DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1

Audit Details

Name: DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 35

File Details

Filename: DISA_STIG_VMware_vSphere_7.0_vCA_Perfcharts_v1r1.audit

Size: 70.9 kB

MD5: 932d490edf550202571463f11a3ac5e8
SHA256: 01ab3237b7518f60feeff5c707a58e84efdf4865e5638a87a518ec07e1fa0c27

Audit Items

DescriptionCategories
DISA_STIG_VMware_vSphere_7.0_vCA_Perfcharts_v1r1.audit from DISA VMware vSphere 7.0 vCenter Appliance Perfcharts v1r1 STIG
VCPF-70-000001 - Performance Charts must limit the amount of time that each Transport Control Protocol (TCP) connection is kept alive.

ACCESS CONTROL

VCPF-70-000002 - Performance Charts must limit the number of concurrent connections permitted.

ACCESS CONTROL

VCPF-70-000003 - Performance Charts must limit the maximum size of a POST request.

ACCESS CONTROL

VCPF-70-000004 - Performance Charts must protect cookies from cross-site scripting (XSS).

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-70-000005 - Performance Charts must record user access in a format that enables monitoring of remote access.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

VCPF-70-000006 - Performance Charts must generate log records for system startup and shutdown.

AUDIT AND ACCOUNTABILITY

VCPF-70-000007 - Performance Charts log files must only be modifiable by privileged users.

AUDIT AND ACCOUNTABILITY

VCPF-70-000008 - Performance Charts application files must be verified for their integrity.

CONFIGURATION MANAGEMENT

VCPF-70-000009 - Performance Charts must only run one webapp.

CONFIGURATION MANAGEMENT

VCPF-70-000010 - Performance Charts must not be configured with unsupported realms.

CONFIGURATION MANAGEMENT

VCPF-70-000011 - Performance Charts must be configured to limit access to internal packages.

CONFIGURATION MANAGEMENT

VCPF-70-000012 - Performance Charts must have Multipurpose Internet Mail Extensions (MIMEs) that invoke operating system shell programs disabled.

CONFIGURATION MANAGEMENT

VCPF-70-000013 - Performance Charts must have mappings set for Java servlet pages.

CONFIGURATION MANAGEMENT

VCPF-70-000014 - Performance Charts must not have the Web Distributed Authoring (WebDAV) servlet installed.

CONFIGURATION MANAGEMENT

VCPF-70-000015 - Performance Charts must be configured with memory leak protection.

CONFIGURATION MANAGEMENT

VCPF-70-000016 - Performance Charts must not have any symbolic links in the web content directory tree - out-of-the box state.

CONFIGURATION MANAGEMENT

VCPF-70-000017 - Performance Charts directory tree must have permissions in an out-of-the-box state.

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-70-000018 - Performance Charts must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.

SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-70-000019 - Performance Charts must limit the number of allowed connections

SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-70-000020 - Performance Charts must set 'URIEncoding' to UTF-8

SYSTEM AND INFORMATION INTEGRITY

VCPF-70-000021 - Performance Charts must use the 'setCharacterEncodingFilter' filter.

SYSTEM AND INFORMATION INTEGRITY

VCPF-70-000022 - Performance Charts must set the welcome-file node to a default web page.

SYSTEM AND INFORMATION INTEGRITY

VCPF-70-000023 - Performance Charts must not show directory listings.

SYSTEM AND INFORMATION INTEGRITY

VCPF-70-000024 - Performance Charts must be configured to show error pages with minimal information.

SYSTEM AND INFORMATION INTEGRITY

VCPF-70-000025 - Performance Charts must be configured to not show error reports.

SYSTEM AND INFORMATION INTEGRITY

VCPF-70-000026 - Performance Charts must hide the server version

SYSTEM AND INFORMATION INTEGRITY

VCPF-70-000027 - Performance Charts must not enable support for TRACE requests

SYSTEM AND INFORMATION INTEGRITY

VCPF-70-000028 - Performance Charts must have the debug option turned off.

SYSTEM AND INFORMATION INTEGRITY

VCPF-70-000029 - Performance Charts must properly configure log sizes and rotation.

AUDIT AND ACCOUNTABILITY

VCPF-70-000030 - Rsyslog must be configured to monitor and ship Performance Charts log files.

AUDIT AND ACCOUNTABILITY

VCPF-70-000031 - Performance Charts must be configured with the appropriate ports.

CONFIGURATION MANAGEMENT

VCPF-70-000032 - Performance Charts must disable the shutdown port.

SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-70-000033 - Performance Charts must set the secure flag for cookies.

SYSTEM AND COMMUNICATIONS PROTECTION

VCPF-70-000034 - Performance Charts default servlet must be set to 'readonly'.

CONFIGURATION MANAGEMENT