DISA STIG VMWare ESXi vCenter 5 STIG v2r1

Audit Details

Name: DISA STIG VMWare ESXi vCenter 5 STIG v2r1

Updated: 6/17/2024

Authority: DISA STIG

Plugin: VMware

Revision: 1.3

Estimated Item Count: 24

File Details

Filename: DISA_STIG_VMware_ESXi-vCenter_5_v2r1.audit

Size: 47 kB

MD5: 12c2c908420aaf10de03663057a16a35
SHA256: 4f967d0744eb907245bc2afa4bd0014578419d9577821530bc856fc73512cbd8

Audit Items

DescriptionCategories
VCENTER-000003 - The VMware Update Manager must not be configured to manage its own VM or the VM of its vCenter Server.

CONFIGURATION MANAGEMENT

VCENTER-000005 - Privilege re-assignment must be checked after the vCenter Server restarts.

CONFIGURATION MANAGEMENT

VCENTER-000006 - The Web datastore browser must be disabled, unless required for normal day-to-day operations.

CONFIGURATION MANAGEMENT

VCENTER-000007 - The managed object browser must be disabled, at all times, when not required for the purpose of troubleshooting or maintenance of managed objects.

CONFIGURATION MANAGEMENT

VCENTER-000008 - The vCenter Server must be installed using a service account instead of a built-in Windows account.

CONFIGURATION MANAGEMENT

VCENTER-000009 - The connectivity between Update Manager and public patch repositories must be restricted by use of a separate Update Manager Download Server.

CONFIGURATION MANAGEMENT

VCENTER-000012 - The vCenter Server administrative users must have the correct roles assigned.

CONFIGURATION MANAGEMENT

VCENTER-000013 - Access to SSL certificates must be monitored.

CONFIGURATION MANAGEMENT

VCENTER-000015 - Expired certificates must be removed from the vCenter Server.

CONFIGURATION MANAGEMENT

VCENTER-000016 - Log files must be cleaned up after failed installations of the vCenter Server.

CONFIGURATION MANAGEMENT

VCENTER-000017 - Revoked certificates must be removed from the vCenter Server.

CONFIGURATION MANAGEMENT

VCENTER-000018 - The vCenter Administrator role must be secured and assigned to specific users other than a Windows Administrator.

CONFIGURATION MANAGEMENT

VCENTER-000019 - Access to SSL certificates must be restricted.

CONFIGURATION MANAGEMENT

VCENTER-000020 - The system must restrict unauthorized vSphere users from being able to execute commands within the guest virtual machine.

CONFIGURATION MANAGEMENT

VCENTER-000021 - The use of Linux-based clients must be restricted.

CONFIGURATION MANAGEMENT

VCENTER-000022 - Network access to the vCenter Server system must be restricted.

CONFIGURATION MANAGEMENT

VCENTER-000023 - A least-privileges assignment must be used for the vCenter Server database user.

CONFIGURATION MANAGEMENT

VCENTER-000024 - A least-privileges assignment must be used for the Update Manager database user.

CONFIGURATION MANAGEMENT

VCENTER-000027 - The system must set a timeout for all thick-client logins without activity.

CONFIGURATION MANAGEMENT

VCENTER-000029 - vSphere Client plugins must be verified.

CONFIGURATION MANAGEMENT

VCENTER-000031 - The vCenter Administrator role must be secured by assignment to specific users authorized as vCenter Administrators.

CONFIGURATION MANAGEMENT

VCENTER-000033 - The Update Manager Download Server must be isolated from direct connection to Internet public patch repositories by a proxy server.

CONFIGURATION MANAGEMENT

VCENTER-000034 - The Update Manager must not directly connect to public patch repositories on the Internet.

CONFIGURATION MANAGEMENT

VCENTER-000099 - The version of vCenter running on the server must be a supported version.

SYSTEM AND INFORMATION INTEGRITY