The VMware Validated Design establishes many security capabilities. Some capabilities can be traced to a compliance requirement, while others are best practice.

Where possible, examples of the audit artifacts as evidence can be included in a separate guide, focused on compliance and producing evidence to meet controls. The following is a broad mapping of the principles outlined in the security architecture section and the mapping to prominent compliance domains. The mapping was derived using the Unified Compliance Framework (UCF), a third-party lexicography tool that specializes in the realm of compliance mapping and compliance interpretation.

Note:

The compliance mapping is a subject of expansion, as more security controls are evaluated, including additional compliance domains/regulations.

Location of Guidance

Security Control

Category

Type

NIST 800-53 Mapping

Enhanced guidance

Active Directory groups/users

Access control

Administrative

AC-2

Enhanced guidance

Active Directory groups/users

Access control

Administrative

AC-5

Enhanced guidance

Separation of duties using Active Directory groups to assign product roles.

Access control

Administrative

AC-6

Enhanced guidance

Login notification banner

Access control

Technical

AC-8

Legal Disclaimer:

This document is intended to provide general guidance for organizations that are considering VMware solutions to help them address compliance requirements. The information contained in this document is for educational and informational purposes only. This document is not intended to provide regulatory advice and is provided “AS IS”. VMware makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein. Organizations should engage appropriate legal, business, technical, and audit expertise within their specific organization for review of regulatory compliance requirements.