UCF STIG Viewer Logo

Users assigned to VirtualCenter groups are not documented.


Finding ID Version Rule ID IA Controls Severity
V-15875 ESX0760 SV-16816r1_rule ECSC-1 Low
Ensuring privileged group membership is controlled requires updates to group documentation, and periodic reviews to determine that unauthorized users are not members. If an unauthorized user is able to gain membership to the Database Administrator group, Virtual Machine Administrator group, or the Resource Administrator group, etc., that user would be able to display, add, or change permissions to objects that could impact the confidentiality, integrity, or availability of an entire virtualization structure.
VMware ESX 3 Policy 2016-05-03


Check Text ( C-16233r1_chk )
Request a copy of the VirtualCenter group documentation listing the users in the following groups:

Database Administrators,
Virtual Machine Administrators,
Resource Pool Administrators,
ESX Administrators,
Virtual Machine Power Users, and
All Custom Roles

If documentation can not be produced, this is a finding. Compare the documentation to the actual users assigned in the groups. If there are discrepancies, this is a finding.
Fix Text (F-15835r1_fix)
Document all the users assigned to all VirtualCenter groups.