| DISA_STIG_VMware_vSphere_6.7_UI_Tomcat_v1r3.audit from DISA VMware vSphere 6.7 UI Tomcat v1r3 STIG | |
| VCUI-67-000001 - vSphere UI must limit the amount of time that each TCP connection is kept alive. | ACCESS CONTROL |
| VCUI-67-000002 - vSphere UI must limit the number of concurrent connections permitted. | ACCESS CONTROL |
| VCUI-67-000003 - vSphere UI must limit the maximum size of a POST request. | ACCESS CONTROL |
| VCUI-67-000004 - vSphere UI must protect cookies from XSS. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000005 - vSphere UI must record user access in a format that enables monitoring of remote access. | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| VCUI-67-000006 - vSphere UI must generate log records for system startup and shutdown. | AUDIT AND ACCOUNTABILITY |
| VCUI-67-000007 - vSphere UI log files must only be accessible by privileged users. | AUDIT AND ACCOUNTABILITY |
| VCUI-67-000008 - vSphere UI application files must be verified for their integrity. | CONFIGURATION MANAGEMENT |
| VCUI-67-000009 - vSphere UI plugins must be authorized before use. | CONFIGURATION MANAGEMENT |
| VCUI-67-000010 - vSphere UI must be configured to limit access to internal packages. | CONFIGURATION MANAGEMENT |
| VCUI-67-000011 - vSphere UI must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled. | CONFIGURATION MANAGEMENT |
| VCUI-67-000012 - vSphere UI must have mappings set for Java servlet pages. | CONFIGURATION MANAGEMENT |
| VCUI-67-000013 - vSphere UI must not have the Web Distributed Authoring (WebDAV) servlet installed. | CONFIGURATION MANAGEMENT |
| VCUI-67-000014 - vSphere UI must be configured with memory leak protection. | CONFIGURATION MANAGEMENT |
| VCUI-67-000015 - vSphere UI must not have any symbolic links in the web content directory tree. | CONFIGURATION MANAGEMENT |
| VCUI-67-000016 - vSphere UI directory tree must have permissions in an 'out-of-the-box' state - out-of-the-box state. | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000017 - vSphere UI must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000018 - vSphere UI must limit the number of allowed connections. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000019 - vSphere UI must set URIEncoding to UTF-8. | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-67-000020 - vSphere UI must set the welcome-file node to a default web page. | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-67-000021 - The vSphere UI must not show directory listings. | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-67-000022 - vSphere UI must be configured to hide the server version. | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-67-000023 - vSphere UI must be configured to show error pages with minimal information. | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-67-000024 - vSphere UI must not enable support for TRACE requests. | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-67-000025 - vSphere UI must have the debug option turned off. | SYSTEM AND INFORMATION INTEGRITY |
| VCUI-67-000026 - vSphere UI must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the web server. | AUDIT AND ACCOUNTABILITY |
| VCUI-67-000027 - vSphere UI log files must be moved to a permanent repository in accordance with site policy - access | AUDIT AND ACCOUNTABILITY |
| VCUI-67-000027 - vSphere UI log files must be moved to a permanent repository in accordance with site policy - runtime | AUDIT AND ACCOUNTABILITY |
| VCUI-67-000028 - vSphere UI must be configured with the appropriate ports - http | CONFIGURATION MANAGEMENT |
| VCUI-67-000028 - vSphere UI must be configured with the appropriate ports - https | CONFIGURATION MANAGEMENT |
| VCUI-67-000028 - vSphere UI must be configured with the appropriate ports - proxy | CONFIGURATION MANAGEMENT |
| VCUI-67-000029 - vSphere UI must disable the shutdown port - server.xml | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000029 - vSphere UI must disable the shutdown port - vsphere-ui.json | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000030 - vSphere UI must set the secure flag for cookies. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000031 - vSphere UI must not be configured with the 'UserDatabaseRealm' enabled - UserDatabaseRealm enabled. | CONFIGURATION MANAGEMENT |
| VCUI-67-000032 - vSphere UI must restrict its cookie path. | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000999 - The version of UI Tomcat running on the system must be a supported version. | SYSTEM AND INFORMATION INTEGRITY |
