A letter from broadcom that states you should visit http://broadcom.box.com if you don't get a follow-up letter within 5 hours should be treated with extreme phishing skepticism.
box.com is not a broadcom address, but it will ask you for credentials regardless.
Be careful out there.
To add: You should not be prompted to enter any existing credentials - only new ones. Do not enter any existing passwords to any non-VMW domains, full-stop. Broadcom and Broadcom HR do not have your sign-in information or credentials, nor is SSO tied together yet.
A whois search shows
docusign.net is registered by DocuSign.
docusign.com is registered by DocuSign.
It's a legit email if it's from docusign.net.
But the use of box.com does seem weird.
Lots of scammers will likely target VMW employee who are desperate for any info
And besure you know the difference.
docusign.COM
NOT docusign.NET.