Hello,

THe closest set of tools to your needs are from VMware (vCM plugins and standalone packages, also look for something to be demoed at RSA Conference this year), HyTrust, and Catbird. There are some standalone tools that will give you security auditing of your Virtual environment from William Lam (but it is limited), myself (but used by my consultancy), and a few others. It is actually a fairly hard problem to solve.

vSphere when it comes to PCI, HIPAA is not your only worry, you need to worry about networking, the VMs, segmentation, storage, etc. The best thing I can suggest is to first define your scope of VMs and determine what touches them directly and indirectly. Compliance is all about scope of the audit. No one audits the entire environment for PCI, but a part of it for example. Else you would need to audit the entire datacenter as it is all usually interconnected in some way. So how do you limit scope? By segregating PCI and HIPAA workloads from one another or by limiting management systems or other systems peripheral to PCI and HIPAA from PCI and HIPAA systems.

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009, 2010, 2011,2012,2013,2014

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast