Compliance benchmarks display score cards that help you proactively detect compliance problems in vRealize Operations Cloud. The compliance benchmarks are measured against a set of standard rules, regulatory best practices, or custom alert definitions.

How Compliance Benchmarks Work

All the compliance standards in vRealize Operations Cloud, including any standards that you define, are based on alert definitions. Only alert definitions of the Compliance subtype are counted. Custom score cards can monitor user-defined alerts.

In previous releases of vRealize Operations Cloud, you had to modify the current default policy to monitor compliance against a set of standard rules, regulatory best practices, or custom alert definitions. In the current release, you can manage all compliance related tasks from the Optimize > Compliance page. When you configure a benchmark, you select an applicable policy. vRealize Operations Cloud then enables the appropriate alert definitions in the policy to measure compliance.

The compliance assessment is based on the environment where your objects are deployed. You can monitor objects that are deployed in your VMware Self-Managed Cloud (SDDC) environment, including DC and Edge environments, your VMware Managed Cloud (VMC SDDC) environment, VMware Cloud on Dell EMC SDDC, and your Azure VMware Solution and Google Cloud VMware Engine Private Cloud environments.

Compliance benchmarks on VMware Cloud on AWS, VMware Cloud on Dell EMC, Azure VMware Solution, and Google Cloud VMware Engine are applicable only on customer VMs that you have deployed in the respective data centers.

vRealize Operations Cloud Compliance Benchmark Types

VMware SDDC and Private Cloud Benchmarks
Displays score cards based on alerts which are measured against the latest hardening guides:
  • vSphere Security Configuration Guide
  • vSAN Security Configuration Guide
  • NSX Security Configuration Guide
Displays benchmarks for and in the SDDC and other tabs.
Note: vSphere 6.7 Update 1 Security Configuration Guide no longer contains risk profiles. For more information, see
Regulatory Benchmarks
Displays benchmarks for industry standard regulatory compliance requirements. You can install compliance packs for the following regulatory standards:
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Payment Card Industry Data Security Standard (PCI DSS) compliance standards
  • CIS Security Standards
  • Defense Information Systems Agency (DISA) Security Standards
  • The Federal Information Security Management Act (FISMA) Security Standards
  • International Organization for Standardization (ISO) Security Standards
For instructions on installing these compliance packs, see Install a Regulatory Benchmark.