standards. This is accomplished by folding hardware selection and configuration into comprehensive lifecycle, operations, and change management programs to ensure predictable support for required features. To support the development of necessary documentation a survey of typical BIOS firmware configuration options is presented. Security implications for each of these options are explored to identify settings that are both beneficial and detrimental to security. Finally, vendor options and support for BIOS firmware settings automation are explored.