UCF STIG Viewer Logo

The vCenter Server for Windows must limit the use of the built-in SSO administrative account.


Overview

Finding ID Version Rule ID IA Controls Severity
V-216833 VCWN-65-000010 SV-216833r612237_rule Medium
Description
Use of the SSO administrator account should be limited as it is a shared account and individual accounts must be used wherever possible.
STIG Date
VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide 2021-06-23

Details

Check Text ( C-18064r366213_chk )
Verify the built-in SSO administrator account is only used for emergencies and situations where it is the only option due to permissions.

If the built-in SSO administrator account is used for daily operations or there is no policy restricting its use, this is a finding.
Fix Text (F-18062r366214_fix)
A policy should be developed to limit the use of the built-in SSO administrator account.