|Finding ID||Version||Rule ID||IA Controls||Severity|
|As virtual machines replace real hardware they can undermine the security architecture of many organizations which often assume predictable and controlled change number of hosts, host configurations, host locations etc. Some useful mechanisms that virtual machines provide are copying or sharing virtual machine hard disks. Copying or sharing virtual machine hard disks can be done over networks and removable media. Typically, test and development virtual machines will be moved and updated more frequently than production virtual machines. There will be a policy in place to restrict the copying and sharing of production virtual machines over networks and removable media to ensure that administrators do not give unauthorized users access to the virtual machine files.|
|VMware ESX 3 Policy||2016-05-03|
|Check Text ( C-16260r1_chk )|
| Request a copy of the policy restricting virtual machine sharing and copying over networks and removable media. If no policy exists, this is a finding. |
Caveat: This is not applicable to snapshot backups, disaster recovery virtual machines, test and development virtual machines, and clustered virtual machines.
|Fix Text (F-15861r1_fix)|
|Develop a policy that prohibits virtual machine sharing and copying over networks and removable media.|