Tanzu Platform for Cloud Foundry NIST services

Assessment of VMware Tanzu Platform for Cloud Foundry against NIST SP 800-53(r4) Controls

Last Updated January 02, 2025

Tanzu Application Service is now called Tanzu Platform for Cloud Foundry, as of release 10.0.

Many organizations are required to reference a standardized control framework when assessing the security and compliance of their information systems. Standardized control frameworks are intended to provide a model for how to protect information and data systems from threats, including malicious third parties, structural failures, and human error. One very comprehensive and commonly referenced framework is NIST Special Publication 800-53(r4). Adherence to these controls is required for many government agencies in the United States, as well as for many private enterprises that operate within regulated markets, such as healthcare or finance. For example, the HIPAA regulations that govern the required protections for Personal Health Information (PHI) may be cross-referenced to the NIST SP 800-53(r4) control set.

These pages provide an assessment of the VMware Tanzu Platform for Cloud Foundry against the NIST SP 800-53(r4) controls, and provides guidance for how deployers may achieve compliance when using a shared responsibility model. Responsibility for any particular control may be assigned to the underlying IaaS infrastructure, the Tanzu Platform for Cloud Foundry, the deployed application, or the organization.

This document covers the VMware Tanzu Platform for Cloud Foundry, and assumes the use of BOSH and Tanzu Operations Manager. In addition, we assume the platform has been deployed in a manner consistent with the corresponding IaaS reference architecture.

Control Families