IVS-11: Hypervisor Hardening

CSF v1.1 References:

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: IAM-05: Least Privilege, IVS-04: OS Hardening and Base Controls.

Control Statement

Access to all hypervisor management functions or administrative consoles for systems hosting virtualized systems shall be restricted to personnel based upon the principle of least privilege and supported through technical controls (e.g., two-factor authentication, audit trails, IP address filtering, firewalls, and TLS encapsulated communications to the administrative consoles).

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.