VMware Cloud Foundation 4.2 Compliance Kit


The VMware Cloud Foundation (VCF) 4.2 Compliance Kit helps organizations meet regulatory requirements by bridging the gap between compliance frameworks and implementation guides. The Kit provides attested guidance to administrators for configuring the platform to be secure in the manner that those regulations require. It also provides explanations and information to auditors to help them understand how the product security controls work to address the regulations.

Guidance is provided for:

  • NIST 800-53 R4 (Moderate)
  • PCI DSS 3.2.1
  • NIST 800-171 / CMMC
  • GDPR/ISO 27001:2013

This guidance evolves. Please check back for the the latest versions.

Intended Audience

The audience for the VCF 4.2 Compliance Kit is VMware Cloud Foundation customers running version 4.2 of VCF. It is not intended for use on other platforms or versions.

There are many engineered data center & hybrid cloud infrastructure products that also work with and host VCF deployments, like Dell EMC VxRail. If this is how you consume VCF you should check with those products’ support for guidance on security first, before implementing these ideas. Some of the Compliance Kit’s recommendations are likely to be safe to implement, but others may interfere with operations of those solutions. The vendors of those solutions will be able to provide guidance.


The VMware Cloud Foundation documentation hosts the primary copy of the compliance guidance. The audit guides and workbook artifacts are available as a download:


If you want to link to this content we maintain a permanent redirect:


Filter Tags

Compliance Security Cloud Foundation Cloud Foundation 4 Cloud Foundation 4.2 Cloud Foundation 4.2.1 Document Best Practice Intermediate