Virtualized server platforms—like physical server platforms—need to be protected against attacks from hackers who might want to steal information or take control of parts of the server. NIST released Draft NIST Special Publication SP 800-125A Revision 1, Security Recommendations for Server-based Hypervisor Platforms, which addresses this issue by providing recommendations to ensure that the core software used in virtualized server platforms—the hypervisor—remains secure against such attacks. This publication identifies five baseline functions of the hypervisor platform, analyzes threats to these platforms, and provides security recommendations. It has been found that to deploy virtualized servers for high performance applications (e.g., big data, analytics etc.), other forms of device virtualization besides the “emulation” approach covered in this document are required. This publication captures these additional technologies for device virtualization such as para-virtualization, passthrough and self-virtualizing hardware devices as well as associated security recommendations. Major content changes in this publication, which is a revision of NIST SP 800-125A, Security Recommendations for Hypervisor Deployment on Servers, can be found in Sections 1.1, 2.2.2 and 5. A public comment period for this draft document is open until May 2, 2018.
Sign up for updates from NIST
Created April 12, 2018, Updated April 16, 2018