DISA STIG VMware vSphere 7.0 STS Tomcat v1r2

Audit Details

Name: DISA STIG VMware vSphere 7.0 STS Tomcat v1r2

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 33

File Details

Filename: DISA_STIG_VMware_vSphere_7.0_vCA_STS_v1r2.audit

Size: 75.5 kB

MD5: 7c354a266093bc9c51946d175a0e92c1

SHA256: e486fe15937ad662579d634f1a5cb817e20c148b21b7646db550acc09cac7235

Audit Items

Description	Categories
DISA_STIG_VMware_vSphere_7.0_vCA_STS_v1r2.audit from DISA VMware vSphere 7.0 vCenter Appliance STS v1r2 STIG
VCST-70-000001 - The Security Token Service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive.	ACCESS CONTROL
VCST-70-000002 - The Security Token Service must limit the number of concurrent connections permitted.	ACCESS CONTROL
VCST-70-000003 - The Security Token Service must limit the maximum size of a POST request.	ACCESS CONTROL
VCST-70-000004 - The Security Token Service must protect cookies from cross-site scripting (XSS).	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION
VCST-70-000005 - The Security Token Service must record user access in a format that enables monitoring of remote access.	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
VCST-70-000006 - The Security Token Service must generate log records during Java startup and shutdown. - bufferSize	AUDIT AND ACCOUNTABILITY
VCST-70-000007 - Security Token Service log files must only be modifiable by privileged users.	AUDIT AND ACCOUNTABILITY
VCST-70-000008 - The Security Token Service application files must be verified for their integrity.	AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT
VCST-70-000009 - The Security Token Service must only run one webapp.	CONFIGURATION MANAGEMENT
VCST-70-000010 - The Security Token Service must not be configured with unused realms.	CONFIGURATION MANAGEMENT
VCST-70-000011 - The Security Token Service must be configured to limit access to internal packages.	CONFIGURATION MANAGEMENT
VCST-70-000012 - The Security Token Service must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled.	CONFIGURATION MANAGEMENT
VCST-70-000013 - The Security Token Service must have mappings set for Java servlet pages.	CONFIGURATION MANAGEMENT
VCST-70-000014 - The Security Token Service must not have the Web Distributed Authoring (WebDAV) servlet installed.	CONFIGURATION MANAGEMENT
VCST-70-000015 - The Security Token Service must be configured with memory leak protection.	CONFIGURATION MANAGEMENT
VCST-70-000016 - The Security Token Service must not have any symbolic links in the web content directory tree.	CONFIGURATION MANAGEMENT
VCST-70-000017 - The Security Token Service directory tree must have permissions in an out-of-the-box state.	CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION
VCST-70-000018 - The Security Token Service must fail to a known safe state if system initialization fails, shutdown fails, or aborts fail.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-70-000019 - The Security Token Service must limit the number of allowed connections.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-70-000020 - The Security Token Service must set 'URIEncoding' to UTF-8.	SYSTEM AND INFORMATION INTEGRITY
VCST-70-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter. - filter	SYSTEM AND INFORMATION INTEGRITY
VCST-70-000021 - The Security Token Service must use the 'setCharacterEncodingFilter' filter. - filter-mapping	SYSTEM AND INFORMATION INTEGRITY
VCST-70-000022 - The Security Token Service must set the welcome-file node to a default web page.	SYSTEM AND INFORMATION INTEGRITY
VCST-70-000023 - The Security Token Service must not show directory listings.	SYSTEM AND INFORMATION INTEGRITY
VCST-70-000024 - The Security Token Service must be configured to not show error reports.	SYSTEM AND INFORMATION INTEGRITY
VCST-70-000025 - The Security Token Service must not enable support for TRACE requests.	SYSTEM AND INFORMATION INTEGRITY
VCST-70-000026 - The Security Token Service must have the debug option disabled.	SYSTEM AND INFORMATION INTEGRITY
VCST-70-000028 - The Security Token Service must be configured with the appropriate ports. - ssl-clientauth.https	CONFIGURATION MANAGEMENT
VCST-70-000029 - The Security Token Service must disable the shutdown port.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-70-000030 - The Security Token Service must set the secure flag for cookies.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-70-000031 - The Security Token Service default servlet must be set to 'readonly'.	CONFIGURATION MANAGEMENT
VCST-70-000050 - Security Token Service log data and records must be backed up onto a different system or media.	AUDIT AND ACCOUNTABILITY

Detections

Analytics

DISA STIG VMware vSphere 7.0 STS Tomcat v1r2

Audit Details

File Details

Audit Items