The virtual system hardware of a virtual machine must be kept secured/updated.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-39502	ESXI5-VM-000048	SV-51360r1_rule		High

Description
A key to understanding the security requirements of a virtualized environment is the recognition that a virtual machine is, in most respects, the equivalent of a physical server. Virtual machines that are not updated can potentially cause unexpected behavior in a VM guest operating system. Therefore, it is critical to employ the same security/update measures in virtual machine/hardware that would be done for physical servers.

Description

A key to understanding the security requirements of a virtualized environment is the recognition that a virtual machine is, in most respects, the equivalent of a physical server. Virtual machines that are not updated can potentially cause unexpected behavior in a VM guest operating system. Therefore, it is critical to employ the same security/update measures in virtual machine/hardware that would be done for physical servers.

STIG	Date
VMware ESXi Version 5 Virtual Machine Security Technical Implementation Guide	2015-03-31

Details

Check Text ( C-46762r1_chk )
Ask the SA if all active and dormant virtual machine hardware versions are kept patched and up to date. If all virtual machines are not patched and up to date, this is a finding.

Fix Text (F-44514r1_fix)
Patch and update all active and dormant virtual machine hardware.