0 Replies Latest reply on Aug 24, 2018 2:22 PM by carlos_phoenix

    Early Access: Architecture and Design Guidance for NIST 800-53

    carlos_phoenix Lurker
    VMware Employees

      Many of our customers deploy VMware Validated Designs with the expectation that they will enhance the environment to configure, harden, and secure it to meet compliance regulations. The compliance requirements can range from NIST 800-53, PCI, HIPAA, FBI CJIS, DISA STIG, to international standards such as ISO27001, GDPR, et cetera.

       

      We are working towards embedding additional security and explicitly citing compliance within the standard design, providing mapping of controls to specific regulations to facilitate auditing the system, and defining a baseline to build upon across all VMware Validated Designs.

       

      This Early Access document represents an initial release of architecture and design guidance specific to NIST 800-53. This compliance domain will serve as our baseline that will then be translated and enhanced into specific guidance documents to address each regulation as a stand-alone document. However, the similarities in the security principles, configuration steps, and ennoblement of security controls should maximize content standardization.

       

      I am eager to share this document with the wider community and listen to your input, suggestions, and thoughts.

       

      Got feedback?

       

      We want to hear from you. Please explore this latest early access content and share your feedback directly with our architects and product managers!

        --
      Carlos Phoenix, CISA
      Global Cyber Strategist