Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IAO/SA does not subscribe to vendor security patches and update notifications.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15845 | ESX0460 | SV-16786r1_rule | ECSC-1 | Low |
| Description |
|---|
| Organizations need to stay current with all applicable ESX Server software updates that are released from VMware. In order to be aware of updates as they are released, virtualization server administrators will subscribe to ESX Server vendor security notices, updates, and patches to ensure that all new vulnerabilities are known. New ESX Server patches and updates should be reviewed in a test environment for the ESX Server before moving them into a production environment. |
| STIG | Date |
|---|---|
| VMware ESX 3 Policy | 2016-05-03 |
Details
| Check Text ( C-16193r1_chk ) |
|---|
| Ask the IAO/SA to provide actual update notification to verify that they are on the subscription list. The email subscription for VMware is security-announce@lists.vmware.com. If no emails or documentation can be provided, this is a finding. |
| Fix Text (F-15799r1_fix) |
|---|
| Subscribe to vendor security and patch notifications. |