Document control

Policy status


ApproversEGI Foundation Executive Board
Approval status


Approved version and date


StatementThis document describes the security-related policy requirements for the generation, distribution and operations of virtual machine (VM) images, as part of a trusted computing environment of the IT infrastructure. The aim is to enable VM images to be generated according to best practices and to be both trusted and operated elsewhere.
Dissemination Level

TLP:WHITE - Public

Next policy reviewtogether with process review

Policy reviews

The following table is updated after every review of this document.

DateReview bySummary of resultsFollow-up actions / Comments

Table of contents


Please refer to the EGI Glossary for the definitions of the terms used in this policy.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", “MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.


See policy published at