VMware Aria Operations continuously monitors your infrastructure to ensure that it remains in compliance. Compliance is an ongoing process. VMware Aria Operations evaluates the collected data against the defined policies. It assigns a compliance score to each object or group based on how well they adhere to the policies. The compliance score is typically represented as a percentage.
How Compliance Benchmarks Work
Compliance is used to monitor the vCenter Server instances, NSX, vSAN and Cloud Environments. Objects which can be monitored include the hosts, virtual machines, distributed port groups, and distributed switches in your environment. Compliance benchmarks helps to ensure that the settings on your objects meet the defined standards. Score cards help you proactively detect compliance problems in objects manged by VMware Aria Operations. The compliance benchmarks are measured against a set of standard rules, regulatory best practices, or custom alert definitions.
All the compliance standards in VMware Aria Operations, including any standards that you define, are based on alert definitions. Only alert definitions of the Compliance subtype are counted. Custom score cards can monitor user-defined alerts. The alerts and symptom definitions are based on the properties and metrics of the underlying object.
When VMware Aria Operations detects non-compliance with a policy, it can generate alerts or notifications. Depending on the severity of the non-compliance, you can configure automated remediation actions to bring the object back into compliance.
You can manage all compliance related tasks from the VMware Aria Operations can monitor, and then activate the benchmarks for those types of data sources. When you activate a benchmark for a data source, you select an applicable policy. VMware Aria Operations then activates the appropriate alert definitions in the policy to measure compliance.
page. The data sources are displayed in a carousel on the top of the page. To see a compliance score card, you must first configure the data source thatData Sources for Calculating Compliance
- vCenter Systems
- VMware Cloud Foundation
- Google Cloud VMware Engine
- Block Override Allowed should be true
- Port Config Reset at Disconnect should be true
- CIS Security Standards
- DISA Security Standards
- FISMA Security Standards
- HIPAA
- ISO Security Standards
- PCI DSS Compliance Standards
- vSphere Security Configuration Guide
Compliance benchmarks on VMware Cloud on AWS, VMware Cloud Foundation, Oracle Cloud VMware Solution, Azure VMware Solution, and Google Cloud VMware Engine are applicable only on customer VMs that you have deployed in the respective data centers. For more details on these integrations, see the VMware Aria Operations for Integrations Product Documentation, or Integrating Data Sources with VMware Aria Operations.
You can automate the remediation of some of the alerts by installing the Management Pack for VMware Aria Automation Orchestrator. See the management pack documentation in the VMware Aria Operations for Integrations Product Documentation for more details.
Compliance Benchmarks
- VMware SDDC and Benchmarks
-
Displays score cards based on alerts which are measured against the latest hardening guides:
- vSphere Security Configuration Guide
- vSAN Security Configuration Guide
- NSX Security Configuration Guide
For more details, see VMware SDDC Benchmark Details.
- VMware Cloud Foundation Benchmarks
-
Displays score cards based on alerts which are measured in
VMware Cloud Foundation domains based on the following:
- VCF 4.2 Audit Guide
- VCF 4.3 Audit Guide
- VCF 4.4 Audit Guide
- VCF 4.5 Audit Guide
- VMware Aria Operations CSA Compliance Pack for VMware Cloud Foundation. For details of the conditions implemented in VMware Aria Operations, see the Knowledge Base article 371288.
Note: You must install and activate the VMware Aria Operations CSA Compliance Pack for VMware Cloud Foundation after downloading the .PAK file from Marketplace
- Custom Benchmarks
- Displays benchmarks that you define. Use compliance alerts from integrations, and regulatory management packs, or define your own alerts to monitor. You can define up to five custom score cards. You can import custom benchmarks from other instances of VMware Aria Operations.
- Regulatory Benchmarks
-
Displays benchmarks for industry standard regulatory compliance requirements. You can install compliance packs for the following regulatory standards:
- Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS) Compliance Standards
- CIS Security Standards
- Defense Information Systems Agency (DISA) Security Standards
- The Federal Information Security Management Act (FISMA) Security Standards
- International Organization for Standardization (ISO) Security Standards
For more details, see Regulatory Benchmark Details.