UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

ESX Server is not properly registered in VMS.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15973 ESX0863 SV-16915r1_rule VIVM-1 Medium
Description
The Vulnerability Management System (VMS) was developed to interface with the DOD Enterprise tools to assist all DOD CC/S/As in the identification of security vulnerabilities and track the issues through the lifecycle of the vulnerabilities existence. To ensure both the emerging and known vulnerabilities are addressed on a system, VMS tracks the existence of all potential vulnerabilities based on the posture of an asset. As a result, all vulnerabilities are tracked through their lifecycle. Vulnerability Management is the process of ensuring that all network assets that are affected by an IAVM notice are addressed and corrected within a time period specified in the IAVM notice. VMS will notify commands, services, and agencies of new and potential security vulnerabilities. VMS meets the DoD mandate to ensure information system vulnerability alert notifications are received and acted on by all SAs. Keeping the inventory of assets current allows for tracking of virtualization servers and resources, and supports a successful IAVM process. The ability to track assets improves the effective use of virtualization assets, information assurance auditing efforts, as well as optimizing incident response times.
STIG Date
VMware ESX 3 Server 2016-05-13

Details

Check Text ( C-16604r1_chk )
Use VMS and navigate to the site’s assets. Ensure the ESX Server(s) are registered within VMS. If they are not registered, this is a finding.
Fix Text (F-15972r1_fix)
Register ESX Servers in VMS.