The VMware Validated Design establishes many security capabilities. Some capabilities can be traced to a compliance requirement, while others are best practice.

Where possible, examples of the audit artifacts as evidence can be included in a separate audit guide, focused on compliance and producing evidence to meet controls. Mapping is derived using the Unified Compliance Framework (UCF), a third-party lexicography tool that specializes in the realm of compliance mapping and compliance interpretation.