8.15 (L2) VMware Tools must deactivate Guest Operations unless required

Information

Guest Operations are a set of functions that underpin most host-to-guest interaction. Deactivating them reduces attack surface but also drastically reduces functionality. Ensure that your environment does not require these functions. Do not do this on template VMs. For a list of functions see:

https://vdc-download.vmware.com/vmwb-repository/dcr-public/fe08899f-1eec-4d8d-b3bc-a6664c168c2c/7fdf97a1-4c0d-4be0-9d43-2ceebbc174d9/doc/vim.vm.guest.GuestOperationsManager.html

Reducing the attack surface by deactivating unnecessary functions is a standard security measure. This control is crucial for mitigating risks associated with host-to-guest interactions.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Impact:

Deactivation of Guest Operations can hinder the functionality of certain products and services within the VMware ecosystem, requiring alternative configurations or methods to maintain required functionalities. This includes guest customization.

See Also

https://workbench.cisecurity.org/benchmarks/15784

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, 800-53|CM-7, CSCv7|9.1

Plugin: VMware

Control ID: cad3df62342f112f7946261f464bec82d8b93ec9f088e8cda4973e606cff34f0