https://docs.openstack.org/security-guide/compute/hypervisor-selection.html
Common criteria
Common Criteria is an internationally standardized software evaluation process, used by governments and commercial companies to validate software technologies perform as advertised. In the government sector, NSTISSP No. 11 mandates that U.S. Government agencies only procure software which has been Common Criteria certified, a policy which has been in place since July 2002.
Note
OpenStack has not undergone Common Criteria certification, however many of the available hypervisors have.
In addition to validating a technologies capabilities, the Common Criteria process evaluates how technologies are developed.
- How is source code management performed?
- How are users granted access to build systems?
- Is the technology cryptographically signed before distribution?
The KVM hypervisor has been Common Criteria certified through the U.S. Government and commercial distributions. These have been validated to separate the runtime environment of virtual machines from each other, providing foundational technology to enforce instance isolation. In addition to virtual machine isolation, KVM has been Common Criteria certified to¡¦:
While many hypervisor vendors, such as Red Hat, Microsoft, and VMware have achieved Common Criteria Certification their underlying certified feature set differs, we recommend evaluating vendor claims to ensure they minimally satisfy the following requirements: