During much of my career, I’ve been in the Government space and had to implement DISA STIGs for a variety of products including hypervisors. If you are a VMware customer and plan on using vSphere 6.0, you will be pleased to know that the vSphere 6.0 hardening guide is now GA. Some big changes were made in this version versus previous versions, so it should be more usable. You can find the full VMware blog post here.
I never saw this before, but VMware has a great landing page for security guides. From this page you can download a variety of guides and spreadsheets, very easily. That landing page is here.
What I’d really like to see from VMware is the majority of the security settings baked into the hypervisor with automated reporting. It can take weeks or months of STIG testing to get all of the settings right, run reports, etc. I hope that VMware will make hardening the hypervisor even easier, and take away much of the pain.
