VMware Cloud Foundation Compliance Kit 4.2


The VMware Cloud Foundation (VCF) Compliance Kit 4.2 helps customers meet regulatory requirements, by bridging the gap between compliance frameworks and implementation guides. The Kit provides attested guidance to administrators for configuring the platform to be secure in the manner that those regulations require. It also provides explanations and information to auditors to help them understand how the product security controls work to address the regulations.

Guidance is provided for PCI DSS 3.2.1, DISA STIG, NIST 800-53v4, NIST 800-171 (CMMC), ISO27001 (GDPR), HIPAA, FedRAMP, FBI CJIS, NERC CIP, and SOC2 for the products included in VMware Cloud Foundation 4.2.

Intended Audience

The audience for the VCF Compliance Kit 4.2 is VMware Cloud Foundation customers running version 4.2 of VCF. It is not intended for use on other platforms or versions.

There are many engineered data center & hybrid cloud infrastructure products that also work with and host VCF deployments, like Dell EMC VxRail. If this is how you consume VCF you should check with those products’ support for guidance on security first, before implementing these ideas. Some of the Compliance Kit’s recommendations are likely to be safe to implement, but others may interfere with operations of those solutions. The vendors of those solutions will be able to provide guidance.


The VMware Cloud Foundation Compliance Kit 4.2 is undergoing final testing and will be available in mid-February 2021. Please put a reminder in your calendar to check back. Thank you!


If you want to link to this content we maintain a permanent redirect:


Filter Tags

Compliance Security Cloud Foundation Cloud Foundation 4 Document Best Practice Intermediate