This is the beta release of the vSphere 5.5 Hardening Guide.

All links to documentation and KB articles and API and CLI fields have also been updated.

Attached is a separate changelog document. The Beta and Release Candidate versions of the Hardening Guide will be color coded for easier viewing of what changed. The GA release will remove the color coding from the main document. However, the color codes will remain in the changelog document.

The releases are scheduled as follows:

Beta - Available the week of Oct 7th

Release Candidate (RC) - Available the week of Oct 14th

General Availability (GA) - Available the week of Oct 21st

Dates are subject to change slightly based on the amount of feedback received.

NOTE: One major change is the renaming of "Profiles" to "Risk Profiles". This has been done to better clarify the intent of the column. Feedback I have been getting is that many customers are told to "implement the Hardening Guide". The "Risk Profiles" are intended to guide you in where to start with what guidelines to implement. For example, Risk Profile 1 is only to be implemented in the highest security environments. As with any good security practice, these guidelines are just that, guidelines. They are meant to be part of a bigger "Defense in Depth" strategy and should not be implemented blindly. Good security practices should encourage the review of risk impact to the environment of each and every guideline called out in the Hardening Guide. If a guideline is going to negatively impact your environment and you have an different method of eliminating the risk then you should work with your security team to manage the risk accordingly.

We welcome your comments on this draft. You can reply here or send me email. mfoley @vmware.com

mike