VMware Cloud Foundation 5.x STIG Readiness Guide
Introduction
In the United States Department of Defense (DoD), Security Technical Implementation Guides (STIGs) provide technical, standards-based hardening guidance. Officially published STIGs are mandatory in the DoD and fill a crucial role in systems accreditation as part of the Risk Management Framework (RMF). VMware has worked with the Defense Information Systems Agency (DISA) to publish many STIGs over the years and will continue to do so. More information is available in the overview document provided in the download below.
The only official reference for DISA STIGs, once approved and published, is the US Department of Defense web site at https://public.cyber.mil/stigs/
This guidance evolves. Please check back for the latest versions.
Intended Audience
The audience for the VMware Cloud Foundation 5.x DoD STIG Readiness Guide is VMware VCF customers in the DoD needing to harden or accredit their VCF environment. Other entities can use this guidance, however there are items that are specific to the DoD that will not be applicable to a non-DoD environment.
There are many engineered data center & hybrid cloud infrastructure products that also work with and host VCF deployments, such as Dell VxRail or HPE SimpliVity. If this is how you consume VCF you should check with your product’s support for guidance first before implementing this guide.
For Dell VCF on VxRail guidance see: https://www.dell.com/support/manuals/en-us/vxrail-appliance-series/vxr_vcf_vxrail_stig/
Support and Compatibility
5.0 VCF versions use version 1 release 1.
5.1 VCF versions use version 1 release 2.
5.2 VCF versions use version 1 release 3.
For information on support for STIGs see:
https://knowledge.broadcom.com/external/article?legacyId=94398
Download
The guide is available as a download:
Version 1 Release 3: https://core.vmware.com/vmware-cloud-foundation-52-stig-readiness-guide-20240815
Version 1 Release 2: https://core.vmware.com/vmware-cloud-foundation-51-stig-readiness-guide-20231107
Version 1 Release 1: https://core.vmware.com/vmware-cloud-foundation-50-stig-readiness-guide-20230525
Automation
Additional automation content for some STIG components can be found at our Github repository: