If you need an SDDC that can be configured to run workloads that are periodically audited to verify compliance with standards such as the Payment Card Industry Data Security Standard (PCI DSS) and Information Security Registered Assessors Program (IRAP), start by creating an organization dedicated to hosting compliance-hardened SDDCs then contact your account team to enable compliance hardening for the organization.

Compliance hardening in VMware Cloud on AWS is an organization-level property that helps you provide SDDCs that have a runtime environment suitable for compliance-audited workloads. VMware Cloud on AWS SDDC compliance hardening uses a shared accountability model that distributes security and compliance responsibilities among AWS, VMware, and the customer. Read the Technical White Paper Migrating PCI Workloads to VMware Cloud on AWS for supplemental guidance covering the responsibilities and ownership of compliance hardening functions in VMware Cloud on AWS.

Compliance hardening can be configured in new SDDCs created in an AWS region that provides the appropriate support, as shown in Choosing a Region.


VMware Cloud on AWS does not enable compliance hardening by default. You cannot enable compliance hardening in an organization that has any SDDCs in it. Once enabled for an organization, compliance hardening applies to all SDDCs you create in it. Contact your account team for more information.

Because certain SDDC features and services are not compatible with compliance hardening requirements, you must disable them in each SDDC you create after compliance hardening has been enabled for your organization, and before you migrate compliance-audited workloads to it.