Gartner Blog Network

NIST Publishes Its Virtualization Security Guidelines

by Neil MacDonald  |  February 10, 2011  |  Comments Off on NIST Publishes Its Virtualization Security Guidelines

Last week, the US National Institute of Standards and Technology (NIST) published its final virtualization security guidelines.

There are already guidelines available from the Center for Internet Security, VMware, Microsoft, and Citrix as well as guidelines from the Defense Information Security Agency in the form of STIGs.

NIST adds to this collective knowledge and expands it with some interesting reading on desktop virtualization.

The most important things you can do to improve the security of your virtualization infrastructure are:

1.  Treat this layer like your most critical x86-based OS

2. Establish your own configuration guidelines (using sources like NIST and CIS as a starting point), apply these and measure for drift over time.

3. Extend your existing patch and vulnerability management processes to this new layer of software.

Gartner research shows that 90% of successful attacks occur against previously known vulnerabilities for which a patch or secure configuration standard was already available. If you haven’t already, make sure you’ve secured your virtualization platform layer.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: virtualization  virtualization-security  

Tags: best-practices  hyper-v  hypervisor-security  virtualization  virtualization-security  vmware  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.