Home
Security Hardening
DISA STIG VMware vSphere 6.x ESXi OS V1R5

DISA STIG VMware vSphere 6.x ESXi OS V1R5

ESXI-06-000029 – The system must remove keys from the SSH authorized_keys file.
Details ESXi hosts come with SSH which can be enabled to allow remote access without requiring user authentication. To enable...
ESXI-06-000032 – The system must prohibit the reuse of passwords within five iterations.
Details If a user, or root, used the same password continuously or was allowed to change it back shortly after...
ESXI-06-000033 – The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm.
Details Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. The...
ESXI-06-000044 – The system must enable kernel core dumps.
Details In the event of a system failure, the system must preserve any information necessary to determine cause of failure...
ESXI-06-000047 – The Image Profile and VIB Acceptance Levels must be verified.
Details Verify the ESXi Image Profile to only allow signed VIBs. An unsigned VIB represents untested code installed on an...
ESXI-06-000056 – The system must configure the firewall to restrict access to services running on the host.
Details Unrestricted access to services running on an ESXi host can expose a host to outside attacks and unauthorized access....
ESXI-06-100010 – The SSH daemon must be configured to only use FIPS 140-2 approved ciphers.
Details Approved algorithms should impart some level of confidence in their implementation. These are also required for compliance. Note: That...
ESXI-06-100047 – The VMM must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and guest VMs by verifying Image Profile and VIP Acceptance Levels.
Details Verify the ESXi Image Profile to only allow signed VIBs. An unsigned VIB represents untested code installed on an...
ESXI-06-200047 – The VMM must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest on all VMM components by verifying Image Profile and VIP Acceptance Levels.
Details Verify the ESXi Image Profile to only allow signed VIBs. An unsigned VIB represents untested code installed on an...

DISA STIG VMware vSphere 6.x ESXi OS V1R5

ESXI-06-000029 – The system must remove keys from the SSH authorized_keys file.

ESXI-06-000032 – The system must prohibit the reuse of passwords within five iterations.

ESXI-06-000033 – The password hashes stored on the system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm.

ESXI-06-000044 – The system must enable kernel core dumps.

ESXI-06-000047 – The Image Profile and VIB Acceptance Levels must be verified.

ESXI-06-000056 – The system must configure the firewall to restrict access to services running on the host.

ESXI-06-100010 – The SSH daemon must be configured to only use FIPS 140-2 approved ciphers.

ESXI-06-100047 – The VMM must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs and guest VMs by verifying Image Profile and VIP Acceptance Levels.

ESXI-06-200047 – The VMM must implement cryptographic mechanisms to prevent unauthorized modification of all information at rest on all VMM components by verifying Image Profile and VIP Acceptance Levels.