ESXI-80-000133 The ESXi Image Profile and vSphere Installation Bundle (VIB) acceptance level must be verified.

Information

Verify the ESXi Image Profile to only allow signed VIBs. An unsigned VIB represents untested code installed on an ESXi host. The ESXi Image profile supports four acceptance levels:

1. VMwareCertified - VIBs created, tested, and signed by VMware.
2. VMwareAccepted - VIBs created by a VMware partner but tested and signed by VMware.
3. PartnerSupported - VIBs created, tested, and signed by a certified VMware partner.
4. CommunitySupported - VIBs that have not been tested by VMware or a VMware partner.

Community Supported VIBs are not supported and do not have a digital signature. To protect the security and integrity of ESXi hosts, do not allow unsigned (CommunitySupported) VIBs to be installed on hosts.

Satisfies: SRG-OS-000366-VMM-001430, SRG-OS-000370-VMM-001460

Solution

From the vSphere Client, go to Hosts and Clusters.

Select the ESXi Host >> Configure >> System >> Security Profile.

Under "Host Image Profile Acceptance Level", click "Edit".

Using the drop-down selection, set the acceptance level as "VMwareCertified", "VMwareAccepted", or "PartnerSupported". The default is "PartnerSupported".

or

From a PowerCLI command prompt while connected to the ESXi host, run the following commands:

$esxcli = Get-EsxCli -v2
$arguments = $esxcli.software.acceptance.set.CreateArgs()
$arguments.level = "PartnerSupported"
$esxcli.software.acceptance.set.Invoke($arguments)

Note: "VMwareCertified" or "VMwareAccepted" may be substituted for "PartnerSupported", depending on local requirements. These are case sensitive.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_8-0_Y24M08_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(5)(b), CAT|I, CCI|CCI-001774, CCI|CCI-003992, Rule-ID|SV-258746r1003567_rule, STIG-ID|ESXI-80-000133, Vuln-ID|V-258746

Plugin: Unix

Control ID: bc56af51803bd38e693916a3799d74891b1d9dd172777deee54ab76c6c7f8d76