UCF STIG Viewer Logo

VMware vSphere 8.0 vCenter Appliance Lookup Service Security Technical Implementation Guide


Overview

Date Finding Count (34)
2024-07-11 CAT I (High): 0 CAT II (Med): 34 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-259063 Medium The vCenter Lookup service example applications must be removed.
V-259062 Medium The vCenter Lookup service xpoweredBy attribute must be disabled.
V-259065 Medium The vCenter Lookup service default documentation must be removed.
V-259064 Medium The vCenter Lookup service default ROOT web application must be removed.
V-259067 Medium The vCenter Lookup service must disable "ALLOW_BACKSLASH".
V-259066 Medium The vCenter Lookup service files must have permissions in an out-of-the-box state.
V-259061 Medium The vCenter Lookup service must have Autodeploy disabled.
V-259060 Medium The vCenter Lookup service deployXML attribute must be disabled.
V-259049 Medium The vCenter Lookup service must set an inactive timeout for sessions.
V-259048 Medium The vCenter Lookup service "ErrorReportValve showServerInfo" must be set to "false".
V-259047 Medium The vCenter Lookup service must set URIEncoding to UTF-8.
V-259046 Medium The vCenter Lookup service must be configured to fail to a known safe state if system initialization fails.
V-259045 Medium The vCenter Lookup service must be configured to limit data exposure between applications.
V-259044 Medium The vCenter Lookup service must be configured to use a specified IP address and port.
V-259069 Medium The vCenter Lookup service manager webapp must be removed.
V-259068 Medium The vCenter Lookup service must enable "ENFORCE_ENCODING_IN_GET_WRITER".
V-259041 Medium The vCenter Lookup service logs folder permissions must be set correctly.
V-259040 Medium The vCenter Lookup service must produce log records containing sufficient information regarding event details.
V-259043 Medium The vCenter Lookup service must disable stack tracing.
V-259042 Medium The vCenter Lookup service must limit privileges for creating or modifying hosted application shared files.
V-259070 Medium The vCenter Lookup service host-manager webapp must be removed.
V-259058 Medium The vCenter Lookup service debug parameter must be disabled.
V-259059 Medium The vCenter Lookup service directory listings parameter must be disabled.
V-259054 Medium The vCenter Lookup service must configure the "setCharacterEncodingFilter" filter.
V-259055 Medium The vCenter Lookup service cookies must have "http-only" flag set.
V-259056 Medium The vCenter Lookup service DefaultServlet must be set to "readonly" for "PUT" and "DELETE" commands.
V-259057 Medium The vCenter Lookup service shutdown port must be disabled.
V-259050 Medium The vCenter Lookup service must offload log records onto a different system or media from the system being logged.
V-259051 Medium The vCenter Lookup service must enable "STRICT_SERVLET_COMPLIANCE".
V-259052 Medium The vCenter Lookup service must limit the amount of time that each Transmission Control Protocol (TCP) connection is kept alive.
V-259053 Medium The vCenter Lookup service must limit the number of times that each Transmission Control Protocol (TCP) connection is kept alive.
V-259037 Medium The vCenter Lookup service must limit the number of maximum concurrent connections permitted.
V-259038 Medium The vCenter Lookup service cookies must have secure flag set.
V-259039 Medium The vCenter Lookup service must initiate session logging upon startup.