Information
Have a standard process for VM deployment whether this is a VMware template or another means to ensure Operating Systems have the appropriate security controls. Refer to CIS Benchmarks for information in regards to specific Operating System hardening.
Rationale:
By utilizing a standard deployment process and having hardened templates you can ensure that all your virtual machines are created with a known baseline level of security.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Create documentation and a standard process for the method for VM deployment. If utilizing templates in VMware create the templates, document the process for using them as well as keeping them up-to-date, then ensure the process is followed accordingly through periodic review.
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1, CSCv7|5.2
Control ID: cd94357e8be560d629b424daffbf31cb39970e14a99865ca797dac9511a55285