After many months of effort within the DMTF Virtualization Protection Profile (VPP) Incubator and submission to the National Information Assurance Partnership/Common Criteria Evaluation and Validation Scheme (NIAP/CCEVS) for consolidation, public review and comment, the Server Virtualization Protection Profile 1.0 is now available for download on the NIAP/CCEVS website.
The Protection Profile (PP) describes the security requirements for Server Virtualization and provides a minimal baseline set of requirements targeted at mitigating well-defined threats. Based on requirements identified in the DMTF white paper dated September 5, 2012, the document defines design goals and requirements for the secure implementation of server virtualization solutions. The work was completed in collaboration with members of the National Security Agency (NSA), National Institute of Standards and Technologies (NIST) and experts from the virtualization community. It distills over 100 requirements from the DMTF white paper down to a core of approximately 50 requirements considered by the authors to be fundamental to the security of Virtualization Systems.