Home
Security Hardening
DISA STIG VMware ESXi VCenter 5 STIG V2R1

DISA STIG VMware ESXi VCenter 5 STIG V2R1

VCENTER-000017 – Revoked certificates must be removed from the vCenter Server.
Details If revoked certificates are not removed from the vCenter Server, the user can be subject to a MiTM attack,...
VCENTER-000018 – The vCenter Administrator role must be secured and assigned to specific users other than a Windows Administrator.
Details By default, vCenter Server grants full administrative rights to the local administrator’s account, which can be accessed by domain...
VCENTER-000022 – Network access to the vCenter Server system must be restricted.
Details Restrict access to only those essential components required to communicate with vCenter. Blocking access by unnecessary systems reduces the...
VCENTER-000023 – A least-privileges assignment must be used for the vCenter Server database user.
Details Least-privileges mitigates attacks if the vCenter database account is compromised. vCenter requires very specific privileges on the database. Privileges...
VCENTER-000024 – A least-privileges assignment must be used for the Update Manager database user.
Details Least-privileges mitigates attacks if the Update Manager database account is compromised. The VMware Update Manager requires certain privileges for...
VCENTER-000027 – The system must set a timeout for all thick-client logins without activity.
Details An inactivity timeout must be set for the vSphere Client (Thick Client). This client-side setting can be changed by...
VCENTER-000029 – vSphere Client plugins must be verified.
Details The vCenter Server includes a vSphere Client extensibility framework, which provides the ability to extend the vSphere Client with...
VCENTER-000031 – The vCenter Administrator role must be secured by assignment to specific users authorized as vCenter Administrators.
Details By default, vCenter Server grants full administrative rights to the local administrator’s account, which can be accessed by domain...
VCENTER-000033 – The Update Manager Download Server must be isolated from direct connection to Internet public patch repositories by a proxy server.
Details In a typical deployment, the Update Manager Download Server connects to public patch repositories on the Internet to download...
VCENTER-000034 – The Update Manager must not directly connect to public patch repositories on the Internet.
Details In a typical deployment, the Update Manager connects to public patch repositories on the Internet to download patches. Any...

Prev Next

DISA STIG VMware ESXi VCenter 5 STIG V2R1

VCENTER-000017 – Revoked certificates must be removed from the vCenter Server.

VCENTER-000018 – The vCenter Administrator role must be secured and assigned to specific users other than a Windows Administrator.

VCENTER-000022 – Network access to the vCenter Server system must be restricted.

VCENTER-000023 – A least-privileges assignment must be used for the vCenter Server database user.

VCENTER-000024 – A least-privileges assignment must be used for the Update Manager database user.

VCENTER-000027 – The system must set a timeout for all thick-client logins without activity.

VCENTER-000029 – vSphere Client plugins must be verified.

VCENTER-000031 – The vCenter Administrator role must be secured by assignment to specific users authorized as vCenter Administrators.

VCENTER-000033 – The Update Manager Download Server must be isolated from direct connection to Internet public patch repositories by a proxy server.

VCENTER-000034 – The Update Manager must not directly connect to public patch repositories on the Internet.