Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

DRAFT SP 800-125B, Secure Virtual Network Configuration for Virtual Machine (VM) Protection
September 29, 2015

NIST announces the public comment release of Draft NIST Special Publication 800-125B, Secure Virtual Network Configuration for Virtual Machine (VM) Protection. VMs constitute the primary resource to be protected in a virtualized infrastructure, since they are the compute engines on which business/mission critical applications of the enterprise are run. Further, since VMs are end-nodes of a virtual network, the configuration of virtual network forms an important element in the security of VMs and their hosted applications. The virtual network configuration areas considered for VM protection in this document are – Network Segmentation, Network Path Redundancy, Firewall Deployment Architecture and VM Traffic Monitoring. The configuration options in each of these areas are analyzed for their advantages and disadvantages and security recommendations are provided.

The specific areas where comments are solicited are:

  • Advantages and Disadvantages of the various configuration options in the four virtual network configuration areas.
  • The Security Recommendations

The public comment period closes on Friday, October 23, 2015. Please send comments to sp800-125b@nist.gov.

Created December 21, 2016, Updated April 26, 2017