IVS-11: Hypervisor Hardening

Control Family:

Infrastructure & Virtualization Security

CSF v1.1 References:

PR.AC-5
PR.DS-5
PR.MA-2
PR.PT-3

PF v1.0 References:

PR.AC-P5
PR.DS-P5
PR.MA-P2
PR.PT-P2

Threats Addressed:

Tampering
Elevation of Privilege
Lateral Movement

Control Statement

Access to all hypervisor management functions or administrative consoles for systems hosting virtualized systems shall be restricted to personnel based upon the principle of least privilege and supported through technical controls (e.g., two-factor authentication, audit trails, IP address filtering, firewalls, and TLS encapsulated communications to the administrative consoles).

Control Statement

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4