To prepare an SDDC to run workloads that must be periodically audited to verify compliance with standards such as the Payment Card Industry Data Security Standard (PCI DSS) and Information Security Registered Assessors Program (IRAP), you must disable access to the VMware Cloud Console Networking & Security tab and also disable certain SDDC services.

Compliance hardening of a VMware Cloud on AWS SDDC helps you provide a runtime environment suitable for compliance-audited workloads. VMware Cloud on AWS SDDC compliance hardening uses a shared accountability model that distributes security and compliance responsibilities among AWS, VMware, and the customer. Read the Technical White Paper Migrating PCI Workloads to VMware Cloud on AWS for supplemental guidance covering the responsibilities and ownership of compliance hardening functions in VMware Cloud on AWS.


VMware Cloud on AWS does not enable compliance hardening by default. Contact your account team for more information.

Compliance hardening can be configured in new SDDCs at version 1.14 and later created in an AWS region that provides the appropriate support, as shown in Choosing a Region.

Because certain SDDC features and services are not compatible with compliance hardening requirements, you must disable them before migrating PCI workloads to your SDDC.