Security and compliance guidance includes both default configurations in the VMware Cloud Foundation and user defined configurations that can be implemented post-deployment.

The Compliance Kit for VMware Cloud Foundation views configurations from two personas. System administrators and implementation teams for VMware Cloud Foundation use the Security and Compliance Configuration for VMware Cloud Foundation to assess and implement user-defined configurations. Default configurations that address compliance are not subject of the configuration guide because they do not require additional configuration. In some cases, default configurations must be evaluated to ensure the default parameter aligns with the policy and procedures of your organization. Guidance for auditors who evaluate a VMware Cloud Foundation environment can use the VMware Cloud Foundation Audit Guide and the associated VMware Cloud Foundation Audit Guide Appendix to evaluate both default and user-defined configurations.

Default configurations

Security configurations based on compliance requirements that are configured by default in VMware Cloud Foundation. According to the different regulatory requirements, the parameter values might require changes, but by secure design these configurations are included in the current implementation.

User-defined configurations

Additional input by the organization is required to identify, select, and set configurations based on a target regulation.