Compliance benchmarks display score cards that help you proactively detect compliance problems in vRealize Operations Cloud. The compliance benchmarks are measured against a set of standard rules, regulatory best practices, or custom alert definitions.

How Compliance Benchmarks Work

All the compliance standards in vRealize Operations Cloud, including any standards that you define, are based on alert definitions. Only alert definitions of the Compliance subtype are counted. Custom score cards can monitor user-defined alerts.

In previous releases of vRealize Operations Cloud, you had to modify the current default policy to monitor compliance against a set of standard rules, regulatory best practices, or custom alert definitions. In the current release, you can manage all compliance related tasks from the Home > Troubleshoot > Compliance page. When you configure a benchmark, you select an applicable policy. vRealize Operations Cloud then enables the appropriate alert definitions in the policy to measure compliance.

The compliance assessment is based on the environment where your objects are deployed. You can monitor objects that are deployed in your VMware Self-Managed Cloud (SDDC) environment, including DC and Edge environments, and your VMware Managed Cloud (VMC SDDC) environment. Compliance benchmarks on VMC SDDC are applicable only on client VMs that you have deployed in the VMware Managed Cloud environment.

vRealize Operations Cloud Compliance Benchmark Types

VMware SDDC Benchmarks
Displays score cards based on alerts which are measured against the latest hardening guides:
  • vSphere Security Configuration Guide
  • vSAN Security Configuration Guide
  • NSX Security Configuration Guide
Displays benchmarks for and in the SDDC and VMC SDDC tabs.
Note: vSphere 6.7 Update 1 Security Configuration Guide no longer contains risk profiles. For more information, see blogs.vmware.com.
Regulatory Benchmarks
Displays benchmarks for industry standard regulatory compliance requirements. You can install compliance packs for the following regulatory standards:
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry Data Security Standard (PCI DSS) compliance standards
  • CIS Security Standards
  • Defense Information Systems Agency (DISA) Security Standards
  • The Federal Information Security Management Act (FISMA) Security Standards
  • International Organization for Standardization (ISO) Security Standards
For instructions on installing these compliance packs, see Install a Regulatory Benchmark.