Virtual guest operating systems must be registered in a vulnerability and asset management system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| WN12-GE-000011 | WN12-GE-000011 | WN12-GE-000011_rule | Medium |
| Description |
|---|
| Virtual guest operating systems share the same vulnerabilities as operating systems running on dedicated hardware and must be individually assessed for security guidance compliance. The VMS used may be DISA VMS or a similar vulnerability and asset management system. |
| STIG | Date |
|---|---|
| Microsoft Windows Server 2012 Member Server Security Technical Implementation Guide | 2013-07-25 |
Details
| Check Text ( C-WN12-GE-000011_chk ) |
|---|
| Determine if virtual guest operating systems have been registered in a vulnerability and asset management system as separate assets. If they have not, this is a finding. If no virtual guest operating systems exist, this is NA. |
| Fix Text (F-WN12-GE-000011_fix) |
|---|
| Establish site policy to register all virtual guest operating systems as separate assets in a vulnerability and asset management system. |