UCF STIG Viewer Logo

VMware vCenter Server Security Technical Implementation Guide


Overview

Date Finding Count (28)
2013-01-15 CAT I (High): 3 CAT II (Med): 19 CAT III (Low): 6
STIG Description
The VMware vCenter Server Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
VCENTER-000004 High The system must block access to ports not being used by vCenter.
VCENTER-000028 High The supported operating system, database, and hardware for the vCenter Server must all be maintained.
VCENTER-000031 High The vSphere Administrator role must be secured by assignment to specific user(s).
VCENTER-000005 Medium Privilege re-assignment must be checked after the vCenter Server restarts.
VCENTER-000003 Medium The Update Manager must not be configured to manage its own VM or the VM of its vCenter Server.
VCENTER-000023 Medium A least-privileges assignment must be used for the vCenter Server database user.
VCENTER-000020 Medium The system must restrict unauthorized vSphere users from being able to execute commands within the guest virtual machine.
VCENTER-000024 Medium A least-privileges assignment must be used for the Update Manager database user.
VCENTER-000029 Medium vSphere Client plugins must be verified.
VCENTER-000019 Medium Access to SSL certificates must be restricted.
VCENTER-000013 Medium Access to SSL certificates must be monitored.
VCENTER-000012 Medium The vCenter Server administrative users must have the correct roles assigned.
VCENTER-000018 Medium The vSphere Administrator role must be secured and assigned to specific users.
VCENTER-000017 Medium Revoked certificates must be removed from the vCenter Server.
VCENTER-000016 Medium Log files must be cleaned up after failed installations of the vCenter Server.
VCENTER-000015 Medium Expired certificates must be removed from the vCenter Server.
VCENTER-000014 Medium The system's Update Manager must not use default self-signed certificates.
VCENTER-000030 Medium The system must always verify SSL certificates.
VCENTER-000033 Medium The connectivity between Update Manager and public patch repositories must be limited.
VCENTER-000032 Medium Default self-signed certificates must not be used by the vCenter Server.
VCENTER-000034 Medium The connectivity between Update Manager and public patch repositories must be limited.
VCENTER-000027 Medium The system must set a timeout for all thick-client logins without activity.
VCENTER-000007 Low The system must disable the managed object browser.
VCENTER-000022 Low Network access to the vCenter Server system must be restricted.
VCENTER-000021 Low The use of Linux-based clients must be restricted.
VCENTER-000008 Low The vCenter Server must be installed using a service account instead of a built-in Windows account.
VCENTER-000009 Low The connectivity between Update Manager and public patch repositories must be limited.
VCENTER-000006 Low The system must disable the datastore browser.