Information
Verify the ESXi Image Profile to only allow signed VIBs. An unsigned VIB represents untested code installed on an ESXi host. The ESXi Image profile supports four acceptance levels: (1) VMwareCertified - VIBs created, tested and signed by VMware (2) VMwareAccepted - VIBs created by a VMware partner but tested and signed by VMware, (3) PartnerSupported - VIBs created, tested and signed by a certified VMware partner (4) CommunitySupported - VIBs that have not been tested by VMware or a VMware partner. Community Supported VIBs are not supported and do not have a digital signature. To protect the security and integrity of your ESXi hosts do not allow unsigned (CommunitySupported) VIBs to be installed on your hosts.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
From the vSphere Client select the ESXi Host and go to Configuration >> Security Profile. Under 'Host Image Profile Acceptance Level' edit the acceptance level to be either VMwareCertified, VMwareAccepted, or PartnerSupported.
or
From a PowerCLI command prompt while connected to the ESXi host run the following commands:
$esxcli = Get-EsxCli
$esxcli.software.acceptance.Set('PartnerSupported')
Note: VMwareCertified or VMwareAccepted may be substituted for PartnerSupported, depending upon local requirements.