Details
Have a standard process for VM deployment whether this is a VMware template or another means to ensure Operating Systems have the appropriate security controls. Refer to CIS Benchmarks for information in regards to specific Operating System hardening.
Rationale:
By utilizing a standard deployment process and having hardened templates you can ensure that all your virtual machines are created with a known baseline level of security.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Create documentation and a standard process for the method for VM deployment. If utilizing templates in VMware create the templates, document the process for using them as well as keeping them up-to-date, then ensure the process is followed accordingly through periodic review.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management, Identification and Authentication.This control applies to the following type of system VMware.