Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-125A (Initial Public Draft)

Security Recommendations for Hypervisor Deployment

Date Published: October 20, 2014
Comments Due: November 10, 2014 (public comment period is CLOSED)
Email Questions to:


Ramaswamy Chandramouli (NIST)


NIST announces the public comment release of NIST Special Publication 800-125A, Security Recommendations for Hypervisor Deployment. Server Virtualization (enabled by Hypervisor) is finding widespread adoption in enterprise data centers both for hosting in-house applications as well as for providing computing resources for cloud services. The hypervisor provides abstraction of all physical resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (each consisting of an O/S (called Guest O/S), Middleware and a set of Application programs) to be run on a single physical host (referred to virtualized host or hypervisor host).

Since the NIST publication of SP 800-125 (Guide to Security for Full Virtualization Technologies) in January 2011, both the feature set of hypervisors as well as the tools for configuration and administration of virtualized infrastructure spawned by the hypervisor has seen considerable increase. This has generated the need to develop security recommendations for secure deployment of hypervisor platforms. This special publication defines a focused set of twenty-two security recommendations (in terms of architectural choices and configuration settings), intended to ensure secure execution of tasks performed by the hypervisor components under the umbrella of five baseline functions.

The public comment period closed on November 10, 2014.



virtual machine; virtual network; secure configuration; security monitoring; hypervisor; virtualization; guest O/S
Control Families

Planning; System and Communications Protection


Draft SP 800-125A (pdf)

Supplemental Material:
None available

Related NIST Publications:
SP 800-125

Document History:
10/20/14: SP 800-125A (Draft)
09/14/17: SP 800-125A (Draft)
01/23/18: SP 800-125A (Final)


Security and Privacy



cloud & virtualization

Laws and Regulations

OMB Circular A-130