VMware NSX changes the way applications in data centers are secured by enabling a zero-trust security model through micro-segmentation inside data centers and clouds. NSX reduces the scope of compliance by isolating the systems that store, process or transmit sensitive data. This enables a fundamentally more secure environment and helps to ensure and demonstrate compliance with many regulations such as PCI DSS, HIPAA, FedRAMP, SOC, CJIS, DISA STIG and more.
NSX enables a zero-trust security model inside data centers and clouds. Micro-segmentation allows for granular security down to the VM. This helps reduce the scope of compliance and cut down the overall audit duration by isolating the systems that store, process or transmit sensitive data.
Security groups allow for building adaptive, application-centric security policy where VMs will land and as soon as they are provisioned. The VMs inherit their firewall rules in accordance to application requirements.
NSX provides visibility across application infrastructure and endpoints, enabling the validation of configuration and real-time state against regulatory controls. This visibility empowers IT to tune policies for highly regulated workloads in virtualized infrastructures, and simplify audits.
Dynamically respond to threat and runtime circumstances, including context provided from a third party, such as a malware or vulnerability assessment solution from VMware security partners.
NSX for vSphere 6.3.0 has a FIPS mode that uses only those cipher suites that comply with FIPS. NSX Manager and NSX Edge have a FIPS Mode that can be enabled via the vSphere Web Client or the NSX REST API. See Functionality Difference Between FIPS Mode and Non-FIPS Mode for a list of functionality affected by FIPS mode.
NSX for vSphere 6.3.0 has been tested for compliance with the EAL2+ level of assurance. Running a Common Criteria-compliant NSX installation requires that you configure NSX as explained in the document Configuring NSX for Common Criteria as part of the NSX Administration Guide.
This is an industry-wide accepted standard certification which tests and certifies products including anti-virus, firewall, IPSec VPN, cryptography, SSL VPN, network IPS, anti-spyware, and PC firewall products. Both NSX for vSphere Distributed Firewall and Edge Firewall are certified against ICSA Corporate Firewall criteria.
Other standards such as NIST 800-53, IRS 1075, and MARS-E are mostly related to processes, procedures, or policies with Access Control/RBAC and Auditing being the applicable sections to NSX. For specific product details, refer to: VMware Product Applicability for PCI DSS.