Details
The CIM system provides an interface that enables hardware-level management from remote applications via a set of standard APIs. Create a limited-privilege, read-only service account for CIM. Grant this role to the user on the ESXi server. Place this user in the Exception Users list. When/where write access is required, create/enable a limited-privilege service account and grant only the minimum required privileges.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Create a role for the CIM account:
From the Host Client, go to Manage >> Security & Users.
Select ‘Roles’ and click ‘Add Role’.
Provide a name for the new role and select Host >> Cim >> Ciminteraction and click ‘Add’.
Add a CIM user account:
From the Host Client, go to Manage >> Security & Users.
Select ‘Users’ and click ‘Add User’.
Provide a name, description, and password for the new user and click ‘Add’.
Assign the CIM account permissions to the host with the new role.
From the Host Client, select the ESXi host, right-click, and go to ‘Permissions’.
Click ‘Add User’, select the CIM account from the drop-down list, select the new CIM role from the drop-down list, and click ‘Add User’.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.
References
- 800-53|CM-6b.
- CAT|II
- CCI|CCI-000366
- Rule-ID|SV-239323r674898_rule
- STIG-ID|ESXI-67-000070
- STIG-Legacy|SV-104303
- STIG-Legacy|V-94349
- Vuln-ID|V-239323