Capability Domains met by VMware

List of VMware Products for CMMC

The following VMware products support a holistic CMMC compliance solution:

  • VMware Software Defined Data Center (SDDC)
  • vRealize Suite
  • Business Continuity Products


  • Software Defined Data Center (SDDC)

    VMware NSX-T (NSX-T)

  • Monitors the network for inappropriate usage and security violations. Network activity and traffic can be logged and evaluated, along with firewall traffic. This can support system monitoring for inappropriate usage and other security violations.
  • Provides some capabilities to facilitate detection of malicious code traffic. Using stateful scans and firewall traffic monitoring is one of the capabilities in identify malicious code. Third party vendors can also integrate with NSX-T to enhance detection of malicious activity.
  • Capture some events of unauthorized access, such as performing events that are not authorized. In some cases, the UI will inform the user that sufficient permission is unavailable to perform the desired action.


  • VMware vCenter (vCenter)

  • vCenter supports monitoring a set of standardized settings, which may indicate inappropriate usage or security violations. Alarms and alerts can be configured to notify users via email when triggered.
  • Patches ESXi hosts through VMware Update Manager.


  • VMware Realize Suite

    VMware vRealize Automation (vRA)

    Security and protection software can be installed using NSX Rest API and Guest Introspection.



    VMware vRealize Log Insight (vRLI)

    Search queries can be configured to monitor the system for inappropriate usage, security violations, and other defined events. Monitoring tools include alerts and dashboards. Dashboards and interactive analytics are provided out-of-the-box, which can be manually configured to enhance system monitoring.



    Mware vRealize Network Insight (vRNI)

    vRNI can be used to monitor data center traffic and provide visibility to support monitoring activities.