Details

Ensure that no device is connected to a virtual machine if it is not required. For example, floppy, serial and parallel ports are rarely used for virtual machines in a datacenter environment, and CD/DVD drives are usually connected only temporarily during software installation.

Solution

From the vSphere Client select the Virtual Machine right click and go to Edit Settings. Select the USB controller and click remove then OK.

or

From a PowerCLI command prompt while connected to the ESXi host or vCenter server run the following command:

Get-VM ‘VM Name’ | Get-USBDevice | Remove-USBDevice

Note: This will not remove the USB controller just any connected devices.

Supportive Information

The following resource is also helpful.

• http://iasecontent.disa.mil/stigs/zip/U_VMware_vSphere_6-0_Virtual_Machine_V1R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.

References

• 800-53|CM-6b.
• CAT|II
• CCI|CCI-000366
• Group-ID|V-64101
• Rule-ID|SV-78591r1_rule
• STIG-ID|VMCH-06-000032
• Vuln-ID|V-64101

Source

• Tenable.com/audits