Anti-virus software and signatures are out of date for “off” and “suspended” virtual machines
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15931 | ESX1200 | SV-16873r1_rule | Medium |
| Description |
|---|
| Creating new virtual machines is as easy as copying a file. Copying files is a quick and efficient way to rollout new virtual machines. Virtual machines can grow at an explosive rate and really tax the security systems of an organization. Many administrative tasks may be automated, but some upgrades and patches require manual tools. For instance, virtual machines may need to be patched, scanned, and purged in response to a virus or worm attack on the network. Therefore, to protect against potential virus and spyware infections, all off and suspended virtual machines will have the latest up-to-date anti-virus software and signatures. |
| STIG | Date |
|---|---|
| VMware ESX 3 Virtual Machine | 2016-05-03 |
Details
| Check Text ( C-16279r1_chk ) |
|---|
| Work with the OS reviewer to determine if the requirement is being met. 1. Login to VirtualCenter with the VI Client and select a “suspended” or “off” virtual machine. 2. Turn on the virtual machine and have the IAO/SA login. 3. Obtain the running virus engine and signatures from guest OS and compare this with the latest virus engine and signatures released from the JTG-GNO. URL for JTG-GNO is https://www.jtfgno.mil/antivirus/av_info.htm. If the signature or engine is older than the latest release, this is a finding. |
| Fix Text (F-15877r1_fix) |
|---|
| Apply the latest virus updates for all “off” and “suspended” virtual machines. |