| V-256453 | | Virtual disk shrinking must be disabled on the virtual machine (VM). | Shrinking a virtual disk reclaims unused space in it. If there is empty space in the disk, this process reduces the amount of space the virtual disk o... |
| V-256454 | | Virtual disk wiping must be disabled on the virtual machine (VM). | Shrinking and wiping (erasing) a virtual disk reclaims unused space in it. If there is empty space in the disk, this process reduces the amount of spa... |
| V-256455 | | Independent, nonpersistent disks must not be used on the virtual machine (VM). | The security issue with nonpersistent disk mode is that successful attackers, with a simple shutdown or reboot, might undo or remove any traces they w... |
| V-256456 | | Host Guest File System (HGFS) file transfers must be disabled on the virtual machine (VM). | Setting "isolation.tools.hgfsServerSet.disable" to "true" disables registration of the guest's HGFS server with the host. Application Programming Inte... |
| V-256457 | | Unauthorized floppy devices must be disconnected on the virtual machine (VM). | Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual ... |
| V-256459 | | Unauthorized parallel devices must be disconnected on the virtual machine (VM). | Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual ... |
| V-256460 | | Unauthorized serial devices must be disconnected on the virtual machine (VM). | Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual ... |
| V-256461 | | Unauthorized USB devices must be disconnected on the virtual machine (VM). | Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual ... |
| V-256462 | | Console connection sharing must be limited on the virtual machine (VM). | By default, more than one user at a time can connect to remote console sessions. When multiple sessions are activated, each terminal window receives a... |
| V-256464 | | Unauthorized removal, connection, and modification of devices must be prevented on the virtual machine (VM). | In a virtual machine, users and processes without root or administrator privileges can connect or disconnect devices, such as network adaptors and CD-... |
| V-256465 | | The virtual machine (VM) must not be able to obtain host information from the hypervisor. | If enabled, a VM can obtain detailed information about the physical host. The default value for the parameter is FALSE. This setting should not be TRU... |
| V-256469 | | Use of the virtual machine (VM) console must be minimized. | The VM console enables a connection to the console of a virtual machine, in effect seeing what a monitor on a physical server would show. The VM conso... |
| V-256470 | | The virtual machine (VM) guest operating system must be locked when the last console connection is closed. | When accessing the VM console, the guest operating system must be locked when the last console user disconnects, limiting the possibility of session h... |
| V-256472 | | Encryption must be enabled for vMotion on the virtual machine (VM). | vMotion migrations in vSphere 6.0 and earlier transferred working memory and CPU state information in clear text over the vMotion network. As of vSphe... |
| V-256473 | | Logging must be enabled on the virtual machine (VM). | The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including but not limited to power events, system... |
| V-256474 | | Log size must be configured properly on the virtual machine (VM). | The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including but not limited to power events, system... |
| V-256475 | | Log retention must be configured properly on the virtual machine (VM). | The ESXi hypervisor maintains logs for each individual VM by default. These logs contain information including but not limited to power events, system... |
| V-256476 | | DirectPath I/O must be disabled on the virtual machine (VM) when not required. | VMDirectPath I/O (PCI passthrough) enables direct assignment of hardware PCI functions to VMs. This gives the VM access to the PCI functions with mini... |
| V-256477 | | Encryption must be enabled for Fault Tolerance on the virtual machine (VM). | Fault Tolerance log traffic can be encrypted. This could contain sensitive data from the protected machine's memory or CPU instructions.
vSphere Faul... |
| V-256450 | | Copy operations must be disabled on the virtual machine (VM). | Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is cor... |
| V-256451 | | Drag and drop operations must be disabled on the virtual machine (VM). | Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is cor... |
| V-256452 | | Paste operations must be disabled on the virtual machine (VM). | Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is cor... |
| V-256458 | | Unauthorized CD/DVD devices must be disconnected on the virtual machine (VM). | Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual ... |
| V-256463 | | Informational messages from the virtual machine to the VMX file must be limited on the virtual machine (VM). | The configuration file containing these name-value pairs is limited to a size of 1MB. If not limited, VMware tools in the guest operating system are c... |
| V-256466 | | Shared salt values must be disabled on the virtual machine (VM). | When salting is enabled (Mem.ShareForceSalting=1 or 2) to share a page between two virtual machines, both salt and the content of the page must be sam... |
| V-256467 | | Access to virtual machines (VMs) through the "dvfilter" network Application Programming Interface (API) must be controlled. | An attacker might compromise a VM by using the "dvFilter" API. Configure only VMs that need this access to use the API.... |
| V-256468 | | System administrators must use templates to deploy virtual machines (VMs) whenever possible. | Capture a hardened base operating system image (with no applications installed) in a template to ensure all VMs are created with a known baseline leve... |
| V-256471 | | All 3D features on the virtual machine (VM) must be disabled when not required. | For performance reasons, it is recommended that 3D acceleration be disabled on virtual machines that do not require 3D functionality (e.g., most serve... |
