Uncategorized

NIST releases SP 800-125A: security recommendations for hypervisors

SP 800-125A: Security Recommendations for Hypervisor Deployment on Servers

The Hypervisor is a collection of software modules that provides virtualization of hardware resources (such as CPU/GPU, Memory, Network and Storage) and thus enables multiple computing stacks (made of an operating system (OS) and Application programs) called Virtual Machines (VMs) to be run on a single physical host. In addition, it may have the functionality to define a network within the single physical host (called virtual network) to enable communication among the VMs resident on that host as well as with physical and virtual machines outside the host. With all this functionality, the hypervisor has the responsibility to mediate access to physical resources, provide run time isolation among resident VMs and enable a virtual network that provides security-preserving communication flow among the VMs and between the VMs and the external network. The architecture of a hypervisor can be classified in different ways. The security recommendations in this document relate to ensuring the secure execution of baseline functions of the hypervisor and are therefore agnostic to the hypervisor architecture. Further, the recommendations are in the context of a hypervisor deployed for server virtualization and not for other use cases such as embedded systems and desktops. Recommendations for secure configuration of a virtual network are dealt with in a separate NIST Special Publication (SP), SP 800-125B.

Keywords: Virtualization; Hypervisor; Virtual Machine; Virtual Network; Secure Configuration; Security Monitoring; Guest OS

 

https://csrc.nist.gov/News/2018/Security-Recommendations-for-Deploying-Hypervisors
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-125A.pdf
https://csrc.nist.gov/publications/detail/sp/800-125a/final

See-also:
SP 800-125B: Secure Virtual Network Configuration for Virtual Machine (VM) Protection
https://csrc.nist.gov/publications/detail/sp/800-125b/final

Standard

One thought on “NIST releases SP 800-125A: security recommendations for hypervisors

  1. Pingback: NIST SP 800-125A: Security Recommendations for Server-based Hypervisor Platforms | Firmware Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s