Configuring the vShield Data Security policies requires some knowledge of current regulations that are applicable to the organization. The governance or compliance group within the organization should be able to provide guidance on which regulatory policies are required. Configuring an incorrect policy will likely cause false positives and confusion as to the secure state of the virtual machines being scanned.

Permissions are often given to the internal audit group to view policy and violation reports. For example, the auditing Active Directory group can be added to the vShield role of Auditor to accomplish this task.

The vShield Data Security policies consist of three components: