ESXI-06-000010 - The VMM must use DoD-approved encryption to protect the confidentiality of remote access sessions.

Information

Approved algorithms should impart some level of confidence in their implementation. These are also required for compliance.

Note: This does not imply FIPS 140-2 certification.

Solution

Limit the ciphers to those algorithms which are FIPS-approved. Counter (CTR) mode is also preferred over cipher-block chaining (CBC) mode.

Add or correct the following line in '/etc/ssh/sshd_config':

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc

See Also

http://iasecontent.disa.mil/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(2), CAT|II, CCI|CCI-000068, Group-ID|V-63189, Rule-ID|SV-77679r3_rule, STIG-ID|ESXI-06-000010, Vuln-ID|V-63189

Plugin: Unix

Control ID: aa633dc9447510bfef7066879e1a0b3882224fafbab47b943f3263aef03ad240