The TOE is VMware ESXi Update 3e (ESVi 8.0U3e), which is a Type 1 hypervisor that is installed onto a computer system with no host platform Operating System and serves as a virtual machine manager and virtualization system. This allows for the instantiation of multiple virtual machines onto a single physical platform. The TOE also implements mechanisms to enforce logical separation of VMs from one another and from the hypervisor so that data transmission between these domains can only occur through authorized interfaces. The TOE is a software-only TOE where the core component is installed directly on the bare metal hardware.
","evaluation_configuration":"The physical hardware platform for this evaluation is a Dell PowerEdge R660 server with Intel Xeon Gold 6430 CPU.
","security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the VMware ESVi 8.0 Update 3 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R5. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1, R5 supplemented by that found in the Protection Profiles cited below. The evaluation was completed in June, 2025. The product, when delivered and configured as identified in the VMware ESXi 8.0 Update 3e NIAP Common Criteria Guidance Supplement Document, meets the requirements of the following:
\r\nThe TOE's security audit function accepts audit records and stores them locally in pre-allocated files, as well as transmitting them to a remote syslog server via TLS. Each audit record contains relevant information about the audit event. Locally stored audit records are reviewable by authorized subjects and protected from unauthorized deletion and modification.
\r\nThe TOE implements CAVP-validated cryptographic algorithms for its cryptographic services. These are used to support TLS and HTTPS communications. Trusted communications protocols are implemented using secure cryptographic parameters and in accordance with relevant standards. The TOE implements NIST SP 800-90A conformant Deterministic Random Bit Generator (DRBG) that is seeded with a hardware entropy source (Intel Xeon Gold 6430 CPU via RDSEED). The hardware entropy source used by the TOE is made available to Guest VMs through a passthrough interface.
\r\nThe TOE uses hardware-based mechanisms to constrain direct access of Guest VMs to PCI devices. Authorized subjects may configure a specific Guest VM to use USB and network interfaces, however access to PCI passthrough devices, vGPU devices, and SCSI passthrough devices is always prohibited. All volatile and non-volatile memory is cleared prior to allocation to a Guest VM so that domain separation between Guest VMs is enforced.
\r\nTo control access to the TSF, the TOE uses locally defined username/password credentials for authentication. All TSF-mediated actions require successful authentication prior to authorization. The TSF protects against brute-force password authentication attempts by locking an offending user account for a period of time when an excessive number of failed attempts have been accumulated. The TSF also enforces configuration of password complexity policies to further reduce the chance that a brute force authentication attack will succeed.
\r\nThe TOE uses X.509 certificate validation services for TLS server authentication. CRLs are used for revocation. The TSF rejects invalid certificates and those whose revocation status cannot be determined.
\r\nThe TOE includes management functions that allow for configuration of its own behavior as well as configuration and manipulation of Guest VMs, such as starting/stopping VMs, creating checkpoints for VMs, and configuring the VMs with virtual networking and physical device access. The TOE includes several management interfaces over which various management functions can be performed. The TOE implements role-based access control to grant members of different roles granular privileges to manage the TSF and its associated data.
\r\nProtection of the TSF
\r\nThe TOE implements various mechanisms to protect itself from misuse. A Guest VM can only access devices assigned to it by an Administrator. Furthermore, the TOE validates parameters passed to virtual devices and implements controls for transferring removable media between Guest VMs. The TOE includes a hypercall interface that allows Guest VMs to interact with the hypervisor. The TOE also uses hardware assists to eliminate the need for shadow page tables and reduce the use of binary translation.
\r\nThe TOE enforces isolation between Guest VMs and between VMs and itself. It also implements various protection methods in the execution environment to protect against memory-based attacks. TOE updates are also integrity protected using digital code signing verification.
\r\nTOE Access
\r\nThe TOE supports the display of an advisory warning message regarding unauthorized use of the TOE before establishing an Administrator session.
\r\nTOE Trusted Path/Channel
\r\nThe TOE implements TLS and HTTPS for secure communications between itself and external entities, which include remote administrators and remote audit servers. The TOE also enforces unambiguous identification of Guest VMs to reduce the likelihood that a user will inadvertently input data to an unintended Guest VM.
","features":[{"id":333,"feature_name":"Asymmetric Key Generation"},{"id":357,"feature_name":"Auditing"},{"id":344,"feature_name":"Certificate Authentication"},{"id":342,"feature_name":"Certificate Validation"},{"id":335,"feature_name":"Cryptographic Hashing"},{"id":334,"feature_name":"Cryptographic Key Establishment"},{"id":337,"feature_name":"Cryptographic Signature Generation"},{"id":338,"feature_name":"Cryptographic Signature Verification"},{"id":332,"feature_name":"DRBG"},{"id":340,"feature_name":"HTTPS Server [with/without] Mutual Authentication"},{"id":358,"feature_name":"Key Destruction"},{"id":336,"feature_name":"Keyed-hash message authentication"},{"id":353,"feature_name":"TLS 1.1"},{"id":349,"feature_name":"TLS 1.2"},{"id":350,"feature_name":"TLS Client"},{"id":331,"feature_name":"Virtual Machine"},{"id":35,"feature_name":"Virtual Machine (VM)"},{"id":346,"feature_name":"Virtual Server"}]}