Home > Blogs > VMware Security & Compliance Blog


VMware vSphere v5.0 Earns Common Criteria EAL4+ Certification

On May 22, 2012, VMware vSphere 5.0 achieved Common Criteria certification at EAL4+ under the Canadian Common Criteria Evaluation and Certification Scheme.

The visibility and focus of security in IT infrastructure environments has increased significantly in recent years, motivating IT professionals to seek systems which help with the protection their valuable data assets.  Common Criteria provides a level of assurance that VMware vSphere 5.0 has achieved specific security design and implementation specifications.  Common Criteria ensures security functional requirements were met through a rigorous standards based evaluation process, which included functional and vulnerability tests in addition to reviews of VMware’s implementation and development processes.  The certification process also included Flaw Remediation which evaluates VMware’s processes for supporting vSphere 5.0 with future security and maintenance updates.    

Common Criteria is an ISO (15408) standard for evaluating IT security which assures vSphere 5.0 has surpassed the required design and testing criteria.  The Common Criteria certification enables a significant number of VMware’s federal, defense, state and local government sales including large private sector sales as well.  These sectors utilize standards based IT testing methodologies as a means of further validation of IT product security. This certification validates VMware’s commitment to security, standards processes and global standards.

VMware was the first x86 virtualization vendor to complete a Common Criteria certification in 2006 and has continued the tradition of certifying each release since then.  This milestone marks the fifth iteration of completing this certification process.  As VMware continues to set the standard in virtualization and cloud computing, be sure to visit VMware’s Security Certifications web page for updates on future Common Criteria and other certifications activities at VMware.

The certification effort has had many resource touch points.  I would like to acknowledge the contributions of VMware teams, Corsec Security, and CGI for their participation in achieving this milestone.

For the most up to date listing of VMware’s certifications, visit the Security Certifications section of VMware’s web site.

Eric Betts
Certifications Manager