UCF STIG Viewer Logo

VirtualCenter Server groups are not reviewed monthly


Finding ID Version Rule ID IA Controls Severity
V-15877 ESX0780 SV-16818r1_rule ECAT-1 ECAT-2 Medium
Reviewing the VirtualCenter groups will ensure that no unauthorized users have been granted access to objects.
VMware ESX 3 Policy 2016-05-03


Check Text ( C-16235r1_chk )
Ask the IAO/SA how often the following groups are reviewed on the VirtualCenter Server:

Windows Administrators group,
Database Administrators,
Virtual Machine Administrators,
Resource Pool Administrators,
ESX Administrators,
Virtual Machine Power Users, and
All Custom Roles.

If these groups are not reviewed at least monthly, this is a finding.
Fix Text (F-15837r1_fix)
Review the VirtualCenter groups monthly.