UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Anti-virus software and signatures are out of date for “off” and “suspended” virtual machines


Overview

Finding ID Version Rule ID IA Controls Severity
V-15931 ESX1200 SV-16873r1_rule Medium
Description
Creating new virtual machines is as easy as copying a file. Copying files is a quick and efficient way to rollout new virtual machines. Virtual machines can grow at an explosive rate and really tax the security systems of an organization. Many administrative tasks may be automated, but some upgrades and patches require manual tools. For instance, virtual machines may need to be patched, scanned, and purged in response to a virus or worm attack on the network. Therefore, to protect against potential virus and spyware infections, all off and suspended virtual machines will have the latest up-to-date anti-virus software and signatures.
STIG Date
VMware ESX 3 Virtual Machine 2016-05-03

Details

Check Text ( C-16279r1_chk )
Work with the OS reviewer to determine if the requirement is being met.
1. Login to VirtualCenter with the VI Client and select a “suspended” or “off” virtual machine.
2. Turn on the virtual machine and have the IAO/SA login.
3. Obtain the running virus engine and signatures from guest OS and compare this with the latest virus engine and signatures released from the JTG-GNO. URL for JTG-GNO is https://www.jtfgno.mil/antivirus/av_info.htm. If the signature or engine is older than the latest release, this is a finding.

Fix Text (F-15877r1_fix)
Apply the latest virus updates for all “off” and “suspended” virtual machines.