VMware Cybersecurity Maturity Model Certification (CMMC)


This Cybersecurity Maturity Model (CMMC) document will provide an initial evaluation of VMware products that make up and support a Software-Defined Data Center (SDDC), and how they may support the CMMC controls. These products virtualize and abstract the physical technology layers such as compute, storage, and network, the essence of an SDDC.

The changing technology landscape that is modernizing the data center is also modernizing the virtual desktop environment and mobile device management while making inroads to consolidate and automate Information Technology (IT) resources. VMware prioritizes data protection and system security features within an SDDC. The VMware Compliance Solutions team developed a framework that incorporates SDDC product capabilities aligned to CMMC controls. The product capabilities and framework of this document use NIST 800-171 as their foundational security framework to create a series of standards. These standards are then used to illustrate how VMware products and their capabilities apply to other industry frameworks such as NIST 800-53, PCI DSS, and CMMC.

VMware engaged Tevora, an independent third-party IT audit firm, to conduct a review of an SDDC and VMware Cloud™ solution’s alignment to the CMMC framework. This document is the culmination of Tevora’s discussions with VMware product teams to perform a thorough evaluation of VMware product capabilities mapped to CMMC requirements. Tevora is a leading security consulting firm specializing in enterprise risk, compliance, information security solutions, and threat research. This document will navigate readers through the CMMC standard and highlight applicable VMware product capabilities.


You can get the Whitepaper on Cybersecurity Maturity Model Certification (CMMC) from:


Filter Tags

Compliance Document