Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

DRAFT Special Publication 800-125A, Security Recommendations for Hypervisor Deployment
October 20, 2014

NIST announces the public comment release of DRAFT Special Publication 800-125A, Security Recommendations for Hypervisor Deployment. Server Virtualization (enabled by Hypervisor) is finding widespread adoption in enterprise data centers both for hosting in-house applications as well as for providing computing resources for cloud services. The hypervisor provides abstraction of all physical resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (each consisting of an O/S (called Guest O/S), Middleware and a set of Application programs) to be run on a single physical host (referred to virtualized host or hypervisor host). 
 
Since the NIST publication of SP 800-125 (Guide to Security for Full Virtualization Technologies) in January 2011, both the feature set of hypervisors as well as the tools for configuration and administration of virtualized infrastructure spawned by the hypervisor has seen considerable increase. This has generated the need to develop security recommendations for secure deployment of hypervisor platforms. This special publication defines a focused set of twenty-two security recommendations (in terms of architectural choices and configuration settings), intended to ensure secure execution of tasks performed by the hypervisor components under the umbrella of five baseline functions. 
 
The public comment period closes on Monday, November 10, 2014. Please send comments to sp800-125A-comments@nist.gov

Created December 21, 2016, Updated October 13, 2017