Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-125A (2nd Public Draft)

Security Recommendations for Hypervisor Deployment

Date Published: September 2017
Comments Due: October 6, 2017 (public comment period is CLOSED)
Email Questions to:


Ramaswamy Chandramouli (NIST)


NIST is soliciting public comments for this second draft of the document "Security Recommendations for Hypervisor Deployment."  The security recommendations in this version are expressions of counter measures for obtaining assurance against exploitation of threats to five baseline functions of the hypervisor and are therefore agnostic to the architecture of the hypervisor platform. Protection measures that are common to all server class software and its hosting environment have been removed in this version since they are addressed in other NIST documents.



Virtualization; Hypervisor; Virtual Machine; Virtual Network; Secure Configuration; Security
Control Families

None selected


Draft (2nd) SP 800-125A (pdf)

Supplemental Material:
None available

Related NIST Publications:
SP 800-125

Document History:
10/20/14: SP 800-125A (Draft)
09/14/17: SP 800-125A (Draft)
01/23/18: SP 800-125A (Final)


Security and Privacy



cloud & virtualization

Laws and Regulations

OMB Circular A-130