Details
Port-level configuration overrides are disabled by default. Once enabled, it allows for different security to be set ignoring what is set at the Port-Group level.
Rationale:
There are cases where unique configurations are needed, but this should be monitored so it is only used when authorized. If overrides are not monitored, anyone who gains access to a VM with a less secure VDS configuration could secretly exploit the broader access.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Using the vSphere Web Client,
Go to the Networking section of vCenter
After expanding each individual switch you will need to perform the following for each PortGroup.
Go to Configure then expand Settings.
Click on Properties then click on Edit.
Select Advanced then under Override port policies set each to Disabled.
Click OK.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Security Assessment and Authorization.This control applies to the following type of system VMware.