ESXI-67-000024 – The ESXi host SSH daemon must not accept environment variables from the client.
Details Environment variables can be used to change the behavior of remote sessions and should be limited. Locale environment variables...
- Home
- Security Hardening
- DISA STIG VMware vSphere 6.7 ESXi OS V1R1
DISA STIG VMware vSphere 6.7 ESXi OS V1R1
ESXI-67-000044 – The ESXi host must enable kernel core dumps.
Details In the event of a system failure, the system must preserve any information necessary to determine cause of failure...ESXI-67-000047 – The ESXi Image Profile and vSphere Installation Bundle (VIB) Acceptance Levels must be verified.
Details Verify the ESXi Image Profile to only allow signed VIBs. An unsigned VIB represents untested code installed on an...ESXI-67-000056 – The ESXi host must configure the firewall to restrict access to services running on the host.
Details Unrestricted access to services running on an ESXi host can expose a host to outside attacks and unauthorized access....ESXI-67-000076 – The ESXi host must enable Secure Boot.
Details Secure Boot is a protocol of UEFI firmware that ensures the integrity of the boot process from hardware up...ESXI-67-000078 – The ESXi host must use DoD-approved certificates.
Details The default self-signed, VMware Certificate Authority-issued host certificate must be replaced with a DoD-approved certificate when the host will...ESXI-67-100010 – The ESXi host SSH daemon must be configured to only use FIPS 140-2 approved ciphers.
Details Approved algorithms should impart some level of confidence in their implementation. These are also required for compliance. Solution Limit...