Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-239295 | ESXI-67-000040 | SV-239295r674814_rule | Low |
Description |
---|
To ensure accountability and prevent unauthenticated access, privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Note: This feature requires an existing PKI and AD integration. Satisfies: SRG-OS-000107-VMM-000530, SRG-OS-000376-VMM-001520, SRG-OS-000377-VMM-001530, SRG-OS-000403-VMM-001640 |
STIG | Date |
---|---|
VMware vSphere 6.7 ESXi Security Technical Implementation Guide | 2021-03-17 |
Check Text ( C-42528r674812_chk ) |
---|
From the vSphere Client, select the ESXi Host and go to Configure >> System >> Authentication Services and view the Smart Card Authentication status. If "Smart Card Mode" is "Disabled", this is a finding. For environments that do have PKI or AD available, this is Not Applicable. |
Fix Text (F-42487r674813_fix) |
---|
The following are prerequisites to configuration of smart card authentication for the ESXi DCUI: - Active Directory domain that supports smart card authentication, smart card readers, and smart cards; - ESXi joined to an Active Directory domain; and - Trusted certificates for root and intermediary certificate authorities. From the vSphere Client, select the ESXi host and go to Configure >> System >> Authentication Services, click "Edit", and check the "Enable Smart Card Authentication" checkbox. At the "Certificates" tab, click the green plus sign to import trusted certificate authority certificates and click "OK". |