Security Advisories are the official notification of security-related vulnerabilities and issues impacting VMware products. Security Advisories outline complete information on how to protect impacted systems. Each advisory contains a detailed description of the security vulnerability, affected systems, threat severity, risk mitigation techniques for fixing the vulnerability and securing the system.
Security Certifications & Validations
Common Criteria Evaluation & Validation (CCEVS)
- Evaluation Assurance Level 2 (EAL2): VMware ESX Server 2.5 and VMware VirtualCenter 1.2 have both achieved Common Criteria EAL2 certification in March 2006.
View EAL2 Validation for VMware ESX Server 2.5 and VirtualCenter - Evaluation Assurance Level 4 (EAL4): VMware ESX Server 3.0 and VMware VirtualCenter 2.0 have both achieved EAL4+ certification in May 2008.
View EAL4+ Validation for VMware ESX 3.0 and VMware VirtualCenter
Federal Information Processing Standards (FIPS)
- FIPS 140-2: VMware ACE files are encrypted with the AES 128-bit algorithm. VMware has received approval from the US Department of Commerce to export VMware ACE internationally. FIPS 140-2 compliance testing has been completed and final certification is currently in-process.
View FIPS 140-2 certificate for VMware ACE