Details

The vCenter Server for Windows must ensure users are authenticated with an individual authenticator prior to using a group authenticator. Using Active Directory for authentication provides more robust account management capabilities.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If the server hosting vCenter is not joined to the domain follow the OS specific procedures to join it to Active Directory.

If local accounts are used for normal operations then Active Directory accounts should be created and used.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y21M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system VMware.

References

• 800-53|IA-2(5)
• CAT|II
• CCI|CCI-000770
• Rule-ID|SV-216832r612237_rule
• STIG-ID|VCWN-65-000009
• STIG-Legacy|SV-104561
• STIG-Legacy|V-94731
• Vuln-ID|V-216832

Source

• Tenable.com/audits