8.11 (L1) VMware Tools must deactivate Service Discovery unless required

Information

The VMware Tools Service Discovery plugin is designed to connect to Aria Operations, furnishing it with additional data concerning guests and workloads. Disabling this plugin, when not in use, is a prudent step to diminish the attack surface. The parameter governing this behavior is servicediscovery disabled with a recommended setting of true.

Reducing the attack surface by disabling non-essential features is a fundamental security best practice. This control assists in minimizing potential exposure points, especially when the Service Discovery feature is not in use.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Impact:

Disabling Service Discovery may affect certain products and services within the VMware ecosystem dependent on this functionality, necessitating alternative configurations or methods to retain required operational capabilities.

See Also

https://workbench.cisecurity.org/benchmarks/15784

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.1

Plugin: VMware

Control ID: 222b845763a016bce3b2c84692cf5e62f0496cb5cc6e2fd9da072eecbd740b0d