This Product Applicability Guide (PAG) provides an evaluation of VMware products that make up and support the Software-Defined Data Center (SDDC) and how they may support NIST 800-171 Rev. 1 (NIST 800-171) controls.
Appendix D goes through each control family and discusses the individual changes to minimum baseline requirements put forth by FIPS 199 and 200.
This whitepaper goes into detail and explains the System Security Plan (SSP), the main document of a security package in which the Cloud Service Provider (CSP) describes all the security controls in use on the system and their implementation, and provides necessary information needed to know about developing an SSP
This Cybersecurity Maturity Model (CMMC) document provides an initial evaluation of VMware products that make up and support a Software-Defined Data Center (SDDC), and how they may support the CMMC controls.