U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

SP 800-125A (Draft)

Security Recommendations for Hypervisor Deployment

Date Published: October 20, 2014
Comments Due: November 10, 2014 (public comment period is CLOSED)
Email Questions to: mouli@nist.gov


Ramaswamy Chandramouli (NIST)


NIST announces the public comment release of NIST Special Publication 800-125A, Security Recommendations for Hypervisor Deployment. Server Virtualization (enabled by Hypervisor) is finding widespread adoption in enterprise data centers both for hosting in-house applications as well as for providing computing resources for cloud services. The hypervisor provides abstraction of all physical resources (such as CPU, Memory, Network and Storage) and thus enables multiple computing stacks (each consisting of an O/S (called Guest O/S), Middleware and a set of Application programs) to be run on a single physical host (referred to virtualized host or hypervisor host).

Since the NIST publication of SP 800-125 (Guide to Security for Full Virtualization Technologies) in January 2011, both the feature set of hypervisors as well as the tools for configuration and administration of virtualized infrastructure spawned by the hypervisor has seen considerable increase. This has generated the need to develop security recommendations for secure deployment of hypervisor platforms. This special publication defines a focused set of twenty-two security recommendations (in terms of architectural choices and configuration settings), intended to ensure secure execution of tasks performed by the hypervisor components under the umbrella of five baseline functions.

The public comment period closed on November 10, 2014.



virtual machine; virtual network; secure configuration; security monitoring; hypervisor; virtualization; guest O/S
Control Families

Planning; System and Communications Protection


Draft SP 800-125A

Supplemental Material:
None available

Related NIST Publications:
SP 800-125

Document History:
10/20/14: SP 800-125A (Draft)
09/14/17: SP 800-125A (Draft)
01/23/18: SP 800-125A


Security and Privacy

cloud & virtualization

Laws and Regulations
OMB Circular A-130