VMware Tanzu Application Service Compliance

When deployed in accordance with the associate reference architecture, Tanzu Application Service (TAS for VMs) provides both confidentiality and integrity of transmitted information. All implied requirements are satisfied.

Network traffic to any TAS for VMs publicly accessible endpoint is protected via TLS, and optionally via SSH.

Network traffic within the TAS for VMs private subnet may be protected using the IPsec BOSH add-on.

For more information about IPsec see IPsec for VMware Tanzu.

For an overview of securing traffic into TAS for VMs see Securing incoming traffic in TAS for VMs.

For more information about SSH in TAS for VMs see Configuring SSH for your deployment and Securing incoming traffic in TAS for VMs.

For more information about SSH with BOSH see Enabling SSH Access.


Control Description

The information system protects the [Selection (one or more): confidentiality; integrity] of transmitted information.

Supplemental Guidance

This control applies to both internal and external networks and all types of information system components from which information can be transmitted (e.g., servers, mobile devices, notebook computers, printers, copiers, scanners, facsimile machines). Communication paths outside the physical protection of a controlled boundary are exposed to the possibility of interception and modification. Protecting the confidentiality and/or integrity of organizational information can be accomplished by physical means (e.g., by employing protected distribution systems) or by logical means (e.g., employing encryption techniques). Organizations relying on commercial providers offering transmission services as commodity services rather than as fully dedicated services (i.e., services which can be highly specialized to individual customer needs), may find it difficult to obtain the necessary assurances regarding the implementation of needed security controls for transmission confidentiality/integrity. In such situations, organizations determine what types of confidentiality/integrity services are available in standard, commercial telecommunication service packages. If it is infeasible or impractical to obtain the necessary security controls and assurances of control effectiveness through appropriate contracting vehicles, organizations implement appropriate compensating security controls or explicitly accept the additional risk.

check-circle-line exclamation-circle-line close-line
Scroll to top icon