The CIS Critical Security Controls (CIS Controls) are a recommended set of actions for cyber defense that provide specific and actionable ways to thwart the most pervasive attacks. CIS Controls and CIS Benchmarks provide global standards for internet security and are a recognized global standard and best practices for securing IT systems and data against attacks.  Aria Operations Compliance Pack for CIS provides Alerts, Policies, and Reports to validate the vSphere resources against the CIS benchmarks.

The Aria Operations Compliance Pack for CIS is updated to support the following benchmarks:

• CIS_VMware_ESXi_7.0_Benchmark_v1.3.0
• CIS_VMWare_ESXi_8.0_Benchmark_V1.0.0

Attached to this article is CIS_Controls_vSphere_ver7x_ver8x.xlsx which contains the details of the conditions implemented in Aria Operations (on-prem) and is based on the above mentioned versions of the benchmark.
The list also has the details of manual controls where conditions are excluded from automated assessment.  This list of controls can be used to perform manual checks on your vSphere environments.

Disclaimer: VMware is not responsible for the reliability of any data, opinions, advice, or statements made on third-party websites.  Inclusion of such links does not imply that VMware endorses, recommends, or accepts any responsibility for the content of such sites.

Legal Disclaimer:
This compliance pack and the associated configuration guides are intended to provide general guidance for organizations that are considering VMware solutions to help them address compliance requirements. This is not intended to provide regulatory advice and is provided “AS IS”. VMware makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein. Organizations should engage appropriate legal, business, technical, and audit expertise within their specific organization for review of regulatory compliance requirements.CIS_Controls_vSphere_ver7x_ver8x.xlsx