OpenControls Logo

STIG Viewer

The vCenter server must enable the OVF security policy for content libraries.

Overview

Finding IDVersionRule IDIA ControlsSeverity
V-258962VCSA-80-000296SV-258962r934544_ruleCCI-000366medium
Description
In the vSphere Client, you can create a local or a subscribed content library. By using content libraries, you can store and manage content in one vCenter Server instance. Alternatively, you can distribute content across vCenter Server instances to increase consistency and facilitate the deployment workloads at scale. You can protect the OVF items by applying default OVF security policy to a content library. The OVF security policy enforces strict validation on OVF items when you deploy or update the item, import items, or synchronize OVF and OVA templates. To make sure that the OVF and OVA templates are signed by a trusted certificate, you can add the OVF signing certificate from a trusted CA.
STIGDate
VMware vSphere 8.0 vCenter Security Technical Implementation Guide2023-10-11

Related Frameworks

4 paths across 3 frameworks
NIST 800-531 mapping
CM-6
1.00
  • DISA · V1R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.4.1
1.00
  • DISA · V1R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.4.2
1.00
  • DISA · V1R1 · disa_xccdf · related
  • DISA · 2025-01-23 · disa_cci_list · equivalent
  • NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000366
1.00
  • DISA · V1R1 · disa_xccdf · related

Details

Check Text (C-258962r934544_chk)

From the vSphere Client, go to Content Libraries. Review the "Security Policy" column. If a content library does not have the "OVF default policy" enabled, this is a finding.

Fix Text (F-62611r934543_fix)

From the vSphere Client, go to Content Libraries. Select the target content library. Select "Actions" then "Edit Settings". Click the checkbox to "Apply Security Policy". Click "OK". Note: If you disable the security policy of a content library, you cannot reuse the existing OVF items.