VMware SDDC Product Audit Guide for NIST 800-171
This Product Audit Guide (PAG) provides an evaluation of VMware products that make up and support the Software-Defined Data Center (SDDC), and how they may support NIST 800-171 Rev. 2 (NIST 800-171) controls. These products virtualize and abstract the physical technology layers such as compute, storage, and network, the essence of an SDDC. The changing technology landscape that is modernizing the data center is also modernizing the virtual desktop environment and mobile device management while making inroads to consolidate and automate Information Technology (IT) resources. VMware prioritizes data protection and system security features within the SDDC.
The VMware Compliance Solutions team developed a framework that incorporates SDDC product capabilities aligned to NIST 800-171 compliance controls. The product capabilities and framework of this PAG used NIST 800-53 as their foundational security framework to create a series of standards. These standards have then been used to illustrate how VMware products and their capabilities apply to other industry frameworks.
VMware engaged Tevora, an independent third-party IT audit firm, to conduct a review of the SDDC and VMware Cloud™ solution’s alignment to PCI DSS. This document is the culmination of Tevora’s discussions with VMware product teams to perform a thorough evaluation of VMware product capabilities mapped to NIST 800-171 requirements.
This guidance evolves. Please check back for the the latest versions.
- VMware vSphere
- VMware vCenter Server
- VMware ESXi
- VMware Cloud Foundation
- VMware vSAN
- VMware NSX
- VMware NSX-T
- VMware vRealize Operations Manager
- VMware vRealize Log Insight
- VMware vRealize Network Insight
- VMware vRealize Orchestrator
- VMware Cloud Director
- VMware Workspace ONE Access
This Product Applicability Guide is available as a download: