OpenControls Logo

STIG Viewer

Use of the virtual machine (VM) console must be minimized.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-256469VMCH-70-000021SV-256469r959010_ruleCCI-000366medium
Description
The VM console enables a connection to the console of a virtual machine, in effect seeing what a monitor on a physical server would show. The VM console also provides power management and removable device connectivity controls, which could allow a malicious user to bring down a VM. In addition, it impacts performance on the service console, especially if many VM console sessions are open simultaneously.
STIGDate
VMware vSphere 7.0 Virtual Machine Security Technical Implementation Guide2024-12-16

Related Frameworks

4 paths across 3 frameworks
NIST 800-531 mapping
CM-6
1.00
  • DISA · V1R4 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
  • DISA · V1R4 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
  • DISA · V1R4 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
  • DISA · V1R4 · disa_xccdf · related

Details

Check Text (C-256469r959010_chk)

Remote management services, such as terminal services and Secure Shell (SSH), must be used to interact with VMs. VM console access should only be granted when remote management services are unavailable or insufficient to perform necessary management tasks. Ask the system administrator if a VM console is used to perform VM management tasks other than for troubleshooting VM issues. If a VM console is used to perform VM management tasks other than for troubleshooting VM issues, this is a finding. If SSH and/or terminal management services are exclusively used to perform management tasks, this is not a finding.

Fix Text (F-60087r886449_fix)

Develop a policy prohibiting the use of a VM console for performing management services. This policy should include procedures for the use of SSH and Terminal Management services for VM management. Where SSH and Terminal Management services prove insufficient to troubleshoot a VM, access to the VM console may be granted temporarily.