Security
Headlines
HeadlinesLatestCVEs

Headline

CIS publishes hardening guidance for Red Hat OpenShift Virtualization

The Center for Internet Security® (CIS®) has officially published guidance for hardening Red Hat OpenShift Virtualization.The official publication of the new CIS Benchmark® for Red Hat OpenShift Virtualization is an important development for organizations running traditional virtual machines (VMs) alongside modern containers. OpenShift Virtualization is a feature of Red Hat OpenShift that allows existing VM-based workloads to run directly on the platform. This globally recognized, consensus-driven benchmark provides recommendations for creating a security-focused configuration for those env

Red Hat Blog
Open in Source
#mac#linux#red_hat

CIS publishes hardening guidance for Red Hat OpenShift Virtualization

December 4, 2025_2_-minute read

Security

The Center for Internet Security® (CIS®) has officially published guidance for hardening Red Hat OpenShift Virtualization.

The official publication of the new CIS Benchmark® for Red Hat OpenShift Virtualization is an important development for organizations running traditional virtual machines (VMs) alongside modern containers. OpenShift Virtualization is a feature of Red Hat OpenShift that allows existing VM-based workloads to run directly on the platform. This globally recognized, consensus-driven benchmark provides recommendations for creating a security-focused configuration for those environments.

Who is CIS and what is a CIS Benchmark?

CIS is a community-driven nonprofit organization, which aims to “make the connected world a safer place” for businesses, governments, and people by developing and promoting best practice solutions.

The CIS Benchmarks are one of those core solutions. They are a set of globally recognized best practices to help secure configuring operating systems (OSs), servers, and other technology. Developed and maintained by a global community of IT professionals, the CIS Benchmarks provide prescriptive instructions for creating a security-focused configuration baseline. The new CIS Benchmark for OpenShift Virtualization was developed based on the OpenShift Virtualization Hardening Guide.

Key security optimizations

The CIS Benchmark provides detailed recommendations to strengthen your security posture by focusing on 4 key areas of optimization, including:

  • Harden the platform from the ground up: This includes guidance on restricting GPU and USB pass-through to approved devices and disabling non-essential feature gates.
  • Control workloads at every layer: The CIS Benchmark provides fine-grained controls, such as restricting exec and virtual network computing (VNC) access to approved administrators and disabling features like guest-memory overcommit.
  • Segment and protect network traffic: This area focuses on using networking controls like Virtual Local Area Networks (VLANs) to isolate tenant or application traffic and applying Media Access Control (MAC) spoof filtering.
  • Safeguard data integrity in storage: This extends security policies into the storage plane, with recommendations to restrict data volume cloning across namespaces and disable unnecessary shareable disks.

How to implement

Here is the good news: implementing this benchmark is less about complex reconfiguration and more about simple verification. Because OpenShift Virtualization is engineered to have maximum security controls in place out-of-the-box, you likely have the majority of these protections in place already. The benchmark simply acts as prescriptive guidance to help you audit your environment. To get started, just cross-reference your current setup against the OpenShift Virtualization Hardening Guide to ensure those standard safety settings haven’t been altered.

Get the CIS Benchmark

By implementing the CIS Benchmark for OpenShift Virtualization, your organization can enforce consistent security capabilities across workloads on your hybrid cloud platform, protecting both your containerized and virtualized applications.

To see the full list of recommendations and download the CIS Benchmark, visit the official CIS Benchmarks page.

Hub

Red Hat Product Security

Red Hat believes that everyone, everywhere, is entitled to quality information needed to mitigate security and privacy risks, as well as the access to do so.

Enter keywords here to search blogs

UI_Icon-Red_Hat-Close-A-Black-RGB

More like this

Blog post Blog post Original podcast Original podcast

Keep exploring

Browse by channel

Automation

The latest on IT automation for tech, teams, and environments

Security

The latest on how we reduce risks across environments and technologies

Edge computing

Updates on the platforms that simplify operations at the edge

Infrastructure

The latest on the world’s leading enterprise Linux platform

Applications

Inside our solutions to the toughest application challenges

Virtualization

The future of enterprise virtualization for your workloads on-premise or across clouds

Red Hat Blog: Latest News

Red Hat OpenShift sandboxed containers 1.11 and Red Hat build of Trustee 1.0 accelerate confidential computing across the hybrid cloud
Red Hat Blog