Home
Security Hardening
DISA STIG VMware vSphere 6.x ESXi OS V1R5

DISA STIG VMware vSphere 6.x ESXi OS V1R5

ESXI-06-000024 – The SSH daemon must not accept environment variables from the client.
Details Environment variables can be used to change the behavior of remote sessions and should be limited. Locate environment variables...
ESXI-06-000009 – The SSH daemon must be configured with the Department of Defense (DoD) login banner.
Details The warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers. Alternatively, systems...
ESXI-06-000010 – The VMM must use DoD-approved encryption to protect the confidentiality of remote access sessions.
Details Approved algorithms should impart some level of confidence in their implementation. These are also required for compliance. Note: This...
ESXI-06-000011 – The SSH daemon must be configured to use only the SSHv2 protocol.
Details SSH protocol version 1 suffers from design flaws that result in security vulnerabilities and should not be used. Solution...
ESXI-06-000012 – The SSH daemon must ignore .rhosts files.
Details SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts....
ESXI-06-000013 – The SSH daemon must not allow host-based authentication.
Details SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts....
ESXI-06-000014 – The SSH daemon must not permit root logins.
Details Permitting direct root login reduces auditable information about who ran privileged commands on the system and also allows direct...
ESXI-06-000015 – The SSH daemon must not allow authentication using an empty password.
Details Configuring this setting for the SSH daemon provides additional assurance that remote login via SSH will require a password,...
ESXI-06-000016 – The SSH daemon must not permit user environment settings.
Details SSH environment options potentially allow users to bypass access restriction in some configurations. Solution To ensure users are not...
ESXI-06-000017 – The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
Details DoD information systems are required to use FIPS 140-2 approved cryptographic hash functions. Note: This does not imply FIPS...

DISA STIG VMware vSphere 6.x ESXi OS V1R5

ESXI-06-000024 – The SSH daemon must not accept environment variables from the client.

ESXI-06-000009 – The SSH daemon must be configured with the Department of Defense (DoD) login banner.

ESXI-06-000010 – The VMM must use DoD-approved encryption to protect the confidentiality of remote access sessions.

ESXI-06-000011 – The SSH daemon must be configured to use only the SSHv2 protocol.

ESXI-06-000012 – The SSH daemon must ignore .rhosts files.

ESXI-06-000013 – The SSH daemon must not allow host-based authentication.

ESXI-06-000014 – The SSH daemon must not permit root logins.

ESXI-06-000015 – The SSH daemon must not allow authentication using an empty password.

ESXI-06-000016 – The SSH daemon must not permit user environment settings.

ESXI-06-000017 – The SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.