I hear a lot of best practices saying that you should have 2 vSphere server stacks:
One for Production
One for Cybersecurity
For example, your enterprise might have a vSphere environment stack that has all your core services (Exchange, DCs, Sharepoint, etc...) run by your system administrators and your Cybersecurity vSphere server stack would have all your security servers that host the security tools (IDS/IPS, Antivirus, vulnerability scanner, etc.), which would be ran by your dedicated cybersecurity team
Are there any good framework references or security controls that mention why one should build the separated security vSphere environment? NIST, COBIT, ITIL, SANS documentation, or anything? I am having problems finding references of why my organization should do this.