« NIST SP800-147, BIOS Protection Guidelines | Main | 原子力問題はこれからどうなる。。。衆議院決算行政監視委員会@2011年4月27日(水) »

2011.05.03

NIST Full Virtualization Technologies: Guidelines For Secure Implementation And Management

 こんにちは、丸山満彦です。NISTがFull Virtualization Technologies: Guidelines For Secure Implementation And Managementを公表していますね。。。
 仮想化にまつわるリスクの話、日本でももっと議論すべきですよね。。。

 
■NIST
ITL Security Bulletins
・2011.04.28 Full Virtualization Technologies: Guidelines For Secure Implementation And Management

NIST Recommendations for Security for Full Virtualization Technologies
• Secure all elements of a full virtualization solution and maintain their security.
• Restrict and protect administrator access to the virtualization solution.
• Ensure that the hypervisor is properly secured.
• Carefully plan the security for a full virtualization solution before installing, configuring, and deploying it.

ついでにSP800-125も。。。
・2011.01 Guide to Security for Full Virtualization Technologies
=====
Executive Summary.
1. Introduction
 1.1 Authority
 1.2 Purpose and Scope
 1.3 Audience
 1.4 Document Structure.
2. Introduction to Full Virtualization
 2.1 Motivations for Full Virtualization
 2.2 Types of Full Virtualization
 2.3 Virtualizing Hardware
  2.3.1 Virtualized Networking
  2.3.2 Virtualized Storage
  2.3.3 Guest OS Images
 2.4 Full Virtualization Use Cases
  2.4.1 Server Virtualization
  2.4.2 Desktop Virtualization.
3. Virtualization Security Overview
 3.1 Guest OS Isolation
 3.2 Guest OS Monitoring
 3.3 Image and Snapshot Management
4. Security Recommendations for Virtualization Components
 4.1 Hypervisor Security
 4.2 Guest OS Security
 4.3 Virtualized Infrastructure Security
 4.4 Desktop Virtualization Security
5. Secure Virtualization Planning and Deployment
 5.1 Initiation
 5.2 Planning and Design
 5.3 Implementation
 5.4 Operations and Maintenance
 5.5 Disposition
=====


■このブログ
クラウド

■Cyberlaw (夏井先生)
クラウドコンピューティング

|

« NIST SP800-147, BIOS Protection Guidelines | Main | 原子力問題はこれからどうなる。。。衆議院決算行政監視委員会@2011年4月27日(水) »

Comments

Post a comment



(Not displayed with comment.)


Comments are moderated, and will not appear on this weblog until the author has approved them.



TrackBack


Listed below are links to weblogs that reference NIST Full Virtualization Technologies: Guidelines For Secure Implementation And Management:

« NIST SP800-147, BIOS Protection Guidelines | Main | 原子力問題はこれからどうなる。。。衆議院決算行政監視委員会@2011年4月27日(水) »