VMware vSphere 5.0 gets Common Criteria security clearance

VMware today said its virtual-machine infrastructure software, vSphere 5.0, has achieved certification under what's known as the Common Criteria program, a U.S.-supported international effort to test software in labs for security and general soundness in technical features.

VMware said vSphere 5.0 has attained the Evaluation Assurance Level 4 (EAL4+) under Common Criteria. This is considered a very high rating for commercial software using conventional security. In contrast, there are highly-specialized methods for ultra-high-security purposes demanded by the government which go beyond EAL4+ up to EAL7.

In the news: IT staff, engineers among top 10 toughest jobs to fill in US

More: McAfee bringing anti-virus support to VMware's vShield

The Common Criteria program arose as a cooperative effort for product testing between several countries in the 1990s which agreed to recognize Common Criteria test results from accredited test labs in various locales so that tech vendors wouldn't have to keep repeating what can be lengthy and expensive testing over and over again to satisfy each country's government. The U.S., Canada, France, Germany, and the United Kingdom were the original Common Criteria supporters, but several more countries have also signed onto Common Criteria since the year 2000.

VMware says it relied on Corsec Security and CGI's accredited Common Criteria lab to perform the VSphere 5.0 testing and obtain the EAL4+ rank. Eric Betts, VMware's certification manager, said in his blog that VMware in this instance worked under the Canadian Common Criteria Evaluation and Certification Scheme. VMware says it has had some earlier versions of it software certified under Common Criteria.

Gaining confidence from government buyers, which sometimes require Common Criteria certification in products, is clearly the goal in putting vSphere 5.0 through the test process.

VMware indicated it expects the EAL4+ rating of VSphere to boost its acceptance for cloud-computing purposes in the U.S. and elsewhere, where concerns about virtual-machine cloud security are rampant.

"Cloud computing is a top priority for CIOs of government IT organizations," says Aileen Black, vice president, public sector, at VMware. The successful Common Criteria testing of VSphere 5.0 underscores that it is a platform that "government organizations can trust," she says.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about data center in Network World's Data Center section.