Guide to Security for Full Virtualization Technologies

Scarfone, Karen; Souppaya, Murugiah; Hoffman, Paul

doi:https://doi.org/10.6028/NIST.SP.800-125

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov.

NIST SP 800-125

Guide to Security for Full Virtualization Technologies

Documentation Topics

Date Published: January 2011

Author(s)

Karen Scarfone (G2), Murugiah Souppaya (NIST), Paul Hoffman (Virtual Private Network Consortium)

Abstract

The purpose of SP 800-125 is to discuss the security concerns associated with full virtualization technologies for server and desktop virtualization, and to provide recommendations for addressing these concerns. Full virtualization technologies run one or more operating systems and their applications on top of virtual hardware. Full virtualization is used for operational efficiency, such as in cloud computing, and for allowing users to run applications for multiple operating systems on a single computer.

Keywords

Virtualization; hypervisor; VMM; virtual machine; VM; cloud computing

Control Families

Access Control; Configuration Management; Planning; Risk Assessment; System and Communications Protection; System and Information Integrity

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-125
Download URL

Supplemental Material:
Press Release

Other Parts of this Publication:
SP 800-125A Rev. 1
SP 800-125A
SP 800-125B

Document History:
01/28/11: SP 800-125 (Final)

Topics

Security and Privacy

planning, risk assessment

Technologies

cloud & virtualization

Laws and Regulations

Federal Information Security Modernization Act