The guide covers areas the hardware, management tools and hypervisors that make up vSphere, such as ESXi hosts, the virtual network, and the core vCenter components, including vCenter Server, the vSphere Web Client, SSO and vSphere Update Manager.
The guide shows the administrator how to make the changes and whether there is a potentially negative impact. Most of the spreadsheet does not require administrators to make changes but to ensure that default values stay the same. Different organizations have different compliance regulations that dictate how secure a hypervisor needs to be.
VMware attaches a "risk profile" column to each guideline to indicate the relative increase in security if the guidelines are enacted. Environments with strict security rules should follow the recommendations for risk profile 1. Environments with sensitive information or compliances would follow risk profile 2. Most, if not all, environments would follow the recommendations for risk profile 3.