UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMware Automation 7.x Application Security Technical Implementation Guide


Overview

Date Finding Count (8)
2023-09-12 CAT I (High): 2 CAT II (Med): 6 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Sensitive)

Finding ID Severity Title
V-258450 High The version of vRealize Automation application running on the system must be a supported version.
V-239845 High vRA must enable FIPS Mode.
V-239849 Medium The application server must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
V-239848 Medium The vRealize Automation security file must be restricted to the vcac user.
V-239846 Medium The vRealize Automation application must be configured to a 15 minute of less session timeout.
V-239847 Medium The vRealize Automation server must be configured to perform complete application deployments.
V-239851 Medium The vRealize Automation appliance must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.
V-239850 Medium The application server must use DoD- or CNSS-approved PKI Class 3 or Class 4 certificates.