1.2 (L1) Host hardware must enable UEFI Secure Boot

Information

UEFI Secure Boot is a security feature of the Unified Extensible Firmware Interface (UEFI) specification. Its primary purpose is to ensure that only signed and trusted boot loaders and operating system kernels are allowed to execute during the system startup. This helps protect systems from malware and unauthorized software that might try to run before the operating system loads. By verifying the digital signatures of bootable applications and drivers, Secure Boot prevents potentially harmful code from compromising the boot process.

Enabling UEFI Secure Boot on the ESXi host hardware helps prevent malware and untrusted configurations.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Impact:

Enabling this after installation may render the host unbootable. Refer to the vSphere documentation for more information about enabling Secure Boot.

See Also

https://workbench.cisecurity.org/benchmarks/15784

Item Details

Category: SYSTEM AND SERVICES ACQUISITION

References: 800-53|SA-13, CSCv7|5.4, CSCv7|18.4

Plugin: VMware

Control ID: dfec1777d139860398b92edbc1722150bee512a682ef00a9b391611b3ee8e4fe