VMware ESX 3 Virtual Machine

Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMware ESX 3 Virtual Machine

Overview

Version	Date	Finding Count (7)			Downloads
1	2016-05-03	CAT I (High): 2	CAT II (Med): 5	CAT III (Low): 0	Excel	JSON	XML

STIG Description
The VMware ESX 3 Virtual Machine Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.stig_spt@mail.mil.

Available Profiles

Classified	Public	Sensitive
I - Mission Critical Classified	I - Mission Critical Public	I - Mission Critical Sensitive	II - Mission Support Classified	II - Mission Support Public	II - Mission Support Sensitive	III - Administrative Classified	III - Administrative Public	III - Administrative Sensitive

Findings (MAC I - Mission Critical Sensitive)

Finding ID	Severity	Title	Description
V-15926	High	Guest operating system is not supported by ESX Server.	The guest OS on the ESX Server must be supported by VMware. Guest OS will need to be approved by VMware so that if problems are encountered with the guest OS, VMware can assist with the...
V-68727	High	VMware ESX virtual machines that are no longer supported by the vendor for security updates must not be installed on a system.	VMware ESX operating systems, virtual machines, and associated management software that are no longer supported by VMware for security updates are not evaluated or updated for vulnerabilities...
V-15931	Medium	Anti-virus software and signatures are out of date for “off” and “suspended” virtual machines	Creating new virtual machines is as easy as copying a file. Copying files is a quick and efficient way to rollout new virtual machines. Virtual machines can grow at an explosive rate and really...
V-15932	Medium	OS patches and updates are out of date on “off” and “suspended” virtual machines.	Virtual machines create a condition where they may be on, off, or suspended. The requirement that machines be on in a conventional approach to patch management, virus and vulnerability scanning,...
V-15924	Medium	Guest OS selection does not match installed OS.	Selecting the correct guest OS for each virtual machine is important. ESX Servers optimize certain internal configurations on the basis of this selection. For this reason, it is important to set...
V-17043	Medium	Virtual machines are not configured with the correct posture in VMS.	Correctly configuring virtual machine assets in VMS will ensure that the appropriate vulnerabilities are assigned to the asset. If the asset is not configured with the correct posture,...
V-15921	Medium	Unused hardware is enabled in virtual machines.	Virtual machines can connect or disconnect hardware devices. These devices may be network adapters, CD-ROM drives, USB drives, etc. Attackers may use this capability via non-privileged users or...