UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

There is no VirtualCenter baseline configuration document for users, groups, permissions, and roles.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15879 ESX0800 SV-16820r1_rule ECSC-1 Medium
Description
When pairing users or groups with permissions to an object, a role is defined for users and groups. There are two default roles defined in VirtualCenter called System roles and Sample roles. System roles are permanent and the permissions associated with these roles cannot be changed. Sample roles are provided for convenience as guidelines and suggestions. These roles may be modified or removed. VirtualCenter situations may arise where a user is a member of multiple groups with different permissions or user permissions are explicitly defined when the user is a member of different groups. These situations can create confusion and permissions that were thought to be limited might actually be elevated. Furthermore, all changes take affect immediately not requiring users to log off and log back in. Therefore, all users, groups, permissions, and roles will be documented and approved to ensure proper permissions are granted only to authorized users.
STIG Date
VMware ESX 3 Policy 2016-05-03

Details

Check Text ( C-16237r1_chk )
Request a copy of the baseline configuration document for all VirtualCenter users, groups, permissions, and roles. If the document is incomplete or does not exist, this is a finding.
Fix Text (F-15839r1_fix)
Create a baseline configuration document for all VirtualCenter users, groups, permissions, and roles.