With its release of VMware Validated Design, VMware has created a methodology to design in security controls based on compliance requirements. While some of those controls might require additional configuration during deployment, for the first time ever, the UCF mapped requirements are included in the current implementation by design.
The VMware Validated Design approaches security and compliance concepts by leveraging the UCF
Security supported by the VMware Validated Design reduces the risk of data theft, cyber-attack, or unauthorized access. While compliance is the proof that a security control is in place, typically within a defined timeline, security and compliance work with a broader set of considerations including people, processes, and technology.
Security and Compliance by design
- Security is primarily outlined in the design decisions and highlighted within the technology configurations.
- Compliance is focused on mapping the correlation between security controls and specific requirements.
A compliance mapping using the Unified Compliance Framework’s infrastructure provides a centralized view to list out many of the required security controls. Those controls are further detailed by including each security control’s respective compliance citations as dictated by a domain such as NIST, PCI, FedRAMP, HIPAA, and so forth.
For more information about VMWare’s Validated Design, see their VMWare Docs HERE.