Answer Description
Setting up a BIOS/UEFI password is the only option that would mitigate the threat from a user booting from another device (though it can often be reset by removing the CMOS battery). Data encryption, disabling admin accounts and only allowing trusted sources are all operating system level configurations and would not apply prior to booting to an OS.
Wikipedia
In computing, BIOS (, BY-oss, -ohss an acronym for Basic Input/Output System and also known as the System BIOS, ROM BIOS or PC BIOS) is firmware used to perform hardware initialization during the booting process (power-on startup), and to provide runtime services for operating systems and programs The BIOS firmware comes pre-installed on a personal computer's system board, and it is the first software to run when powered on The name originates from the Basic Input/Output System used in the CP/M operating system in 1975 The BIOS originally proprietary to the IBM PC has been reverse engineered by some companies (such as Phoenix Technologies) looking to create compatible systems
BIOS - Wikipedia, the free encyclopedia