Information Technology — BIOS Protection Guidelines

ISO 19678:2015 provides requirements and guidelines for preventing the unauthorized modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of the BIOS's unique and privileged position within the PC architecture. A malicious BIOS modification could be part of a sophisticated, targeted attack on an organization ?either a permanent denial of service (if the BIOS is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). As used in this publication, the term BIOS refers to conventional BIOS, Extensible Firmware Interface (EFI) BIOS, and Unified Extensible Firmware Interface (UEFI) BIOS. This International Standard applies to system BIOS firmware (e.g., conventional BIOS or UEFI BIOS) stored in the system flash memory of computer systems, including portions that may be formatted as Option ROMs. However, it does not apply to Option ROMs, UEFI drivers, and firmware stored elsewhere in a computer system. Subclause 7.2 provides platform vendors with requirements for a secure BIOS update process. Additionally, subclause 7.3 provides guidelines for managing the BIOS in an operational environment. While this International Standard focuses on current and future x86 and x64 client platforms, the controls and procedures are independent of any particular system design.

Technologies de l'information — Lignes directrices de protection BIOS

General Information

Status
Published
Publication Date
21-Apr-2015
Current Stage
9060 - Close of review
Start Date
03-Sep-2020
Ref Project

Buy Standard

Standard
ISO/IEC 19678:2015 - Information Technology -- BIOS Protection Guidelines
English language
15 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO/IEC
STANDARD 19678
First edition
2015-05-01
Information Technology — BIOS
Protection Guidelines
Technologies de l’information — Lignes directrices de protection BIOS
Reference number
ISO/IEC 19678:2015(E)
ISO/IEC 2015
---------------------- Page: 1 ----------------------
ISO/IEC 19678:2015(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2015, Published in Switzerland

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form

or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior

written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of

the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 19678:2015(E)
Contents Page

Foreword ............................................................................................................................................................. v

Introduction ........................................................................................................................................................ vi

1 Scope ............................................................................................................................................................. 1

2 Conformance ................................................................................................................................................ 1

3 Normative references................................................................................................................................... 2

4 Terms and definitions .................................................................................................................................. 2

5 Symbols (and abbreviated terms) .............................................................................................................. 3

6 Background .................................................................................................................................................. 4

6.1 System BIOS .............................................................................................................................................. 4

6.2 Role of System BIOS in the Boot Process ............................................................................................. 5

6.3 Updating the System BIOS ....................................................................................................................... 8

6.4 Importance of BIOS Integrity ................................................................................................................... 8

6.5 Threats to the System BIOS ..................................................................................................................... 9

7 Threat Mitigation ........................................................................................................................................ 10

Bibliography ...................................................................................................................................................... 14

© ISO/IEC 2015 – All rights reserved
---------------------- Page: 3 ----------------------
ISO/IEC 19678:2015(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that are members of

ISO or IEC participate in the development of International Standards through technical committees

established by the respective organization to deal with particular fields of technical activity. ISO and IEC

technical committees collaborate in fields of mutual interest. Other international organizations, governmental

and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information

technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.

International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.

The main task of the joint technical committee is to prepare International Standards. Draft International

Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as

an International Standard requires approval by at least 75 % of the national bodies casting a vote.

Attention is drawn to the possibility that some of the elements of this document may be the subject of patent

rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.

Note: ITTF will provide the document number needed below

ISO/IEC 19678 was prepared by the U.S. National Institute of Standards and Technology from NIST SP 800-

147, BIOS Protection Guidelines. NIST SP 800-147 was reformatted in accordance with ISO/IEC Directives,

Part 2, while maintaining the technical content of the NIST publication (available at

http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf). The resulting standard was

adopted under a special “fast-track procedure”, by Joint Technical Committee ISO/IEC JTC 1, Information

technology, in parallel with its approval by the national bodies of ISO and IEC.
© ISO/IEC 2015 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 19678:2015(E)
Introduction

Modern computers rely on fundamental system firmware, commonly known as the system Basic Input/Output

System (BIOS), to facilitate the hardware initialization process and transition control to the operating system.

The BIOS is typically developed by both original equipment manufacturers (OEMs) and independent BIOS

vendors, and is distributed to end-users by motherboard or computer manufacturers. Manufacturers

frequently update system firmware to fix bugs, patch vulnerabilities, and support new hardware. This

International Standard provides security requirements and guidance for preventing the unauthorized

modification of BIOS firmware on PC client systems.

Unauthorized modification of BIOS firmware by malicious software constitutes a significant threat because of

the BIOS’s unique and privileged position within the PC architecture. A malicious BIOS modification could be

part of a sophisticated, targeted attack on an organization—either a permanent denial of service (if the BIOS

is corrupted) or a persistent malware presence (if the BIOS is implanted with malware). The move from

conventional BIOS implementations to implementations based on the Unified Extensible Firmware Interface

(UEFI) may make it easier for malware to target the BIOS in a widespread fashion, as these BIOS

implementations are based on a common specification.

This International Standard focuses on current and future x86 and x64 desktop and laptop systems, although

the controls and procedures could potentially apply to any system design. Likewise, although the guide is

oriented toward enterprise-class platforms, the necessary technologies are expected to migrate to consumer-

grade systems over time. The security requirements do not attempt to prevent installation of unauthentic

BIOSs through the supply chain, by physical replacement of the BIOS chip, or through secure local update

procedures.

The intended audience for this International Standard includes BIOS and platform vendors, and information

system security professionals who are responsible for managing the endpoint platforms’ security, secure boot

processes, and hardware security modules. The material may also be of use when developing enterprise-

wide procurement strategies and deployment.

The material in this International Standard is technically oriented, and it is assumed that readers have at least

a basic understanding of system and network security. The International Standard provides background

information to help such readers understand the topics that are discussed. Readers are encouraged to take

advantage of other resources (including those listed in this International Standard) for more detailed

information.
© ISO/IEC 2015 – All rights reserved
---------------------- Page: 5 ----------------------
ISO/IEC 19678:2015(E)
Information Technology— BIOS Protection Guidelines
1 Scope

This International Standard provides requirements and guidelines for preventing the unauthorized

modification of Basic Input/Output System (BIOS) firmware on PC client systems. Unauthorized modification

of BIOS firmware by malicious software constitutes a significant threat because of the BIOS’s unique and

privileged position within the PC architecture. A malicious BIOS modification could be part of a

sophisticated, targeted attack on an organization —either a permanent denial of service (if the BIOS is

corrupted) or a persistent malware presence (if the BIOS is implanted with malware).

As used in this publication, the term BIOS refers to conventional BIOS, Extensible Firmware Interface (EFI)

BIOS, and Unified Extensible Firmware Interface (UEFI) BIOS. This International Standard applies to

system BIOS firmware (e.g., conventional BIOS or UEFI BIOS) stored in the system flash memory of

computer systems, including portions that may be formatted as Option ROMs. However, it does not apply to

Option ROMs, UEFI drivers, and firmware stored elsewhere in a computer system.

Subclause 7.2 provides platform vendors with requirements for a secure BIOS update process.

Additionally, subclause 7.3 provides guidelines for managing the BIOS in an operational environment.

While this International Standard focuses on current and future x86 and x64 client platforms, the controls

and procedures are independent of any particular system design.
2 Conformance

The following terms are used in this standard to indicate mandatory requirements, recommended options,

or permissible actions.

• The terms “shall” and “shall not” indicate requirements to be followed strictly in order to conform to

this standard and from which no deviation is permitted.

• The terms “should” and “should not” indicate that among several possibilities one is recommended

as particularly suitable, without mentioning or excluding others, or that a certain course of action is

preferred but not necessarily required, or that (in the negative form) a certain possibility or course of

action is discouraged but not prohibited.

• The terms “may” and “need not” indicate a course of action permissible within the limits of this

standard.

An implementation is conformant to this standard if it implements the requirements specified in subclause

7.2.
© ISO/IEC 2015 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/IEC 19678:2015(E)
3 Normative references

The following referenced documents are indispensable for the application of this document. For dated

references, only the edition cited applies. For undated references, the latest edition of the referenced

document (including any amendments) applies.
FIPS 186-4, Digital Signature Standard. July 2013.

NIST SP 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications. November

2006.

NIST SP 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms

and Key Lengths. January 2011.
4 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
4.1
Basic Input/Output System (BIOS)

boot firmware, such as those based on the conventional BIOS, Extensible Firmware Interface (EFI), and the

Unified Extensible Firmware Interface (UEFI)
4.2
conventional BIOS

legacy boot firmware used in many x86-compatible computer systems (also known as the legacy BIOS)

4.3
Core Root of Trust for Measurement (CRTM)

the first piece of BIOS code that executes on the main processor during the boot process. On a system

with a Trusted Platform Module the CRTM is implicitly trusted to bootstrap the process of building a

measurement chain for subsequent attestation of other firmware and software that is executed on the

computer system.
4.4
Extensible Firmware Interface (EFI)

a specification for the interface between the operating system and the platform firmware. Version 1.10 of

the EFI specifications was the final version of the EFI specifications, and subsequent revisions made by the

Unified EFI Forum are part of the UEFI specifications
4.5
firmware
software that is included in read-only memory (ROM)
4.6
option ROM

firmware that is called by the system BIOS, such as BIOS firmware on add-on cards (e.g., video card, hard

drive controller, network card) as well as modules which extend the capabilities of the system BIOS

4.7
Protected Mode

an operational mode found in x86-compatible processors with hardware support for memory protection,

virtual memory, and multitasking
4.8
Real Mode
a legacy high-privilege operating mode in x86-compatible processors
2 © ISO/IEC 2015 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/IEC 19678:2015(E)
4.9
System Management Mode (SMM)

a high-privilege operating mode found in x86-compatible processors used for low-level system management

functions
4.10
system flash memory

the non-volatile storage location of system BIOS, typically in electronically erasable programmable read-

only memory (EEPROM) flash memory on the motherboard. While system flash memory is a technology-

specific term, requirements and guidelines in this document referring to the system flash memory are

intended to apply to any non-volatile storage medium containing the system BIOS.
4.11
Trusted Platform Module (TPM)

a tamper-resistant integrated circuit built into some computer motherboards that can perform cryptographic

operations (including key generation) and protect small amounts of sensitive information, such as

passwords and cryptographic keys
4.12
Unified Extensible Firmware Interface (UEFI)

a specification for the interface between the operating system and the platform firmware developed by the

UEFI Forum
5 Symbols (and abbreviated terms)
ACPI
Advanced Configuration and Power Interface
BDS
Boot Device Selection
BIOS
Basic Input/Output System
CPU
Central Processing Unit
CRTM
Core Root of Trust for Measurement
DXE
Driver Execution Environment
EEPROM
Electrically Erasable Programmable Read-Only Memory
EFI
Extensible Firmware Interface
FIPS
Federal Information Processing Standard
GPT
GUID Partition Table
GUID
Globally Unique Identifier
© ISO/IEC 2015 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/IEC 19678:2015(E)
MBR
Master Boot Record
OEM
Original Equipment Manufacturer
Operating System
PEI
Pre-EFI Initialization
POST
Power-on self-test
PXE
Preboot Execution Environment
ROM
Read-only Memory
Runtime
RTU
Root of Trust for Update
SMI
System Management Interrupt
SMM
System Management Mode
TPM
Trusted Platform Module
UEFI
Unified Extensible Firmware Interface
6 Background
6.1 System BIOS

The system BIOS is the first piece of software executed on the main central processing unit (CPU) when a

computer is powered on. While the system BIOS was originally responsible for providing operating systems

access to hardware, its primary role on modern machines is to initialize and test hardware components and

load the operating system. In addition, the BIOS loads and initializes important system management

functions, such as power and thermal management. The system BIOS may also load CPU microcode

patches during the boot process.

There are several different types of BIOS firmware. Some computers use a 16-bit conventional BIOS,

while many newer systems use boot firmware based on the UEFI specifications [23]. In this International

Standard we refer to all types of boot firmware as BIOS firmware, the system BIOS, or simply BIOS. When

necessary, we differentiate conventional BIOS firmware from UEFI firmware by calling them the

conventional BIOS and UEFI BIOS, respectively.

System BIOS is typically developed by both original equipment manufacturers (OEMs) and independent

BIOS vendors, and is distributed to end users with computer hardware. Manufacturers frequently update

© ISO/IEC 2015 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC 19678:2015(E)

system firmware to fix bugs, patch vulnerabilities, and support new hardware. The system BIOS is typically

stored on electrically erasable programmable read-only memory (EEPROM) or other forms of flash memory,

and is modifiable by end users. Typically, system BIOS firmware is updated using a utility or tool that has

special knowledge of the non-volatile storage components in which the BIOS is stored.

A given computer system can have BIOS in several different locations. In addition to the motherboard,

BIOS can be found on hard drive controllers, video cards, network cards and other add-in cards. This

additional firmware generally takes the form of Option ROMs (containing conventional BIOS and/or UEFI

drivers). These are loaded and executed by the system firmware during the boot process. Other system

devices, such as hard drives and optical drives, may have their own microcontrollers and other types of

firmware.

As noted in clause 1, the requirements and guidelines in this International Standard apply to BIOS firmware

stored in the system flash. This includes Option ROMs and UEFI drivers that are stored with the system

BIOS firmware and are updated by the same mechanism. It does not apply to Option ROMs, UEFI drivers,

and firmware stored elsewhere in a computer system.
6.2 Role of system BIOS in the boot process

The primary function of the system BIOS is to initialize important hardware components and to load the

operating system. This process is known as booting. The boot process of the system BIOS typically

executes in the following stages:

1. Execute Core Root of Trust: The system BIOS may include a small core block of firmware that

executes first and is capable of verifying the integrity of other firmware components. This has

traditionally been called the BIOS Boot Block. For trusted computing applications, it may also

contain the Core Root of Trust for Measurement (CRTM).

2. Initialize and Test Low-Level Hardware: Very early in the boot process the system BIOS initializes

and tests key pieces of hardware on the computer system, including the motherboard, chipset,

memory and CPU.

3. Load and Execute Additional Firmware Modules: The system BIOS executes additional pieces of

firmware that either extend the capabilities of the system BIOS or initialize other hardware

components necessary for booting the system. These additional modules may be stored within the

same flash memory as the system BIOS or they may be stored in the hardware devices they

initialize (e.g., video card, local area network card).

4. Select Boot Device: After system hardware has been configured, the system BIOS searches for a

boot device (e.g., hard drive, optical drive, USB drive) and executes the boot loader stored on that

device.

5. Load Operating System: While the system BIOS is still in control of the computer, the boot loader

begins to load and initialize the operating system kernel. Once the kernel is functional, primary

control of the computer system transfers from the system BIOS to the operating system.

In addition, the system BIOS loads system management interrupt (SMI) handlers (also known as System

Management Mode (SMM) code) and initializes Advanced Configuration and Power Interface (ACPI) tables

and code. These provide important system management functions for the running computer system, such

as power and thermal management.

This clause describes the boot process in conventional BIOS-based systems and the boot process in UEFI-

based systems. While conventional BIOS is used in many desktop and laptop computers deployed today,

the industry has begun transitioning to UEFI BIOS.
6.2.1 Conventional BIOS boot process

Figure 1 shows a typical boot process for x86-compatible systems running a conventional BIOS. The

conventional BIOS often executes in 16-bit real mode, although some more recent implementations execute

© ISO/IEC 2015 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/IEC 19678:2015(E)

in protected mode. Some conventional BIOS-based firmware has a small block of BIOS firmware— known

as the BIOS boot block— that is logically separate from the rest of the BIOS. On these computer systems,

the boot block is the first firmware executed during the boot process. The boot block is responsible for

checking the integrity of the remaining BIOS code, and may provide mechanisms for recovery if the main

system BIOS firmware is corrupted. On most trusted computing architectures, the BIOS boot block serves

as the computer system’s CRTM because this firmware is implicitly trusted to bootstrap the process of

building a measurement chain for subsequent attestation of other firmware and software that is executed on

the machine [20].

The boot block executes the part of the conventional BIOS that initializes most hardware components—the

Power-on-Self-Test (POST) code. During POST, key low-level hardware on the computer system is

initialized, including the chipset, CPU, and memory. The system BIOS initializes the video card, which may

load and execute its own BIOS to initialize graphics processors and memory.
Boot Process (Conventional BIOS)
CPU in Real Mode CPU in Protected Mode
BIOS Power- Load and Boot Early OS Full OS User Mode
MBR
boot On-Self- Execute Kernel Kernel
Loader Processes
block Test Option ROMs Init. Init.
Kernel Services
BIOS Services
Hardware
SMI Handlers
System
Management Event
CPU in SMM
Figure 1: Conventional BIOS Boot Process

Next, the system BIOS searches for other peripherals and microcontrollers, and executes any Option ROMs

on these components necessary to initialize them. Option ROMs execute very early in the boot process and

can add a variety of features to the boot process. For example, the Option ROM on a network adapter

could load the Preboot Execution Environment (PXE), which allows a computer to boot over the network.

Next, the system BIOS scans the computer system for storage devices that have been identified as boot

devices. In a typical case, the BIOS attempts to boot from the first boot device it finds that has a valid

master boot record (MBR). The MBR points to a boot loader stored on the hard drive, which in turn starts

the process of loading the operating system.
© ISO/IEC 2015 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/IEC 19678:2015(E)

During the boot process the system BIOS loads SMI handlers and initializes ACPI tables and code. SMI

handlers run in a special high-privilege mode on the CPU known as System Management Mode, a 32-bit

mode that is capable of bypassing many of the hardware security mechanisms of protected mode, such as

memory segmentation and page protections.
6.2.2 UEFI boot process

At a high level, the UEFI boot process, shown in Figure 2, follows a similar flow to the conventional BIOS

boot process. One difference is that UEFI code runs in 32- or 64-bit protected mode on the CPU, not in 16-

bit real mode as is often the case with conventional BIOS. Most UEFI-based platforms start with a small

core block of code that has the primary responsibility of authenticating subsequent code executed on the

computer system. This is very similar to the role of the boot block in conventional BIOS. This part of the

boot process is known as the Security (SEC) phase, and it serves as the core root of trust in the computer

system.
Boot Process- UEFI
CPU in Protected Mode
Transfer
UEFI Phases
control to OS
PEI DXE BDS
SEC RT
Initialize Initialize Load and GPT/ Boot Early OS Full OS User Mode
low-level execute EFI Kernel Kernel
firmware MBR Loader Processes
hardware drivers Init. Init.
Kernel Services
UEFI Services
Hardware
SMI Handlers
System
Management Event
CPU in SMM
Figure 2: UEFI Boot Process

The next phase of the UEFI boot process is the Pre-EFI Initialization (PEI) Phase. The PEI phase is

intended to initialize key system components, such as the processor, chipset and motherboard. In some

cases, the code in the Security Phase and the PEI Phase comprise the core root of trust in a UEFI system.

The purpose of the PEI Phase is to prepare the system for the Driver Execution Environment (DXE) phase.

The DXE phase is where most system initialization is performed. The firmware executed in this phase is

responsible for searching for and executing drivers that provide device support during the boot process, or

© ISO/IEC 2015 – All rights reserved 7
---------------------- Page: 12 ----------------------
ISO/IEC 19678:2015(E)

provide additional features. During this phase the UEFI BIOS may execute conventional option ROMs,

which have a similar purpose.

The PEI and DXE phases of the UEFI boot process lay the foundation to load an operating system. The

final tasks necessary to load an operating system are performed in the Boot Device Selection (BDS) phase.

This phase initializes console devices for simple input/output operations on the system. These console

devices include local text or graphical interfaces, as well as remote interfaces, such as Telnet or remote

displays over HTTP. The BDS phase also loads any additional drivers necessary to manage console or

boot devices. Finally, the firmware loads the boot loader from the first MBR or GUID Partition Table (GPT)

formatted boot device, and loads the operating system.

During the boot process the UEFI BIOS loads SMI handlers and initializes ACPI tables and code.

The Run Time phase of the UEFI boot process begins when the operating system is ready to take control

from the UEFI BIOS. UEFI runtime services are available to the operating system during this phase.

6.3 Updating the system BIOS

A system and its supporting management software and firmware may provide several authorized

mechanisms for legitimately updating the system BIOS. These include:

1. User-Initiated Updates: System and motherboard manufacturers typically supply end users with

utilities capable of updating the system BIOS. Historically, end users booted from external media to

perform these updates, but today most manufacturers provide utilities that can update the system

BIOS from the user’s normal operating system. Depending on the security mechanisms

implemented on the system, these utilities might directly update the system BIOS or they may

schedule an update for the next system reboot.

2. Managed Updates: A given computer system may have hardware and software-based agents that

allow a system administrator to remotely update the system BIOS without direct involvement from

the user.

3. Rollback: System BIOS implementations that authenticate updates before applying them may also

check version numbers during the update process. In these cases, the system BIOS may have a

special update process for rolling back the installed firmware to an earlier version. For instance, the

rollback process might require the physical presence of the user. This mechanism guards against

attackers flashing old firmware with known vulnerabilities.

4. Manual Recovery: To recover from a corrupt or malfunctioning system BIOS, many computer

systems provide mechanisms to allow a user with physical presence during the boot process to

replace the current system BIOS with a known good version and configuration.

5. Automatic Recovery: Some computer systems are able to detect when the system BIOS has been

corrupted and recover from a backup firmware image stored in a separate storage location from the

primary system BIOS (e.g., a second flash memory chip, a hidden partition on a hard drive).

6.4 Importance of BIOS integrity

As the first code that is executed by the main CPU, the system BIOS is a critical security component of a

computer system. While the system BIOS, possibly with the use of a Trusted Platform Module (TPM), can

verify the integrity of firmware and software executed later in the boot process, typically all or part of the

system BIOS is implicitly trusted.

The system BIOS is a potentially attractive target for attack. Malicious code running at the BIOS level could

have a great deal of control over a computer system. It could be used to compromise any components that

are loaded later in the boot process, including the SMM code, boot loader, hypervisor, and operating

system. The BIOS is stored on non-volatile memory that persists between power cycles. Malware written

into a BIOS could be used to re-infect machines even after new operating systems have been installed or

hard drives replaced. Because the system BIOS runs early in the boot process with very high privileges on

the machine, malware running at the BIOS level may be very difficult to detect. Because the BIOS loads

first, there is no opportunity for anti-malware products to authoritatively scan the BIOS.

8 © ISO/IEC 2015 – All rights reserved
---------------------- Page: 13 ----------------------
ISO/IEC 19678:2015(E)

BIOS exploits would likely be highly system-specific—directed at a specific version of a system BIOS or

certain hardware components (e.g., a particular motherboard chipset). In contrast, most malwa

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.