CIS issues security benchmarks for virtual machines

In case you needed any more evidence that virtualization is making serious inroads in the enterprise, the Center for Internet Security this week released a set of benchmarks for securing virtual machines. The guidelines are generic, non-vendor specific suggestions for locking down virtual environments, and are the result of a collaborative effort. Like most of these kinds of documents, the suggestions are pretty general and hard to argue with. However, unlike say, Windows XP or Windows Server 2003, which all security managers know inside and out, virtual machines are still not well-understood in many corners of the IT industry.

With that in mind, CIS and its collaborators–which included Configuresoft, the Department of Homeland Security and others–put a fair amount of background material on VMs into the guidelines. They look to be a good start for admins seeking guidance on how best to secure virtualized environments. CIS also is planning to put out specific benchmarks for securing VMware’s ESX Server later this year.