Also, there is this guide: http://www.vmware.com/files/pdf/techpaper/VMW_10Q3_WP_vCloud_Director_Security.pdf
It goes over vCD hardening (at the application level) as well as Organization Network security. If there is something missing from this, then can you call out a specific that needs clarification?