VCWN-65-000001 - The vCenter Server for Windows must prohibit password reuse for a minimum of five generations.

CAT|II

CCI|CCI-000200

Rule-ID|SV-104545r1_rule

STIG-ID|VCWN-65-000001

Vuln-ID|V-94715

VCWN-65-000002 - The vCenter Server for Windows must not automatically refresh client sessions.

CCI|CCI-001133

Rule-ID|SV-104547r1_rule

STIG-ID|VCWN-65-000002

Vuln-ID|V-94717

VCWN-65-000003 - The vCenter Server for Windows must enforce a 60-day maximum password lifetime restriction.

CCI|CCI-000199

Rule-ID|SV-104551r1_rule

STIG-ID|VCWN-65-000003

Vuln-ID|V-94721

VCWN-65-000004 - The vCenter Server for Windows must terminate management sessions after 10 minutes of inactivity.

Rule-ID|SV-104553r1_rule

STIG-ID|VCWN-65-000004

Vuln-ID|V-94723

VCWN-65-000005 - The vCenter Server for Windows users must have the correct roles assigned.

CCI|CCI-001082

Rule-ID|SV-104555r1_rule

STIG-ID|VCWN-65-000005

Vuln-ID|V-94725

VCWN-65-000007 - The vCenter Server for Windows must manage excess capacity, bandwidth, or other redundancy to limit the effects of information-flooding types of Denial of Service (DoS) attacks by enabling Network I/O Control (NIOC).

CCI|CCI-000366

Rule-ID|SV-104557r1_rule

STIG-ID|VCWN-65-000007

Vuln-ID|V-94727

VCWN-65-000008 - The vCenter Server for Windows must provide an immediate real-time alert to the SA and ISSO, at a minimum, of all audit failure events.

CAT|III

CCI|CCI-000139

Rule-ID|SV-104559r1_rule

STIG-ID|VCWN-65-000008

Vuln-ID|V-94729

VCWN-65-000009 - The vCenter Server for Windows must use Active Directory authentication.

CCI|CCI-000770

Rule-ID|SV-104561r1_rule

STIG-ID|VCWN-65-000009

Vuln-ID|V-94731

VCWN-65-000010 - The vCenter Server for Windows must limit the use of the built-in SSO administrative account.

Rule-ID|SV-104563r1_rule

STIG-ID|VCWN-65-000010

Vuln-ID|V-94733

VCWN-65-000012 - The vCenter Server for Windows must disable the distributed virtual switch health check.

Rule-ID|SV-104565r1_rule

STIG-ID|VCWN-65-000012

Vuln-ID|V-94735

VCWN-65-000013 - The vCenter Server for Windows must set the distributed port group Forged Transmits policy to reject.

Rule-ID|SV-104567r1_rule

STIG-ID|VCWN-65-000013

Vuln-ID|V-94737

VCWN-65-000014 - The vCenter Server for Windows must set the distributed port group MAC Address Change policy to reject.

CAT|I

Rule-ID|SV-104569r1_rule

STIG-ID|VCWN-65-000014

Vuln-ID|V-94739

VCWN-65-000015 - The vCenter Server for Windows must set the distributed port group Promiscuous Mode policy to reject.

Rule-ID|SV-104571r1_rule

STIG-ID|VCWN-65-000015

Vuln-ID|V-94741

VCWN-65-000016 - The vCenter Server for Windows must only send NetFlow traffic to authorized collectors.

Rule-ID|SV-104573r1_rule

STIG-ID|VCWN-65-000016

Vuln-ID|V-94743

VCWN-65-000017 - The vCenter Server for Windows must not override port group settings at the port level on distributed switches.

Rule-ID|SV-104575r1_rule

STIG-ID|VCWN-65-000017

Vuln-ID|V-94745

VCWN-65-000018 - The vCenter Server for Windows must configure all port groups to a value other than that of the native VLAN.

Rule-ID|SV-104577r1_rule

STIG-ID|VCWN-65-000018

Vuln-ID|V-94747

VCWN-65-000019 - The vCenter Server for Windows must configure all port groups to VLAN 4095 unless Virtual Guest Tagging (VGT) is required.

Rule-ID|SV-104579r1_rule

STIG-ID|VCWN-65-000019

Vuln-ID|V-94749

VCWN-65-000020 - The vCenter Server for Windows must not configure all port groups to VLAN values reserved by upstream physical switches.

Rule-ID|SV-104581r1_rule

STIG-ID|VCWN-65-000020

Vuln-ID|V-94751

VCWN-65-000021 - The vCenter Server for Windows must enable SSL for Network File Copy (NFC).

800-53|SC-8(1)

Rule-ID|SV-104583r1_rule

STIG-ID|VCWN-65-000021

Vuln-ID|V-94753

VCWN-65-000022 - The vCenter Server for Windows services must be ran using a service account instead of a built-in Windows account.

Rule-ID|SV-104585r1_rule

STIG-ID|VCWN-65-000022

Vuln-ID|V-94755

VCWN-65-000023 - The vCenter Server for Windows must configure the vpxuser auto-password to be changed every 30 days.

800-53|IA-5(1)

Rule-ID|SV-104587r2_rule

STIG-ID|VCWN-65-000023

Vuln-ID|V-94757

VCWN-65-000024 - The vCenter Server for Windows must configure the vpxuser password meets length policy.

Rule-ID|SV-104589r1_rule

STIG-ID|VCWN-65-000024

Vuln-ID|V-94759

VCWN-65-000025 - The vCenter Server for Windows must disable the managed object browser at all times, when not required for the purpose of troubleshooting or maintenance of managed objects.

Rule-ID|SV-104591r1_rule

STIG-ID|VCWN-65-000025

Vuln-ID|V-94761

VCWN-65-000026 - The vCenter Server for Windows must check the privilege re-assignment after restarts.

Rule-ID|SV-104675r1_rule

STIG-ID|VCWN-65-000026

Vuln-ID|V-94845

VCWN-65-000027 - The vCenter Server for Windows must minimize access to the vCenter server.

Rule-ID|SV-104593r1_rule

STIG-ID|VCWN-65-000027

Vuln-ID|V-94763

VCWN-65-000028 - The vCenter Server for Windows Administrators must clean up log files after failed installations.

Rule-ID|SV-104595r1_rule

STIG-ID|VCWN-65-000028

Vuln-ID|V-94765

VCWN-65-000029 - The vCenter Server for Windows must enable all tasks to be shown to Administrators in the Web Client.

Rule-ID|SV-104597r1_rule

STIG-ID|VCWN-65-000029

Vuln-ID|V-94767

VCWN-65-000030 - The vCenter Server for Windows Administrator role must be secured and assigned to specific users other than a Windows Administrator.

Rule-ID|SV-104599r1_rule

STIG-ID|VCWN-65-000030

Vuln-ID|V-94769

VCWN-65-000031 - The vCenter Server for Windows must restrict the connectivity between Update Manager and public patch repositories by use of a separate Update Manager Download Server.

Rule-ID|SV-104601r1_rule

STIG-ID|VCWN-65-000031

Vuln-ID|V-94771

VCWN-65-000032 - The vCenter Server for Windows must use a least-privileges assignment for the Update Manager database user.

Rule-ID|SV-104603r1_rule

STIG-ID|VCWN-65-000032

Vuln-ID|V-94773

VCWN-65-000033 - The vCenter Server for Windows must use a least-privileges assignment for the vCenter Server database user.

Rule-ID|SV-104605r2_rule

STIG-ID|VCWN-65-000033

Vuln-ID|V-94775

VCWN-65-000034 - The vCenter Server for Windows must use unique service accounts when applications connect to vCenter.

Rule-ID|SV-104607r1_rule

STIG-ID|VCWN-65-000034

Vuln-ID|V-94777

VCWN-65-000035 - vCenter Server for Windows plugins must be verified.

Rule-ID|SV-104609r1_rule

STIG-ID|VCWN-65-000035

Vuln-ID|V-94779

VCWN-65-000036 - The vCenter Server for Windows must produce audit records containing information to establish what type of events occurred.

800-53|AU-12

CCI|CCI-002702

Rule-ID|SV-104611r1_rule

STIG-ID|VCWN-65-000036

Vuln-ID|V-94781

VCWN-65-000039 - The vCenter Server for Windows passwords must be at least 15 characters in length.

CCI|CCI-000205

Rule-ID|SV-104613r1_rule

STIG-ID|VCWN-65-000039

Vuln-ID|V-94783

VCWN-65-000040 - The vCenter Server for Windows passwords must contain at least one uppercase character.

CCI|CCI-000192

Rule-ID|SV-104615r1_rule

STIG-ID|VCWN-65-000040

Vuln-ID|V-94785

VCWN-65-000041 - The vCenter Server for Windows passwords must contain at least one lowercase character.

CCI|CCI-000193

Rule-ID|SV-104617r1_rule

STIG-ID|VCWN-65-000041

Vuln-ID|V-94787

VCWN-65-000042 - The vCenter Server for Windows passwords must contain at least one numeric character.

CCI|CCI-000194

Rule-ID|SV-104619r1_rule

STIG-ID|VCWN-65-000042

Vuln-ID|V-94789

VCWN-65-000043 - The vCenter Server for Windows passwords must contain at least one special character.

CCI|CCI-001619

Rule-ID|SV-104621r1_rule

STIG-ID|VCWN-65-000043

Vuln-ID|V-94791

VCWN-65-000045 - The vCenter Server for Windows must limit the maximum number of failed login attempts to three.

CCI|CCI-002238

Rule-ID|SV-104623r1_rule

STIG-ID|VCWN-65-000045

Vuln-ID|V-94793

VCWN-65-000046 - The vCenter Server for Windows must set the interval for counting failed login attempts to at least 15 minutes.

Rule-ID|SV-104625r1_rule

STIG-ID|VCWN-65-000046

Vuln-ID|V-94795

VCWN-65-000047 - The vCenter Server for Windows must require an administrator to unlock an account locked due to excessive login failures.

Rule-ID|SV-104627r1_rule

STIG-ID|VCWN-65-000047

Vuln-ID|V-94797

VCWN-65-000048 - The vCenter Server for Windows must alert administrators on permission creation operations.

CCI|CCI-001294

Rule-ID|SV-104629r1_rule

STIG-ID|VCWN-65-000048

Vuln-ID|V-94799

VCWN-65-000049 - The vCenter Server for Windows must alert administrators on permission deletion operations.

Rule-ID|SV-104631r2_rule

STIG-ID|VCWN-65-000049

Vuln-ID|V-94801

VCWN-65-000050 - The vCenter Server for Windows must alert administrators on permission update operations.

Detections

Analytics

Revision 1.3

Jun 7, 2021

Functional Update

Added

Removed