DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1

Audit Details

Name: DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1

Updated: 10/22/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.0

Estimated Item Count: 34

File Details

Filename: DISA_VMware_vSphere_8.0_vCenter_Appliance_Secure_Token_Service_(STS)_STIG_v2r1.audit

Size: 85 kB

MD5: 0050bb9f4582f1eca08f8572aa4d9da7

SHA256: f2e8ed5a4616cb25ff653c29a5c4a1b7b57e9df15ac63953408e21473b6c194e

Audit Items

Description	Categories
DISA_VMware_vSphere_8.0_vCenter_Appliance_Secure_Token_Service_(STS)_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1
VCST-80-000001 The vCenter STS service must limit the number of maximum concurrent connections permitted.	ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION
VCST-80-000005 The vCenter STS service cookies must have secure flag set.	ACCESS CONTROL
VCST-80-000013 The vCenter STS service must initiate session logging upon startup.	AUDIT AND ACCOUNTABILITY
VCST-80-000014 The vCenter STS service must produce log records containing sufficient information regarding event details.	ACCESS CONTROL, AUDIT AND ACCOUNTABILITY
VCST-80-000025 The vCenter STS service logs folder permissions must be set correctly.	AUDIT AND ACCOUNTABILITY
VCST-80-000034 The vCenter STS service must limit privileges for creating or modifying hosted application shared files.	CONFIGURATION MANAGEMENT
VCST-80-000036 The vCenter STS service must disable stack tracing.	CONFIGURATION MANAGEMENT
VCST-80-000037 The vCenter STS service must be configured to use a specified IP address and port.	CONFIGURATION MANAGEMENT
VCST-80-000057 The vCenter STS service must be configured to limit data exposure between applications.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-80-000062 The vCenter STS service must be configured to fail to a known safe state if system initialization fails.	SYSTEM AND COMMUNICATIONS PROTECTION
VCST-80-000065 The vCenter STS service must set URIEncoding to UTF-8.	SYSTEM AND INFORMATION INTEGRITY
VCST-80-000067 The vCenter STS service 'ErrorReportValve showServerInfo' must be set to 'false'.	SYSTEM AND INFORMATION INTEGRITY
VCST-80-000070 The vCenter STS service must set an inactive timeout for sessions.	ACCESS CONTROL
VCST-80-000081 The vCenter STS service must offload log records onto a different system or media from the system being logged.	AUDIT AND ACCOUNTABILITY
VCST-80-000125 The vCenter STS service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive.	ACCESS CONTROL
VCST-80-000126 The vCenter STS service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive.	ACCESS CONTROL
VCST-80-000127 The vCenter STS service must configure the 'setCharacterEncodingFilter' filter.	SYSTEM AND INFORMATION INTEGRITY
VCST-80-000129 The vCenter STS service cookies must have 'http-only' flag set.	ACCESS CONTROL
VCST-80-000130 The vCenter STS service DefaultServlet must be set to 'readonly' for 'PUT' and 'DELETE' commands.	ACCESS CONTROL
VCST-80-000134 The vCenter STS service shutdown port must be disabled.	CONFIGURATION MANAGEMENT
VCST-80-000136 The vCenter STS service debug parameter must be disabled.	CONFIGURATION MANAGEMENT
VCST-80-000137 The vCenter STS service directory listings parameter must be disabled.	CONFIGURATION MANAGEMENT
VCST-80-000138 The vCenter STS service deployXML attribute must be disabled.	CONFIGURATION MANAGEMENT
VCST-80-000139 The vCenter STS service must have Autodeploy disabled.	CONFIGURATION MANAGEMENT
VCST-80-000140 The vCenter STS service xpoweredBy attribute must be disabled.	CONFIGURATION MANAGEMENT
VCST-80-000141 The vCenter STS service example applications must be removed.	CONFIGURATION MANAGEMENT
VCST-80-000142 The vCenter STS service default ROOT web application must be removed.	CONFIGURATION MANAGEMENT
VCST-80-000143 The vCenter STS service default documentation must be removed.	CONFIGURATION MANAGEMENT
VCST-80-000144 The vCenter STS service files must have permissions in an out-of-the-box state.	CONFIGURATION MANAGEMENT
VCST-80-000151 The vCenter STS service must disable 'ALLOW_BACKSLASH'.	CONFIGURATION MANAGEMENT
VCST-80-000152 The vCenter STS service must enable 'ENFORCE_ENCODING_IN_GET_WRITER'.	CONFIGURATION MANAGEMENT
VCST-80-000154 The vCenter STS service manager webapp must be removed.	CONFIGURATION MANAGEMENT
VCST-80-000155 The vCenter STS service host-manager webapp must be removed.	CONFIGURATION MANAGEMENT

Detections

Analytics

DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1

Audit Details

File Details

Audit Items