VCENTER-000012 - The vCenter Server administrative users must have the correct roles assigned.

Information

Administrative users must only be assigned privileges they require. Least Privilege requires that these privileges must only be assigned if needed, to reduce risk of confidentiality, availability or integrity loss.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Create roles in vCenter with the required granularity of privilege for the organization's administrator types, and ensure that these roles are assigned to the correct, site-specific users. As a vCenter Server administrator, log into the vCenter Server with the vSphere Client.
Go to 'Home>> Administration>> Roles' and create a role for each of the administrator privilege sets the organization requires and allows.
Right click on each role name and select 'Edit'. Verify under 'All Privileges>> Virtual Machines' that only site-specific, required checkboxes are selected.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_ESXi5_vCenter_Server_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-5(6), CAT|II, CCI|CCI-001499, Group-ID|V-39550, Rule-ID|SV-250732r799886_rule, STIG-ID|VCENTER-000012, STIG-Legacy|SV-51408, STIG-Legacy|V-39550, Vuln-ID|V-250732

Plugin: VMware

Control ID: e7a13f1b90cf18e2c4a72684c5f4f78a4ab07f4f824889a6d102f4d2c423984e