Users assigned to VirtualCenter groups are not documented.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15875 | ESX0760 | SV-16816r1_rule | ECSC-1 | Low |
| Description |
|---|
| Ensuring privileged group membership is controlled requires updates to group documentation, and periodic reviews to determine that unauthorized users are not members. If an unauthorized user is able to gain membership to the Database Administrator group, Virtual Machine Administrator group, or the Resource Administrator group, etc., that user would be able to display, add, or change permissions to objects that could impact the confidentiality, integrity, or availability of an entire virtualization structure. |
| STIG | Date |
|---|---|
| VMware ESX 3 Policy | 2016-05-03 |
Details
| Check Text ( C-16233r1_chk ) |
|---|
| Request a copy of the VirtualCenter group documentation listing the users in the following groups: Database Administrators, Virtual Machine Administrators, Resource Pool Administrators, ESX Administrators, Virtual Machine Power Users, and All Custom Roles If documentation can not be produced, this is a finding. Compare the documentation to the actual users assigned in the groups. If there are discrepancies, this is a finding. |
| Fix Text (F-15835r1_fix) |
|---|
| Document all the users assigned to all VirtualCenter groups. |