Home
Security Hardening
DISA STIG VMware vSphere 6.x ESXi V1R5

DISA STIG VMware vSphere 6.x ESXi V1R5

ESXI-06-000042 – The system must terminate shell services after a predetermined period.
Details When the ESXi Shell or SSH services are enabled on a host they will run indefinitely. To avoid having...
ESXI-06-000043 – The system must logout of the console UI after a predetermined period.
Details When the Direct console user interface (DCUI) is enabled and logged in it should be automatically logged out if...
ESXI-06-000045 – The system must enable a persistent log location for all locally stored logs.
Details ESXi can be configured to store log files on an in-memory file system. This occurs when the host’s ‘/scratch’...
ESXI-06-000030 – The system must produce audit records containing information to establish what type of events occurred.
Details Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading...
ESXI-06-000031 – The VMM must enforce password complexity by requiring that at least one upper-case character be used.
Details To enforce the use of complex passwords, minimum numbers of characters of different classes are mandated. The use of...
ESXI-06-000034 – The system must disable the Managed Object Browser (MOB).
Details The Managed Object Browser (MOB) provides a way to explore the object model used by the VMkernel to manage...
ESXI-06-000035 – The VMM must be configured to disable non-essential capabilities by disabling SSH.
Details The ESXi Shell is an interactive command line interface (CLI) available at the ESXi server console. The ESXi shell...
ESXI-06-000036 – The system must disable ESXi Shell unless needed for diagnostics or troubleshooting.
Details The ESXi Shell is an interactive command line environment available locally from the DCUI or remotely via SSH. Activities...
ESXI-06-000037 – The system must use Active Directory for local user authentication.
Details Join ESXi hosts to an Active Directory (AD) domain to eliminate the need to create and maintain multiple local...
ESXI-06-000039 – Active Directory ESX Admin group membership must not be used.
Details When adding ESXi hosts to Active Directory, if the group ‘ESX Admins’ exists, all user/group accounts assigned to the...

Prev Next

DISA STIG VMware vSphere 6.x ESXi V1R5

ESXI-06-000042 – The system must terminate shell services after a predetermined period.

ESXI-06-000043 – The system must logout of the console UI after a predetermined period.

ESXI-06-000045 – The system must enable a persistent log location for all locally stored logs.

ESXI-06-000030 – The system must produce audit records containing information to establish what type of events occurred.

ESXI-06-000031 – The VMM must enforce password complexity by requiring that at least one upper-case character be used.

ESXI-06-000034 – The system must disable the Managed Object Browser (MOB).

ESXI-06-000035 – The VMM must be configured to disable non-essential capabilities by disabling SSH.

ESXI-06-000036 – The system must disable ESXi Shell unless needed for diagnostics or troubleshooting.

ESXI-06-000037 – The system must use Active Directory for local user authentication.

ESXI-06-000039 – Active Directory ESX Admin group membership must not be used.