VirtualCenter Server groups are not reviewed monthly
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15877 | ESX0780 | SV-16818r1_rule | ECAT-1 ECAT-2 | Medium |
| Description |
|---|
| Reviewing the VirtualCenter groups will ensure that no unauthorized users have been granted access to objects. |
| STIG | Date |
|---|---|
| VMware ESX 3 Policy | 2016-05-03 |
Details
| Check Text ( C-16235r1_chk ) |
|---|
| Ask the IAO/SA how often the following groups are reviewed on the VirtualCenter Server: Windows Administrators group, Database Administrators, Virtual Machine Administrators, Resource Pool Administrators, ESX Administrators, Virtual Machine Power Users, and All Custom Roles. If these groups are not reviewed at least monthly, this is a finding. |
| Fix Text (F-15837r1_fix) |
|---|
| Review the VirtualCenter groups monthly. |