VMware NSX changes the way applications in data centers are secured by enabling a zero-trust security model through micro-segmentation inside data centers and clouds. NSX reduces the scope of compliance by isolating the systems that store, process or transmit sensitive data. This enables a fundamentally more secure environment and helps to ensure and demonstrate compliance with many regulations such as PCI DSS, HIPAA, FedRAMP, SOC, CJIS, DISA STIG and more.


Customer Story: Reducing Risk with Preventive Security Measures

NSX Micro-segmentation Cybersecurity Benchmark

Learn how NSX helps meet regulatory compliance requirements through granular security policy control and visibility.

Download Report

Reduce Your Audit Scope

In this light board video, our security strategist illustrates how NSX makes it easier to meet compliance regulations.

Watch Video

How It Works

Security by Design and by Default

NSX enables a zero-trust security model inside data centers and clouds. Micro-segmentation allows for granular security down to the VM. This helps reduce the scope of compliance and cut down the overall audit duration by isolating the systems that store, process or transmit sensitive data.

Minimized Risk

Security groups allow for building adaptive, application-centric security policy where VMs will land and as soon as they are provisioned. The VMs inherit their firewall rules in accordance to application requirements.

Full Visibility and Context

NSX provides visibility across application infrastructure and endpoints, enabling the validation of configuration and real-time state against regulatory controls. This visibility empowers IT to tune policies for highly regulated workloads in virtualized infrastructures, and simplify audits.

Third-Party Integration

Dynamically respond to threat and runtime circumstances, including context provided from a third party, such as a malware or vulnerability assessment solution from VMware security partners.

Hands-on Lab

The Distributed Firewall with Micro-segmentation lab explores how to collapse segmented networks, intelligently group servers, and more.

See Lab Details

Our Blog Got a Makeover

Browse the latest posts and videos about compliance and other trending topics on our new and improved blog site.

Visit the Network Virtualization Blog

Industry Certifications


NSX for vSphere 6.3.0 has a FIPS mode that uses only those cipher suites that comply with FIPS. NSX Manager and NSX Edge have a FIPS Mode that can be enabled via the vSphere Web Client or the NSX REST API. See Functionality Difference Between FIPS Mode and Non-FIPS Mode for a list of functionality affected by FIPS mode.

Common Criteria

NSX for vSphere 6.3.0 has been tested for compliance with the EAL2+ level of assurance. Running a Common Criteria-compliant NSX installation requires that you configure NSX as explained in the document Configuring NSX for Common Criteria as part of the NSX Administration Guide.


This is an industry-wide accepted standard certification which tests and certifies products including anti-virus, firewall, IPSec VPN, cryptography, SSL VPN, network IPS, anti-spyware, and PC firewall products. Both NSX for vSphere Distributed Firewall and Edge Firewall are certified against ICSA Corporate Firewall criteria.

PCI Compliance

Other standards such as NIST 800-53, IRS 1075, and MARS-E are mostly related to processes, procedures, or policies with Access Control/RBAC and Auditing being the applicable sections to NSX. For specific product details, refer to: VMware Product Applicability for PCI DSS.

All official VMware certifications are available at: http://www.vmware.com/security/certifications.

Success Stories 


Jefferson County protects citizen data in a zero trust environment.


University of New Hampshire modernizes its data centers.