Details

If personnel are not notified of permission events, they will not be aware of possible unsecure situations.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From the vSphere Web Client select the vCenter server at the top of the hierarchy and go to >> Alarms >> Definitions. Right-click in the empty space and select ‘New Alarm’. On the ‘General’ tab provide an alarm name and description, Select ‘vCenter Server’ for alarm type and ‘Monitor for specific events occurring on this object’, check ‘Enable this alarm’. On the ‘Triggers’ tab, click ‘Add’ for a trigger and in the event column enter ‘vim.event.PermissionRemovedEvent’ and click ‘OK’.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y21M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system VMware.

References

• 800-53|SI-6c.
• CAT|II
• CCI|CCI-001294
• Rule-ID|SV-216868r612237_rule
• STIG-ID|VCWN-65-000049
• STIG-Legacy|SV-104631
• STIG-Legacy|V-94801
• Vuln-ID|V-216868

Source

• Tenable.com/audits