Home
Security Hardening
DISA STIG VMware vSphere VCenter 6.x V1R4

DISA STIG VMware vSphere VCenter 6.x V1R4

VCWN-06-000001 – The system must prohibit password reuse for a minimum of five generations.
Details Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and...
VCWN-06-000002 – The system must not automatically refresh client sessions.
Details Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take...
VCWN-06-000018 – All port groups must be configured to a value other than that of the native VLAN.
Details ESXi does not use the concept of native VLAN. Frames with VLAN specified in the port group will have...
VCWN-06-000019 – All port groups must not be configured to VLAN 4095 unless Virtual Guest Tagging (VGT) is required.
Details When a port group is set to VLAN 4095, this activates VGT mode. In this mode, the vSwitch passes...
VCWN-06-000020 – All port groups must not be configured to VLAN values reserved by upstream physical switches.
Details Certain physical switches reserve certain VLAN IDs for internal purposes and often disallow traffic configured to these values. For...
VCWN-06-000003 – The system must enforce a 60-day maximum password lifetime restriction.
Details Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed at specific intervals....
VCWN-06-000021 – The system must enable SSL for Network File Copy (NFC).
Details NFC is the mechanism used to migrate or clone a VM between two ESXi hosts over the network. By...
VCWN-06-000004 – The system must terminate management sessions after 10 minutes of inactivity.
Details Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take...
VCWN-06-000022 – The vCenter Server services must be ran using a service account instead of a built-in Windows account.
Details You can use the Microsoft Windows built-in system account or a domain user account to run vCenter Server. The...
VCWN-06-000005 – The vCenter Server users must have the correct roles assigned.
Details Users and service accounts must only be assigned privileges they require. Least Privilege requires that these privileges must only...

DISA STIG VMware vSphere VCenter 6.x V1R4

VCWN-06-000001 – The system must prohibit password reuse for a minimum of five generations.

VCWN-06-000002 – The system must not automatically refresh client sessions.

VCWN-06-000018 – All port groups must be configured to a value other than that of the native VLAN.

VCWN-06-000019 – All port groups must not be configured to VLAN 4095 unless Virtual Guest Tagging (VGT) is required.

VCWN-06-000020 – All port groups must not be configured to VLAN values reserved by upstream physical switches.

VCWN-06-000003 – The system must enforce a 60-day maximum password lifetime restriction.

VCWN-06-000021 – The system must enable SSL for Network File Copy (NFC).

VCWN-06-000004 – The system must terminate management sessions after 10 minutes of inactivity.

VCWN-06-000022 – The vCenter Server services must be ran using a service account instead of a built-in Windows account.

VCWN-06-000005 – The vCenter Server users must have the correct roles assigned.