I'm migrating VMs between a 5.5 and 6.5 environment. They've never had any VM lockdown settings from the hardening guides applied. The amount of VM settings to lockdown has reduced between the 5.5 and 6.5 versions of guides and I was wondering if I only need apply the 6.5 recommendations once they are migrated or if they carry over settings in their VMX files that could expose them even though they are on 6.5? i.e. do I apply the 5.5 guide settings, migrate and then apply the 6.5 settings, or only apply the 6.5 settings? Thanks.
Once the VM is on 6.5 you need only concern yourself with the security configurations for 6.5. 5.5 had many that did not apply as the functionality was not in vSphere. The configuration guide has been cleaned up significantly since then.
So migrate and apply. If you apply then migrate you will still end up applying the 6.5 configuration or at least double checking it.