UCF STIG Viewer Logo

VMware ESX 3 Virtual Center


Overview

Date Finding Count (41)
2016-05-03 CAT I (High): 4 CAT II (Med): 33 CAT III (Low): 4
STIG Description
The VMware ESX 3 Virtual Center Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Classified)

Finding ID Severity Title
V-15815 High The MAC Address Change Policy is set to “Accept” for virtual switches.
V-68725 High VMware ESX management software that is no longer supported by the vendor for security updates must not be installed on a system.
V-15817 High Forged Transmits are set to “Accept” on virtual switches
V-15818 High Promiscuous Mode is set to “Accept” on virtual switches.
V-15873 Medium VI Web Access sessions with VirtualCenter are unencrypted.
V-15792 Medium Static discoveries are not configured for hardware iSCSI initiators.
V-15860 Medium Patches and security updates are not current on the VirtualCenter Server.
V-15866 Medium VirtualCenter virtual machine does not have a memory reservation.
V-15864 Medium VirtualCenter virtual machine is not configured in an ESX Server cluster with High Availability enabled.
V-15865 Medium VirtualCenter virtual machine does not have a CPU reservation.
V-15869 Medium Unauthorized users have access to the VirtualCenter virtual machine.
V-15880 Medium VirtualCenter does not log user, group, permission or role changes.
V-15806 Medium Virtual machines are connected to public virtual switches and are not documented.
V-15807 Medium Virtual switch port group is configured to VLAN 1
V-15802 Medium The service console and virtual machines are not on dedicated VLANs or network segments.
V-15975 Medium VirtualCenter Server assets are not properly registered in VMS.
V-15808 Medium Virtual switch port group is configured to VLAN 1001 to 1024.
V-15809 Medium Virtual switch port group is configured to VLAN 4095.
V-15789 Medium CHAP authentication is not configured for iSCSI traffic.
V-15788 Medium iSCSI VLAN or network segment is not configured for iSCSI traffic.
V-15786 Medium There is no dedicated VLAN or network segment configured for virtual disk file transfers.
V-15785 Medium VMotion virtual switches are not configured with a dedicated physical network adapter
V-15871 Medium No logon warning banner is configured for VirtualCenter users.
V-15870 Medium No dedicated VirtualCenter administrator created within the Windows Administrator Group on the Windows Server for managing the VirtualCenter environment.
V-15899 Medium Test and development virtual machines are not logically separated from production virtual machines.
V-15872 Medium VI Client sessions with VirtualCenter are unencrypted.
V-15897 Medium Virtual machines are not time synchronized with the ESX Server or an authoritative time server.
V-15895 Medium The VMware Tools setinfo variable is enabled for virtual machines.
V-15894 Medium VMware Tools drag and drop capabilities are enabled for virtual machines.
V-15893 Medium Clipboard capabilities (copy and paste) are enabled for virtual machines.
V-15890 Medium Nonpersistent disk mode is set for virtual machines.
V-15984 Medium VirtualCenter Server assets are not configured with the correct posture in VMS.
V-15859 Medium VirtualCenter server is hosting other applications such as database servers, e-mail servers or clients, dhcp servers, web servers, etc.
V-15813 Medium Virtual switch labels begin with a number.
V-15812 Medium Virtual switches are not labeled.
V-15810 Medium Port groups are not configured with a network label.
V-17020 Medium VirtualCenter is not using DoD approved certificates.
V-15867 Low VirtualCenter virtual machine CPU alarm is not configured.
V-15868 Low VirtualCenter virtual machine memory alarm is not configured.
V-15803 Low Notify Switches feature is not enabled to allowfor notifications to be sent to physical switches.
V-15896 Low Configuration tools are enabled for virtual machines.