Production virtual machines are not located in a controlled access area.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15904 | ESX1080 | SV-16846r1_rule | Medium |
| Description |
|---|
| Virtual machines may contain an aggregate of sensitive and non-sensitive data. If this data is not located in a controlled access area, unauthorized users may gain access to the virtual machines and have access to the data. This access may result in the loss of privacy and data theft. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-16264r1_chk ) |
|---|
| Review the location of the virtual machines. Ensure that authorized users are required to verify their identity and authority before gaining access to the virtual machines. If the virtual machines are not located in a controlled access area, this is a finding. |
| Fix Text (F-15865r1_fix) |
|---|
| Place all virtual machines in a controlled access area. |