UCF STIG Viewer Logo

VMware Automation 7.x Application Security Technical Implementation Guide


Date Finding Count (7)
2018-10-12 CAT I (High): 1 CAT II (Med): 6 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-89125 High vRA must enable FIPS Mode.
V-89127 Medium The vRealize Automation application must be configured to a 15 minute of less session timeout.
V-89129 Medium The vRealize Automation server must be configured to perform complete application deployments.
V-89131 Medium The vRealize Automation security file must be restricted to the vcac user.
V-89133 Medium The application server must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
V-89135 Medium The application server must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.
V-89137 Medium The vRealize Automation appliance must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.