If you are a government agency considering using VMware vSphere 4.0, get ready for some good news. VMware announced it has received the Common Criteria certification for vSphere 4.0 at Evaluation Assurance Level 4 (EAL4+) under the Common Criteria Evaluation and Certification Scheme (CSS). This certification covers VMware ESX 4.0, ESXi 4.0, and vCenter 4.0.
[ To learn more about security in the virtualization world, read what Virtual Computer and Sophos are doing to secure the endpoint. | And keep up to date on virtualization with InfoWorld's Virtualization channel. ]
The Common Criteria is an international certification standard (ISO 15408) from North American and European governments that provides a common framework for evaluating security features and capabilities of IT security products. In effect since 1999, the security evaluation is given different EAL ratings, with EAL7+ being the highest grade assigned. However, EAL4+ is the highest assurance level that is globally recognized by all signatories under the Common Criteria Recognition Agreement (CCRA).
Common Criteria is an important certification for government and defense consumers and is often a requirement for many of their IT environments. But beyond government, the test and rating system is also very valuable to other types of consumers because it represents an objective measure of a software product's security. Having Common Criteria certification is often used to gauge whether a product should be considered for use in security-sensitive environments, such as a financial organization or the military.
As you might expect, going through one of these heavy certification processes can be an extremely long journey. A product must undergo a rigorous set of testing and meet extensive documentation requirements in order to pass. It's also important to keep in mind, the EAL level achieved does not measure the security of the system itself, it merely states at which level the system was tested.
According to VMware, "Achieving EAL4+ certification marks the completion of an intensive effort during which VMware vSphere 4.0 and VMware vCenter Server 4.0 were examined, tested and certified at EAL4+, validating that VMware vSphere is one of the most proven, trusted platforms for modern IT infrastructure."