The VMM must separate user functionality (including user interface services) from VMM management functionality.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-207401 | SRG-OS-000132-VMM-000650 | SV-207401r958514_rule | CCI-001082 | medium |
| Description | ||||
| VMM management functionality includes functions necessary for administration and requires privileged user access. Allowing non-privileged users to access VMM management functionality capabilities increases the risk that non-privileged users may obtain elevated privileges. VMM management functionality includes functions necessary to administer console, network components, workstations, or servers, and typically requires privileged user access. The separation of user functionality from VMM management functionality is either physical or logical and is accomplished by using different guest VMs, different computers, different central processing units, different instances of the VMM, different network addresses, different TCP/UDP ports, other virtualization techniques, combinations of these methods, or other methods, as appropriate. | ||||
| STIG | Date | |||
| Virtual Machine Manager Security Requirements Guide | 2024-12-06 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
SC-2
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.13.3
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-001082
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-207401r958514_chk)
Verify the VMM separates user functionality (including user interface services) from VMM management functionality.
If it does not, this is a finding.
Fix Text (F-7658r365614_fix)
Configure the VMM to separate user functionality (including user interface services) from VMM management functionality.