Security by Design

Security and compliance guidance includes both default configurations in the VMware Cloud Foundation and non-default configurations that can be implemented post-deployment.

The

Compliance Kit for VMware Cloud Foundation

views configurations from two personas. System administrators and implementation teams for VMware Cloud Foundation use the

Security and Compliance Configuration for VMware Cloud Foundation

to assess and implement non-default configurations. Default configurations that address compliance are not subject of the configuration guide because they do not require additional configuration. In some cases, default configurations must be evaluated to ensure the default parameter aligns with the policy and procedures of your organization. Guidance for auditors who evaluate a VMware Cloud Foundation environment can use the

VMware Cloud Foundation Audit Guide Appendix

to evaluate both default and non-default configurations.

Default configurations: Security configurations based on compliance requirements that are configured by default in VMware Cloud Foundation. According to the different regulatory requirements, the parameter values might require changes, but by secure design these configurations are included in the current implementation.
Non-default configurations: Additional input by the organization is required to identify, select, and set configurations based on a target regulation.

VMware Cloud Foundation のセキュリティとコンプライアンスの導入 4.5

Content feedback and comments

VMware Cloud Foundation 4.5

Security by Design