The vAMI sfcb server certificate must only be accessible to authenticated system administrators or the designated PKI Sponsor.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-90271	VRAU-VA-000635	SV-100921r1_rule		Medium

Description
An asymmetric encryption key must be protected during transmission. The public portion of an asymmetric key pair can be freely distributed without fear of compromise, and the private portion of the key must be protected. The application server will provide software libraries that applications can programmatically utilize to encrypt and decrypt information. These application server libraries must use NIST-approved or NSA-approved key management technology and processes when producing, controlling, or distributing symmetric and asymmetric keys.

Description

An asymmetric encryption key must be protected during transmission. The public portion of an asymmetric key pair can be freely distributed without fear of compromise, and the private portion of the key must be protected. The application server will provide software libraries that applications can programmatically utilize to encrypt and decrypt information. These application server libraries must use NIST-approved or NSA-approved key management technology and processes when producing, controlling, or distributing symmetric and asymmetric keys.

STIG	Date
VMW vRealize Automation 7.x vAMI Security Technical Implementation Guide	2018-10-12

Details

Check Text ( C-89963r1_chk )
At the command prompt, execute the following command: ls -l /opt/vmware/etc/sfcb/server.pem If permissions on the certificate file is not -r--r----- (440), this is a finding.

Fix Text (F-97013r2_fix)
At the command prompt, enter the following command: chmod 440 /opt/vmware/etc/sfcb/server.pem