UCF STIG Viewer Logo

Access to SSL certificates must be monitored.


Finding ID Version Rule ID IA Controls Severity
VCENTER-000013 VCENTER-000013 VCENTER-000013_rule Medium
The directory that contains the SSL certificates only needs to be accessed by the service account user on a regular basis. Occasionally, the vCenter Server system administrator might need to access it for support purposes. The SSL certificate can be used to impersonate vCenter and decrypt the vCenter database password.
VMware vCenter Server Security Technical Implementation Guide 2013-01-15


Check Text ( C-VCENTER-000013_chk )
Ask the SA if event log monitoring is used to alert on non-service account access to the certificates directory.

If event log monitoring is not used, this is a finding.
Fix Text (F-VCENTER-000013_fix)
Set up Windows event log monitoring to alert on nonservice account access to the certificates directory.