Compliance benchmarks display score cards that help you proactively detect compliance problems in VMware Aria Operations. The compliance benchmarks are measured against a set of standard rules, regulatory best practices, or custom alert definitions.
How Compliance Benchmarks Work
All the compliance standards in VMware Aria Operations, including any standards that you define, are based on alert definitions. Only alert definitions of the Compliance subtype are counted. Custom score cards can monitor user-defined alerts.
In previous releases of VMware Aria Operations, you had to modify the current default policy to monitor compliance against a set of standard rules, regulatory best practices, or custom alert definitions. In the current release, you can manage all compliance related tasks from the page. When you configure a benchmark, you select an applicable policy. VMware Aria Operations then activates the appropriate alert definitions in the policy to measure compliance.
The compliance assessment is based on the environment where your objects are deployed. You can monitor objects that are deployed in your VMware Self-Managed Cloud (SDDC) environment, including DC and Edge environments, your VMware Managed Cloud (VMC SDDC) environment, VMware Cloud Foundation Domains, VMware Cloud on Dell EMC SDDC, Oracle Cloud VMware Solution SDDC, and your Azure VMware Solution and Google Cloud VMware Engine Private Cloud environments.
Compliance benchmarks on VMware Cloud on AWS, VMware Cloud Foundation, VMware Cloud on Dell EMC, Oracle Cloud VMware Solution, Azure VMware Solution, and Google Cloud VMware Engine are applicable only on customer VMs that you have deployed in the respective data centers.
VMware Aria Operations Compliance Benchmark Types
- VMware SDDC and Private Cloud Benchmarks
-
Displays score cards based on alerts which are measured against the latest hardening guides:
- vSphere Security Configuration Guide
- vSAN Security Configuration Guide
- NSX Security Configuration Guide
Note: vSphere 6.7 Update 1 Security Configuration Guide no longer contains risk profiles. For more information, see blogs.vmware.com. - Custom Benchmarks
- Displays benchmarks that you define. Use compliance alerts from vSphere and regulatory management packs, or define your own alerts to monitor. You can define up to five custom score cards. You can import custom score cards from other instances of VMware Aria Operations.
- Regulatory Benchmarks
-
Displays benchmarks for industry standard regulatory compliance requirements. You can install compliance packs for the following regulatory standards:
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS) compliance standards
- CIS Security Standards
- Defense Information Systems Agency (DISA) Security Standards
- The Federal Information Security Management Act (FISMA) Security Standards
- International Organization for Standardization (ISO) Security Standards