Compliance Kit for VMware Cloud Foundation
The compliance kits is a solution that builds on top of VMware Cloud Foundation and leverages security fundamentals. The kit address the top ten most frequently requested compliance standards, regulations, and frameworks.
The compliance kit is designed and validated to tailor security configurations without impacting the ability of VMware Cloud Foundation to meet its design objectives. The kit can assist organizations to secure information systems in a compliance context.
This guidance has been validated and tested against certain product versions. Changes between subsequent releases of VMware Cloud Foundation are designed for stability and optimal upgrade experience. Guidance provided by the
Compliance Kit for VMware Cloud Foundation
is for a specific VMware Cloud Foundation release, but can still be used until a subsequent kit release is available. This guidance is not backward-compatible and must not be implemented for separate product components.
Compliance Kit for VMware Cloud Foundation Structure
Compliance Kit for VMware Cloud Foundation
StructureThe compliance kit consists of documents specific to the standard architecture model of VMware Cloud Foundation.
Document Name | Document Description | Intended Audience |
|---|---|---|
Security and Compliance Configuration for VMware Cloud Foundation | Non-default configurations can be performed post deployment of VMware Cloud Foundation for Standard Architecture. |
|
VMware Cloud Foundation Audit Guide Appendix
| Includes audit procedures for auditors examining an environment for compliance readiness. |
|
The compliance kit is designed to work holistically. Each document supports the overall blueprint and builds trust across multiple persona that may interact with the life cycle of a system operating within a compliance context: architect, system administrator, system integrator, security professional, and auditor.
Introducing Security and Compliance for VMware Cloud Foundation
outlines security and compliance concepts used in the development of the VMware Cloud Foundation, Compliance Kit. For example, considerations such as governance, risk, and compliance, separation of duties, and security architecture to name a few.The
Security and Compliance Configuration Guide for VMware Cloud Foundation
outlines the steps to implement non-default configurations. Default configurations are confirmed and excluded from the configuration guide as part of the VMware Cloud Foundation post deployment steps. You must perform the procedures from the guide to ensure that the SDDC performance is not compromised.The
VMware Cloud Foundation Audit Guide Appendix
supports the post-implementation process and audit process. It includes procedures to validate both default and non-default configurations. In theVMware Cloud Foundation Audit Guide Appendix
, mappings between configurations and compliance controls provide a comprehensive inventory of configurations designated as default or non-default.VMware Cloud Foundation Compliance Kit
Compliance kits apply to core products in VMware Cloud Foundation:
- VMware ESXi™
- VMware vCenter Server®
- VMware vSAN™
- VMware NSX™ Data Center
- VMware Cloud Foundation™ SDDC Manager