Home > Blogs > VMware Security & Compliance Blog > Tag Archives: Cloud Compliance

Tag Archives: Cloud Compliance

VMware Releases Security and Compliance Solution for Docker Containers

As more of VMware’s customers look to run containerized applications, some have raised the question of securing containers in their environments. In partnership with the Center for Internet Security (CIS), Docker and others, VMware has developed a security configuration benchmark for Docker containers that you can download from here.

In all, six parties came together to develop the benchmark — covering 84 recommendations — in just 12 weeks. The aim of this security benchmark, like any other hardening guide or security documentation for any other vendor or product, is to highlight configuration parameters and other secure deployment considerations. It is designed as a definitive reference guide for customers wanting to understand how to securely provision containers to Linux OSes in production.

CIS is an independent organization focused on enhancing the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. At CIS, security configuration benchmarks are created using a consensus review process comprised of subject matter experts. The benchmark is a result of collaboration between various industry experts, a team of enthusiastic folks who worked closely to develop and corral a consensus set of guidance as well as leveraging resources such as blog posts, articles, internet resources, and Docker documentation. CIS facilitated the development efforts and guided us throughout the benchmark development process. Each recommendation was thoroughly vetted, tested and endorsed by the consensus team consisting of folks from CIS, VMware, Docker, Cognitive Scale, International Securities Exchange and Rakuten.

Assessing your Dockerized environments using VMware

However, having just a security benchmark is not enough. Customers also need a mechanism to evaluate containerized workloads against the benchmark and provide compliance visibility and reporting. The solution should also be able to assess diverse workloads hosted on heterogeneous Linux distributions.

VMware has developed such a solution within VMware vRealize Configuration Manager. It is designed as a compliance toolkit, and is the FIRST of its kind to assess containerized workloads against the CIS benchmark. The tool provides compliance health status for each Docker container, image, container host, Docker daemon, etc., against each automatable recommendation from CIS benchmark.

vRealize Configuration Manager covers 100% of the automatable recommendations in the benchmark – addressed here in depth – and even some that are not directly automatable. You can get a detailed listing of the rules available in the VMware solution in the product sheet attached here. 

Let’s dive into a comprehensive overview of the solution.

Continue reading

VMware Center for Policy & Compliance (CP&C) releases vSphere 5.0 hardening guidelines in vCenter Configuration Manager! (vCM)

CP&C is pleased to announce the most anticipated content release to date in vCM, the VMware vSphere 5.0 hardening guidelines! As critical component of the vC Ops suite, vCM is the FIRST product in the market today to have the official GA version of the vSphere 5.0 Hardening Guidelines. This is just another significant step in our Trusted Cloud initiative in helping customers migrate tier one applications to the VMware Cloud Infrastructure Suite.

What does this mean to VMware vCM customers who want to make sure their virtual systems are compliant?

5 new rule groups and two brand new templates:

  VSphere 5.0 p1

 Brand new 5.0 hardening guideline collection filters:

VSphere 5.0 p2

Great executive compliance results and trending dashboards:

VSphere 5.0 p3

You can quickly move from Dashboards to details and see the out of compliance data classes, here is a small sample, there are so many that I cannot get a full coverage screen shot!

VSphere 5.0 p4

Add this DEEP virtualization compliance data to the rich cross platform, heterogeneous change detection, configuration\ patch management, best practices and regulatory compliance content vCM has today & you will be well on your way to successfully hardening your environment. (Yes, I did say Virtual, Physical, Windows, Linux, Servers, Desktops\ VDI…) This is better than bacon!

Whhheeeeewwwww, I ran of breath reading it back.

The guidelines are available today and can be downloaded using the vCM Content Wizard.

 Feel free to hit us up with questions & comments at:

Hasta La Vista,

George Gerchow – Director, VMware Center for Policy & Compliance