Hi,
a good starting point is the VMware vSphere Security Configuration Guide available at https://via.vmw.com/scg
A very good overview how ESXi can be hardend including a framework in the background can be found here:
CIS_VMware_ESXi_6_7_Benchmark_v1_0_0.pdf (bobylive.com)
To start securing ESXi, you should leave SSH disabled and activate Lockdown Mode in vCenter. If further steps are required to fullfill audits, please checkt the benchmark guide above.