8.3.1 Ensure unnecessary or superfluous functions inside VMs are disabled

Information

Disable all system components that are not needed to support the application or service
running on the VM. VMs often don't require as many functions as ordinary physical servers,
so when virtualizing, you should evaluate whether a particular function is truly needed.

*Rationale*

By disabling unnecessary system components, you reduce the number of potential attack
vectors, which reduces the likelihood of compromise.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

To disable unneeded functions, perform whichever of the following steps are applicable:

1. Disable unused services in the operating system. For example, if the system runs a
file server, make sure to turn off any Web services.
2. Disconnect unused physical devices, such as CD/DVD drives, floppy drives, and USB
adaptors. This is described in the Removing Unnecessary Hardware Devices section
in the ESXI Configuration Guide.
3. Turn off any screen savers.
4. If using a Linux, BSD, or Solaris guest operating system,
do not run the X Window system unless it is necessary.

See Also

https://workbench.cisecurity.org/files/2168

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, CSCv7|9.2

Plugin: VMware

Control ID: 5f1452a25f3aea7307b914a51324653f7309831c87fd9efca4070b520180aadf