Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-125A (DRAFT)

Security Recommendations for Hypervisor Deployment

Date Published: October 20, 2014
Comments Due: November 10, 2014 (public comment period is CLOSED)
Email Questions to: mouli@nist.gov

Withdrawn: September 14, 2017

Author(s)

Ramaswamy Chandramouli (NIST)

Announcement

NIST announces the public comment release of NIST Special Publication 800-125A, Security Recommendations for Hypervisor Deployment. Server Virtualization (enabled by Hypervisor) is finding widespread adoption in enterprise data centers both for hosting in-house applications as well as for providing computing resources for cloud services. The hypervisor provides abstraction of all physical resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (each consisting of an O/S (called Guest O/S), Middleware and a set of Application programs) to be run on a single physical host (referred to virtualized host or hypervisor host).

Since the NIST publication of SP 800-125 (Guide to Security for Full Virtualization Technologies) in January 2011, both the feature set of hypervisors as well as the tools for configuration and administration of virtualized infrastructure spawned by the hypervisor has seen considerable increase. This has generated the need to develop security recommendations for secure deployment of hypervisor platforms. This special publication defines a focused set of twenty-two security recommendations (in terms of architectural choices and configuration settings), intended to ensure secure execution of tasks performed by the hypervisor components under the umbrella of five baseline functions.

The public comment period closed on November 10, 2014.

Abstract

Keywords

hypervisor; virtual machine; virtual network; secure configuration; security monitoring; virtualization; guest O/S
Control Families

Planning; System and Communications Protection;

Documentation

Publication:
Draft SP 800-125A

Supplemental Material:
None available

Related NIST Publications:
SP 800-125

Document History:
Draft SP 800-125A (10/20/14)
Draft SP 800-125A (9/14/17)

Topics

Security and Privacy
planning

Technologies
cloud & virtualization

Laws and Regulations
OMB Circular A-130