Press Release

Coalfire Publishes New Benchmark Audit of VMware NSX-T Micro-Segmentation for Microservices, Containers and Virtual Machines

December 19, 2017

Audit conducted by Coalfire confirms effectiveness of NSX-T platform to provide security through micro-segmentation in both traditional virtualization and cloud native environments


Westminster, CO – Dec. 19, 2017 – Coalfire, a trusted provider of independent, comprehensive cybersecurity advisory services today announced the publication of a new whitepaper that reviews the effectiveness of VMware NSX-T in providing micro-segmentation for both traditional virtualization and cloud native environments.

The whitepaper, Addressing PCI DSS with VMware NSX-T (A Micro-Audit of NSX-T Micro-segmentation for Microservices, Containers, and Virtual Machines, evaluates the effectiveness of micro-segmentation provided by NSX-T for securing both virtual machines (VMs) and containers orchestrated by Kubernetes (K8s). This audit is a follow on to the 2016 Micro-Segmentation Benchmark Report that evaluated VMware NSX micro-segmentation capabilities to enable a Zero Trust model in native vSphere environments.

Coalfire found that the NSX-T was capable of micro-segmentation of pods within the container environment. This micro-segmentation capability, like that found with VMware NSX for vSphere with VMs, enables security policy with granularity down to the individual VM and/or container. Pertaining specifically to Payment Card Industry Data Security Standards (PCI DSS), NSX-T is sufficient for providing recommended network segmentation for scope reduction where VMs, pods and containers in Cardholder Data Environments (CDEs), along with their associated transport zones, can be segmented from non-CDE VMs, pods and containers.

Additionally, the micro-segmentation capabilities of NSX-T were effective for providing granular security control in support of a Zero Trust network model for assets within the CDE. Moreover, the NSX-T distributed firewall could support PCI DSS 3.2 firewall requirements for CDE.

“Development of applications in containers is on the rise. Having a service such as VMware NSX-T to aid segmentation in isolating CDE from non-CDE assets meets the intent of PCI DSS 3.2 compliance, so organizations can leverage the agility that containers provide,” said Chris Krueger, managing principal, Cyber Engineering.

The whitepaper is available for download from the VMware website:

Addressing PCI DSS with VMware NSX-T (A Micro-Audit of NSX-T Micro-segmentation for Microservices, Containers, and Virtual Machines)

Coalfire is recognized and respected as one the country’s leading independent compliance and cybersecurity testing facilities. The white paper on VMware NSX-T contains example use cases for deployments and measures the security performance of NSX-T against the detailed requirements of the PCI DSS standard.

About Coalfire
Coalfire is the cybersecurity advisor that helps private and public sector organizations avert threats, close gaps and effectively manage risk. By providing independent and tailored advice, assessments, technical testing and cyber engineering services, we help clients develop scalable programs that improve their security posture, achieve their business objectives and fuel their continued success. Coalfire has been a cybersecurity thought leader for more than 16 years, and has offices throughout the United States and Europe.

For more information, visit

VMware and NSX are registered trademarks or trademarks of VMware, Inc. in the United States and other jurisdictions.

Press Contact:
Mike Gallo
For Coalfire