]

Compliance Kits

VMware Compliance Kits contain both an Audit Guide and a Product Applicability Guide, helping to bridge the gap between compliance and regulatory requirements and implementation guides.

File Download
VMware Validated Design 5.1.1 - NIST 800-53v4 Compliance Kit
VMware Compliance Kits are comprehensive guidance enabling compliance-oriented customers to meet their regulatory requirements across the entire suite of products in the VMware Validated Design. These kits, attested by third-party auditors, provide guidance on which security controls and products in the software-defined data center can help meet a particular compliance framework, in this case NIST 800-53v4. This document is intended to provide general guidance for organizations that are considering VMware solutions to help them address compliance requirements. The information contained in this document is for educational and informational purposes only. This document is not intended to provide regulatory advice and is provided “AS IS”. VMware makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein. Organizations should engage appropriate legal, business, technical, and audit expertise within their specific organization for review of regulatory compliance requirements.
Last Updated: September 28, 2020

Solution

  • Compliance

Product

  • Cloud Foundation
  • vSphere
File Download
VMware Validated Design 5.1.1 - PCI DSS 3.2.1 Compliance Kit
VMware Compliance Kits are comprehensive guidance enabling compliance-oriented customers to meet their regulatory requirements across the entire suite of products in the VMware Validated Design. These kits, attested by third-party auditors, provide guidance on which security controls and products in the software-defined data center can help meet a particular compliance framework, in this case PCI DSS 3.2.1. This document is intended to provide general guidance for organizations that are considering VMware solutions to help them address compliance requirements. The information contained in this document is for educational and informational purposes only. This document is not intended to provide regulatory advice and is provided “AS IS”. VMware makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein. Organizations should engage appropriate legal, business, technical, and audit expertise within their specific organization for review of regulatory compliance requirements.
Last Updated: September 28, 2020

Solution

  • Compliance

Product

  • Cloud Foundation
  • vSphere

Product Applicability Guides

VMware Product Applicability Guides are implementation guides aimed specifically at helping vSphere and SDDC Administrators implement security controls for a specific compliance framework.

File Download
VMware Product Applicability Guide - NIST 800-171
VMware Product Applicability Guides help compliance-oriented customers meet their regulatory requirements. These guides, attested by third-party auditors, provide guidance on which security controls and products in the software-defined data center can help meet a particular compliance framework, in this case NIST 800-171. This document is intended to provide general guidance for organizations that are considering VMware solutions to help them address compliance requirements. The information contained in this document is for educational and informational purposes only. This document is not intended to provide regulatory advice and is provided “AS IS”. VMware makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein. Organizations should engage appropriate legal, business, technical, and audit expertise within their specific organization for review of regulatory compliance requirements.
Last Updated: September 28, 2020

Solution

  • Compliance

Product

  • Cloud Foundation
  • vSphere
File Download
VMware Product Applicability Guide - HIPAA
VMware Product Applicability Guides help compliance-oriented customers meet their regulatory requirements. These guides, attested by third-party auditors, provide guidance on which security controls and products in the software-defined data center can help meet a particular compliance framework, in this case HIPAA. This document is intended to provide general guidance for organizations that are considering VMware solutions to help them address compliance requirements. The information contained in this document is for educational and informational purposes only. This document is not intended to provide regulatory advice and is provided “AS IS”. VMware makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein. Organizations should engage appropriate legal, business, technical, and audit expertise within their specific organization for review of regulatory compliance requirements.
Last Updated: September 28, 2020

Solution

  • Compliance

Product

  • Cloud Foundation
  • vSphere
File Download
VMware Product Applicability Guide - CJIS Security Policy 5.5
VMware Product Applicability Guides help compliance-oriented customers meet their regulatory requirements. These guides, attested by third-party auditors, provide guidance on which security controls and products in the software-defined data center can help meet a particular compliance framework, in this case CJIS. This document is intended to provide general guidance for organizations that are considering VMware solutions to help them address compliance requirements. The information contained in this document is for educational and informational purposes only. This document is not intended to provide regulatory advice and is provided “AS IS”. VMware makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein. Organizations should engage appropriate legal, business, technical, and audit expertise within their specific organization for review of regulatory compliance requirements.
Last Updated: November 01, 2020

Solution

  • Compliance

Type

  • Document

Product

  • Cloud Foundation
  • vSphere
File Download
VMware Product Applicability Guide - NERC CIP v5
VMware Product Applicability Guides help compliance-oriented customers meet their regulatory requirements. These guides, attested by third-party auditors, provide guidance on which security controls and products in the software-defined data center can help meet a particular compliance framework, in this case NERC CIP v5. This document is intended to provide general guidance for organizations that are considering VMware solutions to help them address compliance requirements. The information contained in this document is for educational and informational purposes only. This document is not intended to provide regulatory advice and is provided “AS IS”. VMware makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein. Organizations should engage appropriate legal, business, technical, and audit expertise within their specific organization for review of regulatory compliance requirements.
Last Updated: September 28, 2020

Solution

  • Compliance

Product

  • Cloud Foundation
  • vSphere
File Download
VMware Product Applicability Guide - FedRAMP
VMware Product Applicability Guides help compliance-oriented customers meet their regulatory requirements. These guides, attested by third-party auditors, provide guidance on which security controls and products in the software-defined data center can help meet a particular compliance framework, in this case FedRAMP. This document is intended to provide general guidance for organizations that are considering VMware solutions to help them address compliance requirements. The information contained in this document is for educational and informational purposes only. This document is not intended to provide regulatory advice and is provided “AS IS”. VMware makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein. Organizations should engage appropriate legal, business, technical, and audit expertise within their specific organization for review of regulatory compliance requirements.
Last Updated: November 01, 2020

Solution

  • Compliance

Type

  • Document

Product

  • Cloud Foundation
  • vSphere

Additional Resources

External Content
VMware Validated Design Compliance Kits
General guidance for organizations that are considering VMware solutions to help them address compliance requirements.
Last Updated: September 28, 2020

Solution

  • Compliance

Product

  • Cloud Foundation
  • vSphere
External Content
Compliance and Cyber Risk Solutions Page
VMware Compliance and Cyber Risk Solutions delivers the ability for customers to confidently and quickly secure mission critical virtualized workloads in many critical industries.
Last Updated: September 28, 2020

Solution

  • Compliance
VMware vSphere Security Configuration Guide 7
September 28, 2020
The vSphere Security Configuration Guide is the baseline for hardening & auditing guidance for vSphere itself. Started more than a decade ago, it has served as guidance for vSphere Administrators as they work to protect their infrastructure, as well as to guide VMware in making vSphere secure by default.

Solution

  • Security

Type

  • Document

Level

  • Intermediate

Category

  • Best Practice

Product

  • ESXi
  • vSphere
  • vSphere 7

Technology

  • AMD EPYC
  • API Explorer
  • ESXi
  • Intel Xeon
  • iSCSI
  • NFS
  • NTP
  • PowerCLI
  • PTP
  • Secure Boot
  • Snapshots
  • Trusted Platform Module (TPM)
  • vCenter Server High Availability (vCHA)
  • vCenter Server Single Sign-on (SSO)
  • Virtual Trusted Platform Module (vTPM)
  • vMotion
  • VMware Tools
  • vSphere Client
  • vSphere Distributed Switch (vDS)
  • vSphere High Availability (HA)
  • vSphere Lifecycle Manager (vLCM)
  • vSphere Standard Switch