Home
Security Hardening
DISA STIG VMware ESXi VCenter 5 STIG V2R1

DISA STIG VMware ESXi VCenter 5 STIG V2R1

VCENTER-000003 – The VMware Update Manager must not be configured to manage its own VM or the VM of its vCenter Server.
Details The VMware Update Manager (vUM) and vCenter Server (vCS) are VM installable on an ESXi hypervisor host. For all...
VCENTER-000005 – Privilege re-assignment must be checked after the vCenter Server restarts.
Details During a restart of vCenter Server, if the user or user group that is assigned Administrator role on the...
VCENTER-000006 – The Web datastore browser must be disabled, unless required for normal day-to-day operations.
Details The Web datastore browser enables viewing of all the datastores associated with the vSphere deployment, including all folders and...
VCENTER-000007 – The managed object browser must be disabled, at all times, when not required for the purpose of troubleshooting or maintenance of managed objects.
Details The managed object browser provides a way to explore the object model used by the vCenter to manage the...
VCENTER-000008 – The vCenter Server must be installed using a service account instead of a built-in Windows account.
Details The Microsoft Windows built-in system account or a user account can be used to run vCenter Server. With a...
VCENTER-000009 – The connectivity between Update Manager and public patch repositories must be restricted by use of a separate Update Manager Download Server.
Details The Update Manager Download Service (UMDS) is an optional module of the Update Manager. UMDS downloads upgrades for virtual...
VCENTER-000012 – The vCenter Server administrative users must have the correct roles assigned.
Details Administrative users must only be assigned privileges they require. Least Privilege requires that these privileges must only be assigned...
VCENTER-000013 – Access to SSL certificates must be monitored.
Details The directory that contains the SSL certificates only needs to be accessed by the service account user on a...
VCENTER-000015 – Expired certificates must be removed from the vCenter Server.
Details If expired certificates are not removed from the vCenter Server, the user can be subject to a MiTM attack,...
VCENTER-000016 – Log files must be cleaned up after failed installations of the vCenter Server.
Details If the vCenter installation fails, a log file (with a name of the form ‘hs_err_pidXXXX’) is created that contains...

DISA STIG VMware ESXi VCenter 5 STIG V2R1

VCENTER-000003 – The VMware Update Manager must not be configured to manage its own VM or the VM of its vCenter Server.

VCENTER-000005 – Privilege re-assignment must be checked after the vCenter Server restarts.

VCENTER-000006 – The Web datastore browser must be disabled, unless required for normal day-to-day operations.

VCENTER-000007 – The managed object browser must be disabled, at all times, when not required for the purpose of troubleshooting or maintenance of managed objects.

VCENTER-000008 – The vCenter Server must be installed using a service account instead of a built-in Windows account.

VCENTER-000009 – The connectivity between Update Manager and public patch repositories must be restricted by use of a separate Update Manager Download Server.

VCENTER-000012 – The vCenter Server administrative users must have the correct roles assigned.

VCENTER-000013 – Access to SSL certificates must be monitored.

VCENTER-000015 – Expired certificates must be removed from the vCenter Server.

VCENTER-000016 – Log files must be cleaned up after failed installations of the vCenter Server.