Security Advisories are the official notification of security-related vulnerabilities and issues impacting VMware products. Security Advisories outline complete information on how to protect impacted systems. Each advisory contains a detailed description of the security vulnerability, affected systems, threat severity, risk mitigation techniques for fixing the vulnerability and securing the system.

• VMware vSphere 5.1 undergoing Common Criteria Certification at EAL2+ In-Evaluation.
• VMware vFabric tc Server v2.8.2 is undergoing Common Criteria Certification at EAL2+ In-Evaluation.
• VMware vCloud Networking and Security v5.1.2 is undergoing Common Criteria Certificationat EAL4+ In-Evaluation.
• VMware vSphere 5.0 has achieved Common Criteria Certificationat EAL4+:
  
  View certificate
  
  View completion letter
  
  View certification listing

• VMware ESX 4.1, ESXi 4.1 and vCenter Server 4.1have achieved Evaluation Assurance Level 4+ (EAL4+) certification in December 2010.
  
  
  
  ESX and vCenter Server:
  
  View Maintenance Report
  
  
  
  ESXi and vCenter Server:
  
  View Maintenance Report

• VMware ESX 4.0, ESXi 4.0 and vCenter Server 4.0 have achieved Evaluation Assurance Level 4+ (EAL4+) certification in October 2010.
  
  
  
  ESX and vCenter Server:
  
  View certificate
  
  View completion letter
  
  View certification listing
  
  
  
  ESXi and vCenter Server:
  
  View certificate
  
  View completion letter
  
  View certification listing
• VMware ESX Server 3.5 and VMware vCenter 2.5 have both achieved Evaluation Assurance Level 4+ (EAL4+) certification in February 2010.
  
  
  
  View certificate
  
  View completion letter
• VMware ESX Server 3.0 and VMware VirtualCenter 2.0 have both achieved Evaluation Assurance Level 4+ (EAL4+) certification in May 2008.
  
  
  
  View EAL4+ Validation for VMware ESX 3.0 and VMware VirtualCenter
• VMware ESX Server 2.5 and VMware VirtualCenter 1.2 have both achieved Evaluation Assurance Level 2 (EAL2) certification in March 2006.
  
  
  
  View EAL2 Validation for VMware ESX Server 2.5 and VMware VirtualCenter 1.2

• PCoIP Display Protocol for Horizon View™: VMware received FIPS-140-2 certification for the "PCoIP Cryptographic Module for Horizon View" (December 2011).

The PCoIP display protocol with Horizon View™ 5.0 provides end users with secure access to virtual desktops, dramatic improvements in user experience and bandwidth optimization across the LAN and WAN for demanding environments.

National Institute of Standards and Technology (NIST) certificate #1644

Security Policy

• FIPS 140-2: VMware ACE files are encrypted with the AES 128-bit algorithm. VMware has received approval from the US Department of Commerce to export VMware ACE internationally. FIPS 140-2 compliance testing has been completed and final certification is currently in-process.
  
  
  
  

View FIPS 140-2 certificate for VMware ACE

CESG Virtualization Product Approval - vSphere ESXi 4.1