Hi BobNiaan,
Sounds like you're after SCAP (Security Control Automation Protocol) content so that you can create the configuration baseline and then ratify against that. There are some STIGs (Secure Technical Implementation Guides) here, but these may not be SCAP automated - I've not used them before.
There's some details out in the wild about using vCenter Configuration Manager to perform these tasks (link), but again, I've never performed this. Alternatively, you can create you're own content using a tool like this (another link on this topic).
Others in the community seem to have scripted this via different means (link).
Diskonekted